Skip to content

Mantle 2.0 Guide: User Management

Overview

User management in Mantle 2.0 controls who can sign in, what they can change, and which groups or workflows they can access. A consistent RBAC model keeps teams productive without exposing sensitive resources or platform-level controls.

Use this guide when you need to:

  • Understand the role model used across Mantle 2.0
  • Create and manage local user accounts
  • Reset or change passwords
  • Map operators to the smallest required permission set
  • Align local and directory-backed identity practices

1. RBAC Model

Mantle uses a role-based access control model with a mix of platform-wide and group-scoped permissions. The exact labels may vary slightly by deployment, but the boundary pattern is consistent:

  • Global or platform administrators manage appliance-wide settings, user lifecycle, and shared resources
  • Group administrators manage users, assets, and workflows within assigned groups
  • Standard operators run day-to-day workflows inside approved boundaries
  • View-only users can review data without initiating change

This separation lets one environment support engineering teams, operators, and auditors without giving every user full administrative control.

2. Role Guidance

Use the smallest role that still allows the user to complete their task:

Role Boundary Typical Responsibilities
Global Admin / Admin Manage users, assets, groups, nodes, provisions, and platform settings
Group Admin Manage membership, group assets, and workflow operations inside assigned groups
Standard / User Execute day-to-day workflows and access assigned resources
View Only Read inventories, status, and history without making changes

Operationally:

  • Use administrator roles sparingly
  • Prefer group-scoped administration over global administration when possible
  • Give audit or leadership users read-only access rather than shared admin accounts

3. Create a Local User

  1. Open Users from the left navigation. Users tab in the global navigation
  2. Click Add User. Add User button on the user list
  3. Enter the display name, email address, and role required for the account.
  4. Review the generated temporary password and deliver it through a secure channel. Auto-generated password panel

Tip: Store temporary credentials in a secure workflow before closing the dialog. If the password is lost, you will need to reset it.

4. Change or Reset a Password

  1. Select the user from the Users grid. Selecting a user from the list
  2. Choose Change Password from the detail view. Change Password button on user detail
  3. Enter and confirm the new password, then save. Confirming the new password submission

Use password resets for onboarding recovery, lost credentials, or policy-driven rotations. Encourage users to sign in immediately after a reset and verify access.

5. Local and Directory-Backed Accounts

Mantle can support both local users and LDAP-backed identities:

  • Local accounts are useful for labs, air-gapped kits, or break-glass administration
  • Directory-backed accounts fit environments that already manage identity centrally

Regardless of identity source, keep RBAC assignments simple and consistent. Directory integration should reduce account sprawl, not replace role discipline.

6. Operating Guidance

Use these practices to keep user management aligned with the rest of the platform:

  1. Create named accounts for every operator instead of sharing credentials.
  2. Keep global administrators to a minimum.
  3. Use group-scoped administration whenever a team only owns one portion of the environment.
  4. Review memberships and role assignments on a regular schedule.
  5. Remove or disable accounts as part of offboarding.

Next Steps

After accounts and roles are in place:

  1. Use Group Management to assign users to the correct operational boundary.
  2. Use Asset Management to align asset ownership with those same groups.
  3. Return to Getting Started if you are still establishing the initial admin, group, and asset baseline on a new appliance.