Users are created and managed in the System Administration interface. There are three primarily roles a user can take (and normal users can be further restricted):
Types of User
- Administrator: an administrator user can access all functionality
- Power User: power users can create and edit notes/tests but cannot view the administrator interface
- Normal User: normal users can only read/view node and test information
Also a user may be disabled and then will be unable to logon at all.
From version 1.17 there is an extended set of options available in the user manager. This allows normal users (it makes no difference to power users or administrators) to be restricted to only seeing nodes within specific groups - check the "Lock User to Groups" option and then select which group(s) the user is allowed to see.
When restricted in this fashion on login the user will see a limited set of options and be taken straight to the node overview page. The interface presentation including alerts, live monitor, node lists etc will only show those groups (and nodes within groups) the user is allowed to see.
Security (OR LACK THEREOF!): please note this really is intended to make the interface cleaner and avoid confusion. Although the most common ways of accessing node data are protected this is not completely true and a full audit hasn't been done - so a skilled user would be able, especially reading the source code, to probably find a way to get some node or test information from a node outside their groups in the interface. Further the Data API and the Graph generator are not secured. This feature is to make life easier and interfaces cleaner, not to ensure security. The best option for that is to run a different install (perhaps with Docker).