Access rules
If you need to restrict someone's access to the licenses, or you have prioritized users, who should get a license even if all licenses on the server are taken, the License Vault administrator can configure Access Rules. When a user wants to obtain a license, the IDE sends a request to License Vault. This request is compared to the set of Rules defined by the License Vault administrator, and a license is either granted or rejected.
To configure Access Rules, the License Vault administrator should create Rules from License Vault dashboard. Each Rule consists of a user group and a list of licenses to which the user group has access:
A User group is a list of users with JetBrains Hub usernames or a JetBrains Hub group. License Vault suggests selecting only usernames or group names from your Configured JetBrains Hub. If License Vault doesn't recognize a username or a group name, check if such a name exists in JetBrains Hub.
Licenses are JetBrains single licenses or license packs. For example, the License Vault administrator can configure access to both All Products Pack and single product licenses like IntelliJ IDEA. License Vault suggests selecting only licenses located on the Server.
Dashboard
To investigate the functionality of License Vault Rules, let's see the License Vault dashboard. There are two main sections: Rules and Priorities, which are located under two corresponding tabs.
Rules functionality:
The list of Rules: each of them consists of the Name with a short description, Enabled? - status of the Rule, Author, and Last modified parameter. The menu button on the right side leads to the Rules managing options.
The checkbox configures whether users not mentioned in the Rules are allowed to get licenses. For example, there's no rule for a "Test group", or it's disabled. If the checkbox is filled, then the "Test group" is allowed to use licenses without restrictions. Otherwise, the "Test group" is forbidden from using any license.
The Add Rule button leads to the Rule creating wizard. See Adding Rules.
The Test User/Group button leads to the wizard for testing how rules match the users with licenses.
Priorities functionality:
The list of Priorities: The Type (personal or group) and User or group parameters. The menu button on the right side allows you to Edit or Remove the Priority.
Quick search by username or product.
The Edit Priorities button leads to the Editing Priorities wizard. See To add or remove a prioritized user.
Adding Rules
Let's consider the procedure of creating a new Rule.
Add Rule
Go to the License Vault dashboard | Rules and click the Add Rule button from the Rules tab.
Configure the Rule parameters: name, affected users, and licenses.
Go to the Define Users tab. Name the Rule and define the user group to which the Rule should be applied. Check that usernames match the names from the JetBrains Hub.
Go to the Limit Products tab. Choose licenses you configure access to.
Go to the Check Rule tab and check if the Rule works correctly in comparison to the other rules. Define the user's name and select the products you want to test access to. Turn on the Enable toggle if it's disabled to apply the new Rule.
From the Result tab, you can see if the access was granted. While in the Related Rules tab there's a list of all Rules applied to this user.
Crossed Rule means that it's disabled. The User from the example above is affected by two rules, both are allowing access.
Click the Finish & Save Rule button to save the Rule or Discard Changes to remove the created Rule.
Managing Rules
License Vault administrator can edit, remove Rules, and perform other actions. To find them, click the menu button next to the Rule. This is the list of all supported actions:
Option | Description |
|---|---|
Edit | Edits the Rule via the wizard similar to the adding one. |
Copy | Makes a copy of the Rule. |
Test User/Group | Tests how a certain user or a group is affected by the Rule. |
Remove | Removes the Rule. This action cannot be undone. |
To enable or disable the Rule, switch the Enable toggle button. The disabled Rule's name becomes crossed to contrast to enabled ones.
Adding prioritized users
Add users or user groups to the priority list to ensure they can get licenses even if you reach maximum license capacity.
How distribution priority works
As long as License Vault has enough licenses for everyone, prioritized users are treated the same as everyone else.
Priority settings start working when all of the licenses are taken. In this case, License Vault denies requests from non-prioritized users. However, if a prioritized user requests a license, License Vault revokes one from a non-prioritized user and transfers it to the prioritized user.
Whose license will License Vault revoke?
License Vault picks a non-prioritized user at random to revoke their license. The selection mechanism varies slightly depending on your usage plan:
With Organization True-Up, License Vault first checks for licenses that are allocated to users but not currently in use, and revokes the first one it finds. If all of the licenses are in use, License Vault revokes a license from a randomly selected non-prioritized user.
With Enterprise Floating, License Vault always revokes a license from a randomly selected non-prioritized user.
Can License Vault deny a license request from a prioritized user?
A prioritized user's request can only be denied in one of the following cases:
License Vault has no licenses that match the user's request. For example, if the License Vault administrator only added PyCharm licenses, and the user requests a license for CLion.
All of the licenses that match the user's request are already taken by other prioritized users.
Rules prohibit that this user obtains the requested licence. Priority does not override rule restrictions.
To add or remove a prioritized user
Go to Dashboard | Rules | Priorities and click Edit Priorities.
Define the names of priority users and groups in the field. Check that names match the names from the JetBrains Hub.
Click Save Priorities to save the priorities or Discard Changes to cancel the Priority edits.