Administrative Dashboard
Posit Workbench includes an administrative dashboard with the following features:
- Monitoring of active sessions and their CPU and memory utilization;
- The ability to suspend, forcibly terminate, or assume control of any active session;
- Historical usage data for individual Workbench users (session time, memory, CPU, logs);
- Historical system statistics (CPU, memory, active sessions, system load); and
- Searchable Workbench server log (view all messages or just those for individual users)
- The ability to lock users, preventing them from signing in to Workbench
The dashboard can be an invaluable tool in understanding Workbench server usage and capacity as well as to diagnose and resolve problems.
Note that at this time, historical monitoring is not available for sessions spawned via the Job Launcher.
Enabling the dashboard
The administrative dashboard is accessed at the following URL:
<server-address>/admin http://
The administrative dashboard is disabled by default. To enable it you set both the admin-enabled
and admin-group
options. The admin-group
is a requirement for giving users administrative access. For example:
/etc/rstudio/rserver.conf
admin-enabled=1
admin-group=rstudio-admins
You can specify a single group as the above example does or a comma-delimited list of groups. For example:
/etc/rstudio/rserver.conf
admin-group=server-admins,rstudio-admins,domain-admins
Note that changes to the configuration will not take effect until the Workbench server process is restarted.
Administrator superusers
You can further designate a certain user or group of users as administrative “superusers”. Superusers have the following additional privileges:
- Suspend or terminate active sessions
- Assume control of active sessions (e.g. for troubleshooting)
- Login to Workbench as any other user
Administrative superusers do not have root privilege on the system, but rather have a narrow set of delegated privileges that are useful in managing and supporting Workbench. You can define the users with this privilege using the admin-superuser-group
setting. For example:
/etc/rstudio/rserver.conf
admin-superuser-group=rstudio-superuser-admins
Note that as with the admin groups above, you can specify a single group as the above example does or a comma-delimited list of groups. For example:
/etc/rstudio/rserver.conf
admin-superuser-group=rstudio-superuser-admins,domain-admins
Changes to the configuration will not take effect until the Workbench server process is restarted. Admin superusers can also be added via the command line. See Adding users to the user database.
User impersonation restrictions
The ability to login as other users and assume control of existing sessions is not available if you are authenticating with SAML SSO, Google Accounts, OpenID, or Proxied Authentication. This is because these authentication mechanisms use a different user-identity mechanism which isn’t compatible with the way that user session impersonation is implemented.
Workbench log time zone
You can control the time zone in which the Workbench server logs are displayed in the admin dashboard by the use of the admin-monitor-log-use-server-time-zone
option. For example:
/etc/rstudio/rserver.conf
admin-monitor-log-use-server-time-zone=1
Setting this option to 1
will display the Workbench server logs in the system’s time zone. The default value of 0
will display the log times in UTC.
Licensing considerations
If you have been granted a license which has a limit on the total number of users that may use Workbench (i.e. named user licensing), you will need to control user access to Workbench. Each unique user that signs in to Workbench will count against your available user limit. If too many users sign in and attempt to use Workbench, new users will be denied, as the license limit will be reached.
If this occurs, please contact sales@posit.co to purchase additional users.
For more information on licensing, see License management.