Skip to content

Latest commit

 

History

History
130 lines (74 loc) · 7.03 KB

File metadata and controls

130 lines (74 loc) · 7.03 KB

Access Control To In-House Databases

Overview

ℹ️ These instructions relate to the current 4.3.0 release

To create accounts users have two options:

  1. Using single sign-on - see Single Sign On (SSO).
  2. Using form based registration - documented below.

The first user to register will be set as the admin and they have the ability to grant admin rights to other users; there is no limit on the number of admin accounts allowed.

Users with administrator rights will have the ability to see functionality in the Settings section: Manage users, Manage groups and Manage databases. Users without these rights will only see options for searching databases in the WebCSD section: Simple Search and CSD-Theory Web (if applicable).

By default all non-admin users start with no access to any in-house databases but will be able to see and search the CSD; by contrast users with admin rights are able to see all databases. Users who are not logged in cannot access any databases.

Note: Users will be required to log in to WebCSD by clicking the Sign In button at the top-right of the WebCSD page after they have logged in to the initial Lattice home page. This second log in will not require the user to re-add their username and password, but by clicking the Sign In button, the user's credentials are passed to the WebCSD search engine.

Use of the Manage users plugin

The Manage Users plugin gives the ability to reset a password, grant administrator rights or delete the user from the system

Use of the Manage groups plugin

To make it easier to grant access rights to users, the Manage groups plugin allows an administrator to add many individual users to a single group. Access to in-house databases is then granted to this group of users, rather than having to assign permissions individually. A new group can be created by selecting the Add new group button, at which point there are options to give a group name and description. Users can then be added or removed from this group by selecting it in the Manage groups plugin in future.

Access control to in-house databases

Having admin rights gives the ability to add, update or delete any in-house databases from the Manage databases plugin. To grant access to other users, the Database management plugin contains the option to add groups to each database (using the padlock icon next to the database). All users are automatically included in an 'Everyone' group; should user-level access control not be required, ensure each database has this group selected. Alternatively, different user groups can be selected on a per-database level, allowing the ability to control access to all structures.

ℹ️ The User management instructions below refer to the earlier 4.2.1 release

User management (Admin)

  1. Navigate to the User Admin section via WebCSD or the New Lattice Platform.

    image

  2. Go to Databases tab. Here you can see an index assigned to each database which is taken from the container configuration.

    image

  3. Go to Roles tab. Here you can see the name of available roles and indices of the databases accessible for the users with this role.

    image

  4. You can add a new role by entering its name into the relevant field and clicking Add New Role.

    image

  5. You can click on the Edit button to the right of each role and tick those databases which you want to make available for the users with this role. Click on Submit when all the relevant databases are selected.

    image

  6. You can assign roles separately for each user or in a bulk manner (described in the next section). To assign role(s) to one user, go to Users and click Manage roles to the right of their email.

    image

Bulk user management (Admin)

  1. Navigate to the User Admin section via WebCSD or the New Lattice Platform.

    image

    image

  2. Select Bulk Change Users.

    image

  3. Create a CSV file with user data in the following format.

    FirstName,LastName,EmailAddress,Roles
    Joe,Bloggs,joe@joe.com,"Basic"

    You should then have a file that looks something like this:

    image

  4. Select Bulk Change CSV File to upload the populated CSV file and hit the Upload Bulk Change CSV File button to upload and validate the provided user details.

  5. Validation results will be displayed. If any errors are found, you'll be alerted to make the necessary corrections and re-upload the file.

    File with failed validation:

    image

    File with successful validation:

    image

  6. After carefully reviewing the user data, click Submit User Changes to finalize the bulk registration/change process.

  7. Download the generated report by clicking on the Export User List to Excel button. This contains the initial passwords for the created accounts. You will not be able to access this later.

FAQs

What fields are required on the CSV template file? Only the Email address and Roles are required.

What happens when a user already exists? The User’s role(s) would be updated (see below)

image

I forgot to download the final report containing the user passwords, what do I do? Admin would have to reset/change each user's password manually.

Can I update existing users' roles in bulk as well? Yes, populate the CSV file with the users Email address and their respective updated Roles, upload and the system will automatically update their roles.

Disabled Local Authentication

Your site admin, based on company policy, may decide to restrict users to sign in to the application using only SSO, and hence can disable the option to sign in locally with a username and password.

Changes from the 4.3.0 release

For earlier versions of the On-Site platform it was possible to disable all user access control. This ability has now been removed due to additional functionality granted to users with administrator rights.