WebApps:UserAdministration: Difference between revisions

From CoPlanner 10
Jump to navigationJump to search
← Older edit
VisualWikitext
further translation
Language link corrected
 
(16 intermediate revisions by the same user not shown)
Line 10: Line 10:


= Invocation =
= Invocation =
<WebAppUrl des Servers (das + durch Servername/IP Adresse ersetzt)>/useradministration
<WebAppUrl of server (replace "+" with Servername/IP address)>/useradministration


Zum Beispiel:
Example:


<nowiki>https://server:4443/coplanner/useradministration</nowiki>
<nowiki>https://server:4443/coplanner/useradministration</nowiki>




Aufrufe über z.B. Tiles sollten mit der Session-Variable @Session_WebAppUrl@ gemacht werden. z.B.:
 
Invocation with e.g. Tiles should be done with Session-Variable @Session_WebAppUrl@. e.g.:


@Session_WebAppUrl@/useradministration
@Session_WebAppUrl@/useradministration


===Erweiterter Aufruf===
===Extended Invocation===


:* hideSessionHeader: Definiert, ob der [[WebApps:Header|Header]] angezeigt werden soll oder nicht (true blendet [[WebApps:Header|Header]] aus). Der Default beim Öffnen ist false.
:* hideSessionHeader: Defines if the session header should be visible or not (true fades out the Session-Header). Default while opening is false.


=Menu=
=Menu=
Line 78: Line 79:
'''Role membership'''
'''Role membership'''


Aus dem Baum links können via Drag-and-drop die Benutzerrollen unter dem Suchfeld hineingezogen werden. Mit dem roten x können Zuordnungen wieder entfernt werden.
User roles can be drag and dropped into the Role membership section on the right side below the search window. The role assignments can be deleted with the red x.  
{| {{Bausteindesign1}}
{| {{Bausteindesign1}}
|-
|-
Line 111: Line 112:
|}
|}
==Permissions==
==Permissions==
Die Berechtigungen gliedern sich in die gemeinsamen Objekte, die Szenarien und alle Dimensionen/Subsets.
The permissions are seperated into Shared Objects, Scenarios and all dimensions/subsets.  


Auf gemeinsame Objekte können nur Leserechte vergeben werden. Bei den Szenarien können Lese- und Schreibrechte vergeben werden. Hier scheinen keine Defaulteinstellungen auf, da diese über die erste Seite der Rolle definiert wird.
The shared objects are read only. The scenarios can be set to read and write. The default values are not shown here they are getting defined over the first page of the roles.


In der Übersicht signalisiert
Explanation of the overview:
:* ein grünes Häckchen: das Recht ist für alle Elemente gesetzt
:* green checkmark: the permission is set for all elements
:* ein gelbes Häckchen: das Recht ist für einen Teil der Elemente gesetzt. Ein Tooltip zeigt die Anzahl an, wieviele von wievielen hier vergeben sind.
:* yellow checkmark: the permission is set for only for some of the elements. The tooltip shows how many are available.  
:* ein rotes Häckchen: das Recht ist für kein Element gesetzt
:* red checkmark: the permission is not set for any element


Bei den Dimensionen kann man zusätzlich zu den Lese- und Schreibrechten auch noch den Standard für diese Dimension für neue Elemente ändern. Ändert man das z.B. von Lesen auf Schreiben, dann können Benutzer dieser Gruppe automatisch auf neu angelegte Dimensionselemente in dieser Struktur schreiben. Bei bestehenden Elementen bleiben die bestehenden Einstellungen auch bei einem Wechsel unverändert.
Additionally to the Read and Write permissions for dimensions also the default for new elements can be defined. If that is for example changed from read to write, users of this role can automatically write onto newly created dimension elements of this structure. Exisiting elements remain unchanged.  


Mit dem Klick auf den Dimensionsnamen öffnet sich eine Detailansicht der Struktur, auf welcher die Rechte für einzelne Dimensionselemente geändert werden können. Um die gesamte Substruktur zu ändern, klicken Sie auf den Elementnamen und dem entsprechenden Symbol oben neben dem Suchfeld.
A click onto the dimensions name opens a detailview of the structure in which the permissions for every dimensionelement can be modified. In order to change the whole substructure, please click onto elementname and the corresponding symbol next the the search field.  


= Further menus/functions =
= Further menus/functions =


== User Import from the Active Directory ==
== Active Directory Import ==
Das Menü kann über den Button [[Datei:Web ADImport.PNG|22x22px]] in der seitlichen Symbolleiste aufgerufen werden. In CoPlanner können Sie Rollen und Benutzer aus dem „Active Directory“ übernehmen. Nach einem Klick auf das Symbol in der Seitenleiste öffnet das folgende Fenster:
The menu can be accessed over the [[File:Web ADImport.png|21x21px]] in the side tree. With CoPlanner it is possible to import roles and users from the Active directory. When you click onto the symbol the following window opens.
[[Datei:WEB IMPORT AD.png|links|rahmenlos|568x568px]]
[[File:WEBActiveDirectoryImportScreenshot.png|left|595x595px]]
'''Domäne angeben:'''  
'''Domain:'''  


Geben Sie in das Feld „Definieren Sie eine LDAP-Abfrage" die Domain an, aus welcher Gruppen und/oder Benutzer nach CoPlanner importiert werden sollen.
Enter the domain from which you want to import the user roles/users into the field "Define the LDAP request here"


Beispiel wenn die Domain lautet: wien.Firma1.com
Example Domain: wien.company1.com  


Folgende Notation ist zulässig: CN=Users, DC=wien, DC=Firma1, DC=com
Please follow this notation: CN=Users, DC=wien, DC=company1, DC=com  


Ein Klick auf die Schaltfläche laden zeigt die Objekte aus dem „Active Directory“ an.
A click onto the "Load" button shows the objects from the active directory:


'''Domänenbezeichnung bei Benutzern voranstellen:'''
'''Prefix the user with the domain:'''


Diese Option bewirkt, dass beim Import von Benutzern die Domänenbezeichnung aus dem Textfeld vor dem Benutzernamen eingefügt wird.  
By activating this option the name of the domain in the text field will be inserted in front of the user name when importing users.  


'''Rollenzugehörigkeit beibehalten:'''
'''Keep role membership:'''


Aktivieren Sie diese Option, wenn beim Import von Benutzern die Gruppenzugehörigkeit beibehalten werden soll. Anderenfalls werden die Benutzer im CoPlanner unter der Systemgruppe „Jeder“ angelegt.
By activating this option the role membership will be kept when importing users. Otherwise the users will be set up in the system role “everyone”. <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>


== Basic settings <small><small>''(available from CoP 10 HF 3.3)''</small></small>==  
== Basic settings <small><small>''(available from CoP 10 HF 3.3)''</small></small>==  
Das Menü kann über den Button [[Datei:Web Einstellungen Kontursymbol.png|22x22px]] in der seitlichen Symbolleiste aufgerufen werden. Es können hier die Standardzugriffsrechte für neu angelegte Rollen definiert werden.
The menu can be accessed over the [[File:Web Einstellungen Kontursymbol.png.png|21x21px]] button on the left side. The default permissions for new rolres can be set here.


== Permission overview <small><small>''(available from CoP 10 HF 3.3)''</small></small>==
== Permission overview <small><small>''(available from CoP 10 HF 3.3)''</small></small>==
Das Menü kann über den Button [[Datei:Web Useradministration Matrixmaske.png|22x22px]] in der seitlichen Symbolleiste aufgerufen werden. In diesem Menü könnnen Berechtigungen je Rolle/Benutzer/Objekt dargestellt werde. Es werden nur Kombinationen dargestellt die keinen Vollzugriff haben.  
The menu can be accessed over the [[File:WebUseradministrationMatrixmaske.png.png|21x21px]] button on the left side. In this menu the permissions per role/users/objects can be viewed. Only combinations excluding full acecess are shown.


[[Datei:WebUseradministrationBerechtigungsuebersicht.png|rahmenlos|1346x1346px]]  
[[File:WebPermissionOverview.png]]  


'''Zugänglich %:'''  Über diese Spalte wird angezeigt auf wieviel Prozent der Dimensionselemente ein genereller Zugriff (lesend ODER schreibend) besteht.
'''Accessible %:'''  In this column the percentage is of the dimensions elements is shown that are generally accessible (reading or writing).  


'''Lesezugriff %:'''  Über diese Spalte wird angezeigt auf wieviel Prozent der zugänglichen Dimensionselemente Lesezugriff besteht.  
'''Read-only %:'''  In this column the percentage of the accessable elements are shown that the user has read only permissions for.


'''Vollzugriff %:'''  Über diese Spalte wird angezeigt auf wieviel Prozent der zugänglichen Dimensionselement Schreibzugriff besteht.
'''Full access %:'''  In this column the percentage of the accessable elements are shown that the user has writing permissions for.  


Über einen Klick auf die drei Punkte wird ein Detailsatzsprung durchgeführt. Dadurch kann ich mir die einzelnen Elemente der Dimension anzeigen lassen und kann mir zusätzlich einblenden, von welcher Benutzerrolle, der Benutzer die Berechtigung auf dieses Element bekommen hat.  
Through clicking onto the three dots a detail area jump is performed. In the detail area the dimension elements are shown and it is also possible to show from which user role the user got permissions to a specific element.


__NOEDITSECTION__
__NOEDITSECTION__


[[Category:WebApps|Benutzerverwaltung]]
[[Category:WebApps|Benutzerverwaltung]]
[[en:WebApps:User administration]]
[[de:WebApps:Benutzerverwaltung]]

Latest revision as of 16:40, 23 June 2022

Available from CoP 10 HF 3.0

The user administration provides a tool to administrate user roles and users. A user itself has no specific permissions. It receives the permissions by getting assigned to one or more user roles. If a user receives different permission levels from different user roles onto the same alement, writing permissions do always overrule reading permissions and reading permissions always overrule if there is no right onto an element at all. That means: If a user receives write permissions from one user role, but is also assigned to a user role with only reading permissions and also to a user role with no permissions at all, the user is permitted to write onto this element.

System requirements

The requirements can be found here.

Invocation

<WebAppUrl of server (replace "+" with Servername/IP address)>/useradministration

Example:

https://server:4443/coplanner/useradministration


Invocation with e.g. Tiles should be done with Session-Variable @Session_WebAppUrl@. e.g.:

@Session_WebAppUrl@/useradministration

Extended Invocation

  • hideSessionHeader: Defines if the session header should be visible or not (true fades out the Session-Header). Default while opening is false.

Menu

Button Action
Back to last page.
Open/Close of display text of menu.
Checkin-/out
Update of data in the mask
Basic settings for new and imported user roles (available from CoP 10 HF 3.3)
Error creating thumbnail: File missing Open overview of permissions (available from CoP 10 HF 3.3)
Saves all changes
Deletes the selected element
Creates new user role
Creates new user
Import from the Active Directory
Error creating thumbnail: File missing Transfer permissions from one user role to another (available from CoP 10 HF 3.3)

Users

The general settings for users can be set here as well as the assignments to the user roles.

Login options

  • CoPlanner authentification: The user is created in the CoPlanner System. As a consequence also the password will be set in CoPlanner.
  • Windows authentification: The user is also a user within you domain. The password is the same as at the Windows login. It is also possible to logon with a user from another domain/another computer. In this case the credentials have to be entered in the following format: <nameofdomain>\<username>. For example: "mycompanydomain\j.doe". In this case the whole path has to be enterend. The system then tries to logon the user onto that domain.
  • SAML authentification: authentification through SAML

Role membership

User roles can be drag and dropped into the Role membership section on the right side below the search window. The role assignments can be deleted with the red x.

Hint  When a user is not assigned to a user role, it is shown in yellow color. (available from CoP 10 HF 3.3)

User roles

The user roles contain the general settings and the detailed permissions.

General Settings

In addition to the name an the description of the user it can be defined if users of this role are allowed to edit scenarios without changing to the powerUser mode.

New elements settings

In this section the default permission settings for dimension elements can be defined. They can be set to write, read or no access. This settings are getting applied initially after the user role has been saved in the first place. If this setttings are modified later on, they apply only for newly created dimensions. For existing dimensions no permissions and default settings will be changed. For exisiting dimensions please use the "2 - Permissions" section.

Members

Members can be assigned from the sidetree via drag and drop. They can be removed via the red x.

Hint: Multiselection (assignment of multiple users to one role or multiple roles to one user at once) (available from CoP 10 HF 3.3)
 It is possible to assign more than one user to a role at once and vice versa. The following example describes the assignment of multiple users to one role.

1. Mark the user role of your choice in the sidetree.
2. Now press and hold the CTRL Button and click with the mouse onto a user that you want to assign to the role. (It is IMPORTANT to press the CTRL button, because otherwise a new selection will happen and the target role you want to assign the user to is not shown anymore.)
3. It is now possible to add users to your selection through using the SHIFT or CTRL key + Mouseclicks.
4. When you have finished the selection of the users, you can drag and drop to the right into the memberlist of the role.

As an alternative you can just use the treeview on the left. Just mark multiple users of your choice and drag and drop them onto the user role of your choice also on the left side in the treeview.

Hint  When a role has no user assigned to it, it is shown in yellow color. (available from CoP 10 HF 3.3)

Permissions

The permissions are seperated into Shared Objects, Scenarios and all dimensions/subsets.

The shared objects are read only. The scenarios can be set to read and write. The default values are not shown here they are getting defined over the first page of the roles.

Explanation of the overview:

  • green checkmark: the permission is set for all elements
  • yellow checkmark: the permission is set for only for some of the elements. The tooltip shows how many are available.
  • red checkmark: the permission is not set for any element

Additionally to the Read and Write permissions for dimensions also the default for new elements can be defined. If that is for example changed from read to write, users of this role can automatically write onto newly created dimension elements of this structure. Exisiting elements remain unchanged.

A click onto the dimensions name opens a detailview of the structure in which the permissions for every dimensionelement can be modified. In order to change the whole substructure, please click onto elementname and the corresponding symbol next the the search field.

Further menus/functions

Active Directory Import

The menu can be accessed over the Error creating thumbnail: File missing in the side tree. With CoPlanner it is possible to import roles and users from the Active directory. When you click onto the symbol the following window opens.

Error creating thumbnail: File missing

Domain:

Enter the domain from which you want to import the user roles/users into the field "Define the LDAP request here"

Example Domain: wien.company1.com

Please follow this notation: CN=Users, DC=wien, DC=company1, DC=com

A click onto the "Load" button shows the objects from the active directory:

Prefix the user with the domain:

By activating this option the name of the domain in the text field will be inserted in front of the user name when importing users.

Keep role membership:

By activating this option the role membership will be kept when importing users. Otherwise the users will be set up in the system role “everyone”.




















Basic settings (available from CoP 10 HF 3.3)

The menu can be accessed over the Error creating thumbnail: File missing button on the left side. The default permissions for new rolres can be set here.

Permission overview (available from CoP 10 HF 3.3)

The menu can be accessed over the Error creating thumbnail: File missing button on the left side. In this menu the permissions per role/users/objects can be viewed. Only combinations excluding full acecess are shown.

Accessible %: In this column the percentage is of the dimensions elements is shown that are generally accessible (reading or writing).

Read-only %: In this column the percentage of the accessable elements are shown that the user has read only permissions for.

Full access %: In this column the percentage of the accessable elements are shown that the user has writing permissions for.

Through clicking onto the three dots a detail area jump is performed. In the detail area the dimension elements are shown and it is also possible to show from which user role the user got permissions to a specific element.

Retrieved from "https://copsupport.coplanner.com/help10_en/index.php?title=WebApps:UserAdministration&oldid=16258"