WebApps:UserAdministration
Available from CoP 10 HF 3.0
The user administration provides a tool to administrate user roles and users. A user itself has no specific permissions. It receives the permissions by getting assigned to one or more user roles. If a user receives different permission levels from different user roles onto the same alement, writing permissions do always overrule reading permissions and reading permissions always overrule if there is no right onto an element at all. That means: If a user receives write permissions from one user role, but is also assigned to a user role with only reading permissions and also to a user role with no permissions at all, the user is permitted to write onto this element.
System requirements
The requirements can be found here.
Invocation
<WebAppUrl of server (replace "+" with Servername/IP address)>/useradministration
Example:
https://server:4443/coplanner/useradministration
Invocation with e.g. Tiles should be done with Session-Variable @Session_WebAppUrl@. e.g.:
@Session_WebAppUrl@/useradministration
Extended Invocation
- hideSessionHeader: Defines if the session header should be visible or not (true fades out the Session-Header). Default while opening is false.
Menu
| Button | Action |
|---|---|
|
Back to last page. |
|
Open/Close of display text of menu. |
|
Checkin-/out |
|
Update of data in the mask |
|
Basic settings for new and imported user roles (available from CoP 10 HF 3.3) |
| Error creating thumbnail: File missing | Open overview of permissions (available from CoP 10 HF 3.3) |
|
Saves all changes |
|
Deletes the selected element |
|
Creates new user role |
|
Creates new user |
|
Import from the Active Directory |
| Error creating thumbnail: File missing | Transfer permissions from one user role to another (available from CoP 10 HF 3.3) |
Users
The general settings for users can be set here as well as the assignments to the user roles.
Login options
- CoPlanner authentification: The user is created in the CoPlanner System. As a consequence also the password will be set in CoPlanner.
- Windows authentification: The user is also a user within you domain. The password is the same as at the Windows login. It is also possible to logon with a user from another domain/another computer. In this case the credentials have to be entered in the following format: <nameofdomain>\<username>. For example: "mycompanydomain\j.doe". In this case the whole path has to be enterend. The system then tries to logon the user onto that domain.
- SAML authentification: authentification through SAML
Role membership
User roles can be drag and dropped into the Role membership section on the right side below the search window. The role assignments can be deleted with the red x.
| Hint When a user is not assigned to a user role, it is shown in yellow color. (available from CoP 10 HF 3.3) |
User roles
The user roles contain the general settings and the detailed permissions.
General Settings
In addition to the name an the description of the user it can be defined if users of this role are allowed to edit scenarios without changing to the powerUser mode.
New elements settings
In this section the default permission settings for dimension elements can be defined. They can be set to write, read or no access. This settings are getting applied initially after the user role has been saved in the first place. If this setttings are modified later on, they apply only for newly created dimensions. For existing dimensions no permissions and default settings will be changed. For exisiting dimensions please use the "2 - Permissions" section.
Members
Members can be assigned from the sidetree via drag and drop. They can be removed via the red x.
| Hint: Multiselection (assignment of multiple users to one role or multiple roles to one user at once) (available from CoP 10 HF 3.3) It is possible to assign more than one user to a role at once and vice versa. The following example describes the assignment of multiple users to one role. 1. Mark the user role of your choice in the sidetree. As an alternative you can just use the treeview on the left. Just mark multiple users of your choice and drag and drop them onto the user role of your choice also on the left side in the treeview. |
| Hint When a role has no user assigned to it, it is shown in yellow color. (available from CoP 10 HF 3.3) |
Permissions
The permissions are seperated into Shared Objects, Scenarios and all dimensions/subsets.
The shared objects are read only. The scenarios can be set to read and write. The default values are not shown here they are getting defined over the first page of the roles.
Explanation of the overview:
- green checkmark: the permission is set for all elements
- yellow checkmark: the permission is set for only for some of the elements. The tooltip shows how many are available.
- red checkmark: the permission is not set for any element
Additionally to the Read and Write permissions for dimensions also the default for new elements can be defined. If that is for example changed from read to write, users of this role can automatically write onto newly created dimension elements of this structure. Exisiting elements remain unchanged.
A click onto the dimensions name opens a detailview of the structure in which the permissions for every dimensionelement can be modified. In order to change the whole substructure, please click onto elementname and the corresponding symbol next the the search field.
Active Directory Import
The menu can be accessed over the Error creating thumbnail: File missing in the side tree. With CoPlanner it is possible to import roles and users from the Active directory. When you click onto the symbol the following window opens.
Domain:
Enter the domain from which you want to import the user roles/users into the field "Define the LDAP request here"
Example Domain: wien.company1.com
Please follow this notation: CN=Users, DC=wien, DC=company1, DC=com
A click onto "Load" shows the objects from the active directory:
Prefix the user with the domain:
Diese Option bewirkt, dass beim Import von Benutzern die Domänenbezeichnung aus dem Textfeld vor dem Benutzernamen eingefügt wird.
Rollenzugehörigkeit beibehalten:
Aktivieren Sie diese Option, wenn beim Import von Benutzern die Gruppenzugehörigkeit beibehalten werden soll. Anderenfalls werden die Benutzer im CoPlanner unter der Systemgruppe „Jeder“ angelegt.
Basic settings (available from CoP 10 HF 3.3)
Das Menü kann über den Button Error creating thumbnail: File missingin der seitlichen Symbolleiste aufgerufen werden. Es können hier die Standardzugriffsrechte für neu angelegte Rollen definiert werden.
Permission overview (available from CoP 10 HF 3.3)
Das Menü kann über den Button Error creating thumbnail: File missingin der seitlichen Symbolleiste aufgerufen werden. In diesem Menü könnnen Berechtigungen je Rolle/Benutzer/Objekt dargestellt werde. Es werden nur Kombinationen dargestellt die keinen Vollzugriff haben.
Accessible %: Über diese Spalte wird angezeigt auf wieviel Prozent der Dimensionselemente ein genereller Zugriff (lesend ODER schreibend) besteht.
Read-only %: Über diese Spalte wird angezeigt auf wieviel Prozent der zugänglichen Dimensionselemente Lesezugriff besteht.
Full access %: Über diese Spalte wird angezeigt auf wieviel Prozent der zugänglichen Dimensionselement Schreibzugriff besteht.
Über einen Klick auf die drei Punkte wird ein Detailsatzsprung durchgeführt. Dadurch kann ich mir die einzelnen Elemente der Dimension anzeigen lassen und kann mir zusätzlich einblenden, von welcher Benutzerrolle, der Benutzer die Berechtigung auf dieses Element bekommen hat.
