Creating and managing users
Users are managed through the dedicated interface and can be organised into groups to simplify rights management. Rights can be assigned directly to selected users or to groups of users. If users are authenticated by the reverse proxy, it is also possible to delegate the management of groups and user attributes to it, so that they do not need to be managed in InterDiode. Further details are available in the Reverse-proxy Authentication section.
In the following, we assume that ALLOW_LOCAL_USERS=true, allowing local user management instead of only using the reverse proxy.
Creating users
A new user can create their own account when ALLOW_USER_CREATION=true. Their account will then be pending validation by an administrator if REQUIRE_NEW_USER_VALIDATION=true, or immediately active otherwise.
Administrators can validate pending accounts and promote regular users to administrators.
Otherwise, only administrators can create accounts for other users. Users created by administrators are immediately validated, with no need for validation by another administrator.
Access control
First, individual users can be marked as superusers, granting them full administration and usage rights across the entire application. These rights must be assigned on both the black and red instances.
- Users with administration rights can perform the following actions:
modify groups and users as well as their associated rights,
view activity logs,
update the licence used by InterDiode,
view the health status of the instance and ongoing tasks,
view past and ongoing transfers,
modify or add any type of data source,
validate a user’s proposal,
modify the instance configuration.
- For each source type, it is also possible to grant each user the right to:
propose a new instance, which will need to be validated by an administrator,
directly add a new instance without validation,
display the source type on the home page.
Then each instance of a source can define specific rights.
- Each source can define a different rights model, but the most common model defines the following rights:
read-only,
right to propose new items,
add new items to retrieve,
administer the source, including access rights.
The creator of a given instance will automatically be granted administration rights on that source.
User management
A user’s global rights are defined in the general administration menu. They can be set individually or through the groups the user belongs to.
A user’s rights on a specific source instance must be set up directly on that source.
It is possible to delete a user from the database. Content associated with that user will not be deleted but will no longer be attributed to anyone. However, it is recommended to simply deactivate the user in order to preserve traceability.
Group management
Group creation must be performed through the administration interface.
Rights are associated with a group via the global administration page and will be inherited by the members of that group.
Black to red user mapping
If the same person has an account on both the black instance on the internet and the red instance internally, it is possible to associate the internet account with the red account. This way, an item on the external network can be attributed to the corresponding internal user once transferred.
Logging user activity
Depending on your licence, user actions can be recorded in order to verify each person’s actions. Furthermore, actions will also be logged via the system logs. User actions are visible within the administration interface, and can be filtered by user and date.