How can we help?
Search for answers or browse our knowledge base
Users and Rights Management
Gathering Tools features 5 types of users:
Rôle | Gérer les comptes | Créer des modèles & Actions | Exécuter les actions | Valider les réponses | Consulter les documents et répondre | Compte obligatoire |
---|---|---|---|---|---|---|
Administrateur | ||||||
Développeur | ||||||
Gestionnaire | ||||||
Valideur | ||||||
Répondant / Destinataire |
With or without an account?
By default, users have an account in the instance and are authenticated on the login page. However, respondents may not have an account. In this case :
- Messages are sent to them by email
- Documents are sent to them as an email attachment or via a download link
- Responses are sent by email (they do not have access to the discussion thread)
- It is possible to identify them by validating their email address.
Adding/deleting users
If the instance is set up to use external authentication (LDAP or OAuth2), user management is externalized: all users present in the directory can connect. However, they will not have access to any content of the instance until rights have been assigned to them.
If the instance is configured to use GT authentication, then it is necessary to create the users:
- Manually, in GTAdmin or GTAnswer by logging in as administrator
- Automatically, by performing an account creation action.
From GTAdmin
- Select the instance
- In the “GT Base” sheet, click on the “Users” button
- Click on the “New user” button
- Fill in the user’s parameters and click on Ok
- Give a login name and password to this user.
- Check the “Must change password next time login” option to force the user to change the password the next time. This option is independent of the minimum password lifetime.
- Specify the Administrator privilege for this new user.
It is preferable to create at least one administrator for each instance.
Only an administrator can create new users.
The creation of new users can be done via GTAdmin (on the server workstation) or via GTAnswer: the other users of the project can be created with GTAnswer by a user connected with an administrator account.
The identifier is used to filter the rights of managing users on such and such entities queried with GT documents (this filter is carried out using a view or a table in the client database).
You can impose constraints on user passwords by activating the corresponding option for the instance in the “Security” tab via GTAdmin.
Validate the creation of the new administrator user.
From GTAnswer
- Log in with an administrator account
- From the main menu at the top left, select Rights/Users
- Click on the “Add” button
- Fill in the user’s details and click OK
Create Account Action
A create account action allows users to be added automatically from a page/view. In addition, the create account action allows you to send a message to each user created with:
- a hyperlink that configures the instance on the user’s computer
- his login
- his temporary password, to be changed at the first connection
Users with privileges
These are administrators and developers. They have full rights on all the templates. The only difference between administrators and developers is that the latter cannot add/delete/modify users but only edit their rights per template (group assignment). Filtering by template/axis combination is not available for users with privileges.
For each instance can be defined a number of administrators, developers, managers and validators according to the licenses acquired for the Gathering Tools suite.
Users created with the Administrator privilege consume an Administrator license.
Users created with the Developer privilege consume a Developer license.
The license consumption for Managers and Validators users depends on the rights granted to a user for all the questionnaires of the instance.
The rights that can be assigned to a user (via a Group) can be viewed in groups (via GTAnswer, button “Manage Groups”). The complete list of rights for a manager can be visualized in the “Manage Groups” box.
A user will consume a Validator license if he is only associated to groups containing only all or part of the 5 following rights:
- List campaigns (List block)
- List the answers (List block)
- Validate/Invalidate an answer (Answer block)
- View an answer (View block)
- View a sent questionnaire (View block)
A user will consume a Manager license if he is assigned a group containing any rights other than the Valid rights above.
Users without privileges
These users do not have any rights by default. It is up to the administrator or developer to define the permissions for each template. To do this, the administrator/developer will create groups that define a set of rights and then assign the user to one or more of these groups for each template.
It should be noted that users without privileges have no rights to modify GT objects: they do not have the right to add/delete/edit templates or actions (they can, however, view them according to the rights).
Rights groups
A group defines a set of rights. These rights are divided into six categories:
- Campaign
- Execution (of actions)
- List (list templates, actions, responses…)
- Response
- Viewing
- Other
There are 5 default groups, but you can create your own groups.
If the user belongs to several groups for the same template, it is enough for a right to be ticked for one group for it to be assigned. A user can be assigned to several groups, but the rights must not be the same.
To associate a user with a group of rights, double-click on the user from the list and then tick the boxes corresponding to the groups:
Click to display the image in full screen
Here, the user “Michel Alibo” is part of the “Validators” group on the “Rolling Forecast EN” template. He will not have any rights on the other templates.
Filtering rights
In our previous example, we gave Michel Alibo the right to validate responses for the “Rolling Forecast EN” template. This right applies to the template, regardless of the entity. In a campaign on this template, Michel Alibo can therefore validate all entities. However, it is possible to restrict his scope by filtering his rights.
To do this, we will need a table or a view in the client database, which will list the IDs of the users who will have access to each axis item in our publication.
This is the table we will use. Since “Subsidiary” is the diffusion axis for the “Rolling Forecast EN” template publication and “MA” is the Id of the user “Michel Alibo”, this table contains the elements necessary for filtering.
We then go to the list of groups (Main menu / Rights / Groups) and select the group we want to filter. Here, it is the “Validator” group.
We will then select the “Template Filters” sheet and then select the template for which the filter should be applied. Here, we will choose the “Rolling Forecast EN” template.
Finally, we will select :
- The table containing the filters
- The column containing the user ID
- The column or columns to be filtered, here we will choose (by clicking on the “…” button) the “Subsidiary” field
All that remains is to click on “Ok” to validate our filter.
Respondent rights
It is not necessary to manually assign rights to respondents. Respondents are automatically assigned the rights to the entities defined in the assignment relationship when the publication action is executed. It is also possible to automate the removal of rights for respondents by using a rights removal action.
Notes
- If, for a template, the user belongs to several groups; these groups have common rights (e.g., validation), and these groups have a filter for this template, then the filters must be equal (or empty). Empty filters are ignored and it is enough that only one group contains a filter for the right in question.
- According to the above remark, when filtering, it is better to create “orthogonal” groups, i.e., groups that do not have a common right (as in the example).
- It is advisable to filter by axes which form a subset of the diffusion axes, but you can filter by any axis in the kernel or by an additional validation axis
- If the “Campaign List” right is filtered, then the statistics displayed are themselves filtered.