Users



Each user account is assigned to one or more teams. Membership in a respective team determines the individual functions to which the user has access.Ā In the menuĀ UsersĀ ā†’Ā UsersĀ you will find a list of all user accounts created in the system.

The following information is displayed for each account:

  • User name

  • Name: The content of this field is composed of the separate fields ā€œFirst nameā€ and ā€œNameā€.

  • The most important address data of a user

  • Member of the following teams: All of the teams that the user belongs to.

  • Logins: The number of logins for a user since their creation.

  • Last login: Date of the last login.

  • Failed attempts to login: Number of consecutive failed login attempts.

  • Login expiry date: With limited time accounts, the date when the login expires will be displayed. The account can be used up until the day before expiration.

  • Suspended until: After a defined number of consecutive failed login attempts, the user account will be blocked automatically for likewise a defined period.

  • Can login? If a login has expired or it has been deactivated by ā€œbrute forceā€ protection, then a red lamp will be displayed.

If you are missing information, open the dialog for changing the display by clicking onĀ ViewĀ and activate the desired column.

You have the following editing options:

  • By clicking on the user name, you can open the detail view of a user and for example view information on team affiliation and available rights (the information detail page lists ACL rights as well as rights to layouts).

  • By clicking on the login expiry date, you open a dialog, in which you can change the login expiry date. Members of the system administrator team can furthermoreĀ change the password expiry date or deactivate the login, i.e. block a user from accessingĀ EFS. If blocked users try to log in, they will be asked to contact the person responsible for theĀ EFSĀ installation.

  • Clicking on theĀ Send passwordĀ icon opens the dialog for sending an e-mail containing a link for setting a new password.

  • You can delete user accounts that have not yet expired and are not owner of a team.

Creating user account

To create a new account, click on theĀ Create user accountĀ button. Specify the language in which the admin area is to be shown for the new user. Enter the initial password for the new user twice. On their first login new users are automatically requested to change their password.

  • Select the team to which the new user should be added. The team affiliation defines the rights of the users.

  • Select the userā€™s primary team. Among other things, the primary team is always automatically granted read and write rights for projects created by this user.

  • The ā€œOrganizationā€ field indicates to which accounting organization the new user belongs.

    • If the wrong organization is indicated, please contact the person responsible for the installation.

    • If you hold the right ā€œorgadminā€, you can alter the accounting organization yourself.

  • Choose the expiry date of the account.

  • You can optionally select the time zone to be displayed in the ā€œLocal dateā€ field of the left-hand menu.

  • You may store additional information in the section ā€œAdditional dataā€.

  • Define the next editing steps:

    • You can have the password displayed on the next page, e.g. in order to copy it to a notification mail.

    • If you wish to add more accounts afterwards, tick the corresponding checkbox: Only then will a blank ā€œCreate user accountā€ form be opened directly.

  • Confirm by clicking onĀ Create user account.

  • The account will be created.

TheĀ Generate passwordĀ function will help you to generate a good password: When you click on theĀ Generate a passwordĀ link a randomly generated password is issued in a pop-up window. If you click on this it will automatically be transferred to the entry fields.

Account names and e-mail addresses of users must be unambiguous. In the case that an account name or an e-mail address is already being used by another user, a corresponding error message will be displayed.

Importing user accounts

If you wish to create a larger number of user accounts, you can utilize the import function. This function is located in theĀ UsersĀ ā†’Ā User importĀ menu.

  • In order to use this function, you need write rights toĀ cr_teamaccount.

Please proceed as follows to perform the import:

reate a table in CSV format containing the staff data. For example, you can create such a table in MS Excel and then save it in CSV format. The file must have the following structure.

Column

Content

Column

Content

Column 1

Account name

Column 2

First name (optional)

Column 3

Last name (optional

Column 4

E-mail address

Column 5

Password (optional)

Column 6

The date on which the account is to expire (optional, format: DD.MM.YYYY)

Column 7

The ID of the primary team for the account

Ā 

The first row of the CSV file may optionally contain the column headings. How to upload the file:

  • Select the correct file.

  • If required, select the appropriate character set.

  • If the first row of the CSV file contains the column headings, the corresponding checkbox must be ticked.

The following properties are defined en bloc for all new accounts:

Field

Meaning

Field

Meaning

Additional teams for all user accounts to import

All teams that exist on the installation are available for selection.

Country

Default preallocation: Germany.

Time zone

Default preallocation: Universal Time (UTC/GMT).

Language

The language used in the admin area.

Organization

Accounting organization

Confirm by clicking onĀ Import.

Specifying temporal limitations for user accounts

In principle, user accounts always have an expiry date, and they are automatically deactivated after expiring. This measure aims primarily at improving safety in the admin area: This reduces the risk of an out of use user account being hacked and used unwittingly. At the same time this standardization makes the administration of large user teams and collective installations easier: Setting the expiry dates carefully when creating accounts saves you from having to ā€œtidy upā€ old accounts manually later.

Accounts without a time limit can only be created by administrators with a root account. Normally only our support and customers with their own server have root accounts.

  • For owners of a root account, an additional checkbox entitled ā€œSet time limit for user account ā€ is displayed in the form above (Figure 17.4), which must be deactivated to cancel the time limit.

  • By clicking on the login expiry date in the user list, you open a dialog, in which you can change the login expiry date.

If you wish inactive admin accounts to be expired after a given time of inactivity too, please contact support for the setup of appropriate policies. Expired accounts can no longer log into EFS. To re-enable an expired account, an admin account with sufficient user administrative rights is required.

Changing user account data

With the necessary rights, you can view the account data of other users, correct their data if required, and send them a link for resetting the password.

  • Via the user list, owners of root accounts can access the account data by just clicking on the desired user. ViaĀ Change user data, you can access the edit dialog. ViaĀ Send password, you can access the dialog for resetting the password.

  • With read rights for the ACL rightĀ org_groupadmin, you can open your teams and access the account data of the team members. With read rights, you can change the account data or send a link for resetting the password.

Sending a link for resetting the password by e-mail

With the necessary access rights, you can send your users links for resetting their passwords.

  • If you have a root account, search for the desired user in the user list. Then, open the dispatch dialog via theĀ Send passwordĀ icon.

  • If you have read rights forĀ org_groupadmin, open the desired team, click on the appropriate team member and choose theĀ Send passwordĀ button.

The text of the mail is predefined. In the dispatch dialog, only the basic contact data are displayed.

Checking user accounts for brute force suspension

The admin area has protection against brute force attacks, i.e. hacking of an account using automated, rapidly consecutive entries of possible passwords. There is only a limited number of incorrect entries possible; exceeding this value will deactivate the staff account for a predetermined period. The person logging in will then see an error message, in which the remaining waiting period will be displayed.

By default the account will be suspended after six incorrect entries, the waiting period is 30 minutes. A suspended account can be reactivated by the system administrator (root team) or by a user with write rights toĀ groupadmin.

  • If you have leased your own installation and you would like to have the values changed, please contact support.

Checking suspended accounts

If a user reports that his or her account was suspended, or if you suspect that a brute force attack has occurred, you can check this in the overview of theĀ UsersĀ menu:

  • The failed login attempts and the remaining time on suspended accounts are listed in the columns ā€œFailed attempts to loginā€ and ā€œSuspended untilā€.

  • The number of logins and the date of the last successful login are also displayed.

Further details on individual login processes, such as the exact time and the IP address, can be found in the login log, provided you hold the relevant rights.

Reactivating suspended accounts

A suspended account can be reactivated prematurely by the system administrator (root team) or by a user with write rights to ā€œgroupadminā€. By clicking on the red marked end date for the suspension period, the suspension will be reverted.

Delegating the administration of user accounts

You can delegate the administration of the user accounts of a specific organization. This is the purpose of the ACL rightĀ org_groupadmin: If you assign this right, instead of the more general rightĀ groupadmin, to a user team, its members can access all user accounts of their own organization.

  • With read rights, they can view the account data of the users of their own organization.

  • With write rights, they can manage the users of their own organization (e.g extend accounts, edit account data, or delete accounts).

Teams

Within a team there are normal members (member), administrators (admin) and owners (owner). These statuses determine the operations a team member may perform within their team. Team statuses have no effect on rights within user administration or on object or function rights inĀ EFS Survey.Ā In general, you can simply ignore the statuses within teams. Exception: If you wish to delete an account of someone who is a team owner, you must first transfer leadership to another team member, before you can delete the account.

Statuses

Status

Description

Status

Description

Owner

To receive the highest ranking status of ā€œownerā€, you must either create your own team, or another ā€œownerā€ must assign a team to you. As an ā€œownerā€œ you can:

  • add members to your team

  • delete members

  • delete the team

  • change team information

  • display the list of members in your team or team resources

  • As an owner, you may not leave your team. This is only possible once you have abandoned team leadership, i.e. the status ā€œownerā€, and have become a normal member

Admin

With the status ā€œadminā€œ, you can execute all ā€œownerā€ functions, except the deletion of team.

Member

Anyone with the ā€œmemberā€œ status can leave the team at anytime. They can also view the list of member and the list of team resources.

Creating teams

With theĀ groupadminĀ ACL right, you can create and configure new teams.

  • Switch to theĀ UsersĀ ā†’Ā TeamsĀ menu.

  • Click on theĀ Create teamĀ button.

  • The following details are required:

    • Team name: This is used in surveys in the standard URL. If you create a team entitled ā€œTest account for student internsā€, projects for members of this team will be created under the URLĀ http://www.mydomain.com/sc/Test_account_-Ā for_student_interns/something/. As umlauts and blank spaces are not permitted in URLs, EFS automatically replaces impermissible characters upon team creation.

    • Team title: Internal name.

    • Description: Serves internal purposes as well.

  • When creating a new team, you can define the owner. You have a choice of yourself as the creating administrator and the team ā€œAdministratorā€œ.

  • Assign access rights to the desired areas of EFS to the new team. It will then receive write rights to the corresponding area rights.

  • In the drop-down list ā€œRights templateā€, you can select a user-defined rights template. By default no rights template has been selected.

  • A list of the teams you have created is displayed under the caption ā€œWhich teams shall receive free access to the new team?ā€. If you grant an existing team access to the new team, the existing team will see the new team in user administration.

  • Click on theĀ Create teamĀ button to confirm the operation.

Now you have created a new team that moreover does not have any members and no ACL rights (except those for areas defined in step 4), unless you did not expressly choose any in step 5. Your next steps are to:

  • Create accounts and assign them to this team as a primary group.

  • Configure the ACL rights of the team.

  • Change owner of the team, in case one of the newly created users should be owner of the team.

Editing teams

You can edit all teams in which you have owner status. ChooseĀ UsersĀ ā†’Ā TeamsĀ and click on a team name in the list.Ā The edit form is divided into three sections:

Section

Functionality

Section

Functionality

Team details

General meta information on the team, such as creation date, total number of members and owners. Special function: Notify team via e-mail.

Depending on the status within the team, either all or some functions will be displayed:

  • Add members

  • Delete team

  • Change team info

  • Change ownership

  • Leave team

  • E-mail

List of members

Who is currently a member of the team?

Rights of the team (whole system)

What are the rights of this team in EFS? (ACL rights)

Adding members

Click on theĀ Add membersĀ button in the detail view of your selected team. A list of users in the system appears from which you can select new members. If you wish to add a certain user to your team, you can easily locate them using the ā€œSearchā€ function above the list of members.

Once located, select the user by ticking the checkbox in the ā€œAddā€ column. Now just click on theĀ Add memberĀ button to add the user to your team.

Members added are initially assigned the status ā€œMemberā€.

Viewing the staff list and editing memberships

The list of the members contains all members of the team. The list has its own search function which searches the fields ā€œAccount nameā€, ā€œE-mailā€, ā€œNameā€ and ā€œRightsā€. Furthermore, you have the option to extend the view to include other available information. You can do this by clicking onĀ ViewĀ and making your choice from the available database fields.

The drop-down list provides you with the following editing options:

  • Set right of member: Changes the status to ā€œMember rightsā€.

  • Set right of admin: Changes the status to ā€œAdministrator rightsā€.

  • Delete from team: The member will be deleted from the team.

  • Export user data: An Excel file will be generated, which includes the data of the selected members.

  • Write e-mail: The standard mail form opens, and you can write to the selected team members.

Deleting teams

To delete a team you must have owner rights (Usersā†’Ā List of teamsĀ ā†’ {Selected team} ā†’Ā Delete team). This deletes all team members from the team. The team cannot be restored.

  • Deleting a team does not necessarily delete the pertinent account. An account is only deleted if the user is no longer a member of any other team after the team has been deleted.

Changing team info

  • To change the title, name and description of the selected team, navigate toĀ UsersĀ ā†’Ā TeamsĀ ā†’Ā {Selected team} ā†’Change teamĀ info. This function is useful, if you have selected a team name which leads to unattractive URLs.

Transferring leadership

To change leadership for a team, navigate toĀ UsersĀ ā†’Ā TeamsĀ ā†’ {Selected team} ā†’Ā ChangeĀ ownership. To do so, you must have the owner status in the team.Ā You are thus transferring the leadership to another team member. It is irrelevant whether this person is an admin or a simple member in your team. As an owner may not leave their team, you must transfer leadership if you wish leave your own team.

Leaving teams

TheĀ Leave teamĀ function removes you from the list of members for the selected team. You may not leave the team if you are the team owner. You must firstĀ Change owner.

Viewing and changing the ACL rights of a team

In the ā€œRights of the team (whole system)ā€ section you can see the ACL rights for the selected team, i.e. which functions it can access.

  • With the right ā€œgroupadminā€, you can edit the rights configuration. To open the corresponding dialog, click on theĀ Change rights of this teamĀ button.

  • You can also subsequently assign a rights template to the selected team. To open the corresponding dialog, click on theĀ Assign rights templateĀ button. In order to be able to use this function, you must belong to an admin team or hold admin rights in the selected team. In addition, you need an access right for the desired rights template.

Granting Read rights to a specific team to other teams

As the owner of a user team you can grant read rights to your team to other selected admin teams. The members of authorized teams can then see the team in question in theĀ TeamsĀ menu, select it and view the available information.

  • If you are the owner of a staff team, you can find in theĀ UsersĀ ā†’Ā TeamsĀ menu aĀ Change rightsĀ icon in the ā€œActionā€ column. Click on it.

  • A dialog opens in which you activate the checkbox in the column ā€œGrant access rightsā€, which enables you to grant read rights to your team to one or several other teams. You have a choice of all the teams available on the installation, not only those to which you belong.

  • After that, confirm by clicking onĀ Save.

Exchange teams

In order to create a new exchange team you need the rightĀ exchange_teamsĀ as well as sufficient edit rights for the teams to be selected. Click on theĀ Create exchange teamĀ button in theĀ Exchange teamsĀ menu.

  • Enter the name into the ā€œTeam nameā€ field. You can use the characters a-z, 0-9, _ and -.

  • In the select box labeled ā€œMembers with upload rightsā€ you can specify one or more teams whose members are to have read and write rights for their own files only. You do not already need to specify teams when creating the exchange team: You can always assign user teams to an exchange team at a later stage. The steps required are explained in the following chapter.

  • In the select box labeled ā€œMembers with change rightsā€ you can specify one or more teams whose members will be allowed to change the files of all team members.

  • Confirm your entries by clicking onĀ Create team.

Admin Teams

EFS can be configured to have special admin teams (ā€œpoolsā€) for complex university setups, allowing admin users to create ad-hoc teams and invite other admin users to their team for collaboration. If you would like to use this feature, please contact support.

Assigning teams and rights administration

InĀ EFS, users are assigned rights according to their team affiliation. This means that instead of assigning individual users to an exchange team you assign access rights for the files of an exchange team to one or more user teams. You may choose from different rights configurations:

  • Upload right: Equivalent to the right ā€œreadā€ to the exchange team. The members of a team with upload rights may upload and download files. They may, however, change or delete only their own files.

  • Change right: Equivalent to the right ā€œwriteā€ to the exchange team. The members of a team with change rights can upload and download files and may change or delete all files of their exchange team.

  • If you assign the rights ā€œreadā€ and ā€œwriteā€ to a user team, the members of this team will have all rights to the exchange team and all upload and change rights. However, they will be ignored for the function ā€œSend info mail to teamā€. This configuration is useful, for example, for teams of project managers who are not involved in the daily operations.

In order to subsequently assign one or more user teams to an exchange team or to change the initial settings, proceed as follows:

  • Locate the exchange team in the overview and click on theĀ RightsĀ icon.

  • This opens the dialog for rights administration familiar from otherĀ EFSĀ menus. Assign read and/or write rights for the respective exchange team to the desired user teams as required.

  • Confirm your selection by clicking onĀ Change rights.

Viewing the History

All important changes and actions executed using EFS Secure Exchange functions are logged. This allows you to subsequently check whether an action has been carried out and which user is responsible for this action. It is possible, for example, to reconstruct which users downloaded a particular file. In order to view the list of changes, switch to theĀ Usersā†’Ā Exchange teamsĀ ā†’Ā HistoryĀ menu.

For every change that has occurred the following information is listed:

Column heading

Meaning

Column heading

Meaning

Date of change

Date and time of change

Affected team

The team affected by the change.

Changes

Short description of the change carried out.

Changed by

Name of the staff member who carried out the change.

By clicking on theĀ ViewĀ button you can, as usual, display a section that allows you to specify whether the various table columns are to be shown or hidden. After you have confirmed by clicking onĀ SubmitĀ the table will be expanded accordingly. The column headings are clickable links: By clicking on a column heading you can resort the table according to the contents of the respective column.Ā You can search the history using the usual simple and extended search functions.

  • Simple search: The fields ā€œChangesā€ and ā€œChanged byā€ are searched for the term you entered.

  • Extended search: In addition to the keyword search in the fields ā€œChangesā€ and ā€œChanged byā€ you can also specify a certain change period or limit the display to the changes of a particular team. By clicking on theĀ ResetĀ button you can undo these restrictions.

Ā© 2024 Tivian XI GmbH