User
Table of contents |
This menu item is only available to server administrators. |
Create User
This function is used to add a new user to the server. A window appears where the user data can be entered.
Login: login name of new user (mandatory field).
Password: password of new user (mandatory field).
The other information about the new user, such as the actual Name, Initials, e-mail address and Phone are optional.
“External user” exception: if the user is identified through an external system, he is created automatically as a FirstSpirit user the first time he logs in. The required user attributes in this case are imported from the external system (the password is pre-populated in FirstSpirit with a random value). The user then appears in the list of FirstSpirit users.
Active: (for information on “deactivating users”, see Edit).
Server administrator: Use this option to assign the role of the server administrator to the newly created user. He/she has all permissions
- in ServerManager
- in ServerMonitoring
- in their own connections, set up via API
by default. If the server administrator permissions are to take effect in SiteArchitect, this can be activated via the entry “Administrator mode” Project (→Documentation FirstSpirit SiteArchitect). If a similar function is required in ContentCreator, this must be implemented using the API (for example method setAdminMode (FirstSpirit Access API, InterfaceUser, Package: de.espirit.firstspirit.access, this method can only be executed by server administrators).
If “administrator mode” is activated via API (setAdminMode(true);), this does not effect the “Administrator mode” menu item in the “Project” menu of SiteArchitect. The checkmark is not set as a result. |
The “server administrator” option is activated for the user “Admin” who is automatically created during the installation of a FirstSpirit Server and cannot be deactivated. It can only be assigned by server administrators; initially, therefore, it can only be assigned by the administrator (user ID 1). If a user who had server administrator permissions on the other FirstSpirit Server is created by importing a project, this permission is removed during the import and must be regranted as necessary.
If the server administration permissions are assigned to a user via ServerManager, this is recorded in the file fs-server.log, stating the user name:
INFO 02.10.2013 10:43:05.767
(de.espirit.firstspirit.server.usermanagement.UserManagerImpl): Setting
user 'chief' server admin permission to true
When a user logs onto the FirstSpirit Server with server administrator permissions, this is also logged accordingly, stating the user name, e.g.
INFO 02.10.2013 09:05:21.113
(de.espirit.firstspirit.server.sessionmanagement.SessionManagerImpl):
new session (ID=5030863150308873085, user=chief, userID=62, type=MAIN)
created
INFO 02.10.2013 09:05:21.113
(de.espirit.firstspirit.server.sessionmanagement.SessionManagerImpl):
Session with ID=5030863150308873085 bound to ip 192.168.100.212
INFO 02.10.2013 09:05:21.113
(de.espirit.firstspirit.server.sessionmanagement.SessionManagerImpl):
User 'chief' login with server admin permissions, session
ID=5030863150308873085
External users can be made server administrators via a corresponding LDAP configuration; specifically, via a corresponding parameter in the configuration file fs-server.conf. See Area: Server.
For information about the differentation between administrator, server administrator and project administrator see Server and project administrators.
Edit
This function is used to edit the above-mentioned user information at a later time. A sorted list of registered users is displayed. (It can be sorted by clicking on any column heading.)
Please note that, for external users with server administrator permissions this list only reflects the state of the last FirstSpirit login and not the current LDAP state. This means that
- there may be more server administrators than are marked in the list with a check in the “Server administrator” column, but they have not yet logged onto the FirstSpirit Server via LDAP, or have not done so since authorizations were changed
- a user whose server administrator permissions have been withdrawn in the LDAP and who has not logged onto the FirstSpirit Server via LDAP since will still be shown as a server administrator.
Search: the search function is used to search for words or parts of words in the Name and Login columns. Clicking on starts the search, and clicking on the button next to it cancels the search.
Edit User
After selecting the user from the list, the “Edit user” window appears where the user data can be edited.
If the user was added manually to FirstSpirit, all data, including the user name and password, can be edited. The user is identified internally by a unique user ID. This ensures that user information is preserved (e.g. the assignment to a project) when user attributes (such as the name) are changed.
If the user was created automatically as a FirstSpirit user and is identified through an external system, changes to the user attributes cannot be made in FirstSpirit. External users are displayed by selecting the “External user” checkbox.
Active: users can be deactivated without having to removing them completely from FirstSpirit. They remain in the system, but they can no longer be authenticated (even in the case of authentication via external systems, e.g. SSO). The deactivated users are grayed out in the FirstSpirit editing environment and in ServerMonitoring. Deactivated users can be reactivated any time in this dialog. All information about the user (such as the original user ID) and all project assignments remain unchanged and can be used again immediately (as opposed to if a user is deleted and then recreated).
Server administrator: Use this option to assign the role a server administrator to this user. See also explanations about the option “Server administrator” under User - Create user.
“External user” exception: if the checkbox is selected, the user is from an external system (e.g. from LDAP) who has been added to the server automatically.
If the checkbox is unchecked, the user was added manually.
External section: the LDAP section where the user is registered is displayed here. If the user logs in via the WindowsLoginModule, the domain is displayed here as the external section.
Group membership: the user's group membership is displayed at the bottom of the dialog box. The assignment is subdivided by projects and cannot be edited in this dialog box. For information on changing a user's group membership, see Project properties - groups. This information is also available in FirstSpirit ServerMonitoring.
The other information about the new user, such as the actual Name, Initials, e-mail address and Phone are optional. In the case of external users, these fields may be populated automatically using user attributes.
The internal system user ID is assigned automatically and cannot be changed. Permissions for all users can be managed using the SiteArchitect context menu.
Delete
This function is used to remove a user from the server. A sorted list of registered users is displayed. (It can be sorted by clicking on any column heading.)
Search: the search function is used to search for words or parts of words in the Name and Login columns. The search is started by clicking on the button.
After selecting the user from the list, the user is deleted from the list once the deletion prompt is confirmed. A distinction is made here between the following:
- Manually added FirstSpirit users:
If the user was added manually, the user is automatically removed from all FirstSpirit projects and deleted from the server using the “Delete user” function. - Automatically added (external) users:
If it is an external user, the user is automatically removed from all FirstSpirit projects and deleted from the server using the “Delete user” function. However, if the user has not been deleted from the external system, the user will be added again as a new FirstSpirit user with a new user ID the next time the user logs in.
Note: If the personal data of a deleted user should also be deleted, this is possible via the “Anonymize” (see below) or via a corresponding parameter in the fs-server.conf configuration file. See also Notes about GDPR.
Anonymize
The General Data Protection Regulation (GDPR) is a regulation of the European Union which protects European citizens’ basic right to privacy and regulates the handling of personal data. Among other things, the GDPR regulates the possibility of deleting personal data (“Right to be forgotten”).
FirstSpirit stores personal system data (e.g. names and contact data of editors) which is used in various places, e.g. in the version history or in release workflows, in order to be able to contact an editor of a page if necessary. See also Notes about GDPR.
For deleted users (“Delete” function, see above), personal system data can be anonymized via the “Anonymize” menu item.
The login of the user to be anonymized must be entered in the text field. There is no distinction between upper and lower case.
Multiple user logins can be entered separated by commas or spaces.
Clicking “OK” starts the anonymization process.
The data of deleted users cannot be determined afterwards. In the version history and in other places then no user name / login is displayed any more or {DELETED USER}.
If the login of a non-deleted user is entered in the text field, a corresponding error message is displayed:
Anonymizing deleted users failed! User 'Editor' is not deleted!
Note: Another option for anonymization is provided by the parameter privacy.anonymizeDeletedUsersData=true in the configuration file fs-server.conf.
In contrast to the menu function “Anonymize” the anonymization via the parameter privacy.anonymizeDeletedUsersData can be undone. Anonymization via the “Anonymize” menu function is permanent and cannot be undone.