Rights management
This page has been automatically translated and has not been reviewed in detail yet. Therefore, the translation might not be completely accurate.
In rights management, users can be assigned to user profiles (= roles) and user profiles can be assigned to specific rights with regard to access to certain functionality. You can also use this module to create and delete new users/accounts.
The view in the rights management is structured in three columns:
- All users are listed in the left column.
- All rights profiles are listed in the middle column. A user can have multiple rights profiles. The profiles serve as groups of users who perform similar tasks and therefore require similar access rights.
- In the right column all individual rights are listed in their smallest granularity:
In this view, corresponding users, profiles or rights can be displayed by selecting a user, a profile or a right: That is
- When you select a user, their user profiles and their specific authorizations are displayed
- When you select a user profile, exactly the users assigned to this user profile and the specific permissions of the user profile are displayed
- When you select a right, the users who have this permission and all profiles that are assigned to the right are displayed
By clicking the "Activate editing" button at the top right 1 the view switches to editing mode:
Here you can assign corresponding users by selecting a user, profile or right and using the sliders 1 and pen icons 2 Change profile rights.
By using the pen icons in the user column, user accounts can be edited and deleted. New accounts can also be created using the “+” button in the user column.
Registration of new accounts via login
As an alternative to creating accounts using the "+" button in the user column, with NeuroomNet's standard configuration, a new account can also be created by logging in to the NeuroomNet login page with a new account name and password. This will create a corresponding account, but with no permissions yet.
With the non-default configuration setting config.custom.json: noUserAutoCreate = true, this registration is deactivated via login.
Management and authentication of accounts
There are basically two modes with which user accounts are managed:
- NeuroomNet manages the user accounts alone (stand alone)
- An external system primarily manages the user accounts and takes particular care of authentication
In the first case, new users are only logged in, registered, authenticated and overall managed via the NeuroomNet server. Here it is recommended that the configuration flag config.custom.json: noUserAutoCreate = true is set so that typos during registration do not lead to the creation of new accounts.
Standards for user management
A second option is to connect users to NeuroomNet via an external system such as Active Directory, Keycloak or OpenID Connect. In this case, the external system takes care of the authentication, registration and overall management of the accounts. NeuroomNet only ensures the assignment and management of user rights within NeuroomNet. The configuration setting config.custom.json: noUserAutoCreate = false should be used here, so that new accounts for NeuroomNet are automatically created in NeuroomNet.
This has the advantage that users can e.g. B. you can log in to NeuroomNet with your domain account, i.e. your 'normal' Microsoft Windows password. So you can use a so-called SSO - Single Sign On.