1. Access Control Lists
Access Control Lists (ACLs) enable you to create a mapping between access rights and users, and access rights and groups. ACLs enable you to assign access rights on content and dimensions.
1.1. Access Control List Properties
This section describes the properties of an access control list, as shown on the corresponding Edit pane.
| Property | Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Label (language) |
Type a label and description for this access control list. One entry per supported language. This is the display name for the access control list. |
||||||||||||||||||||||||||
External key |
Type an additional identifier for this access control list. An external key is used in code that integrates external services with this iKnowBase access control list. |
||||||||||||||||||||||||||
Owner Id (Personal ACL) |
Displays the owner of the access control list. |
||||||||||||||||||||||||||
Visible |
Select this check box to enable users to view this access control list. This property indicates the availability of this access control list while publishing content. |
||||||||||||||||||||||||||
Acl members |
Displays a list of users and groups which are members of this access control list, together with their member privileges. See following table for information about member privileges:
|
2. Groups
A group is a collection of users. Groups enable you to assign various types of access rights to multiple users at the same time, which makes user management easier and less time-consuming. Users in a group have some common characteristics. For example, users that work on the same level in a particular department can belong to one grou
Access rights assigned to a group are also assigned to all users that belong to that grouA user can be member of one or more groups at a time.
2.1. Group Properties
This section describes the properties of a group, as shown on the corresponding Edit pane.
| Property | Description |
|---|---|
Label (language) |
Type a label and description for this group One entry per supported language. This is the display name for the group. |
External key |
Type an additional identifier for this grouAn external key is used in code that integrates external services with this iKnowBase group. |
Members in the group |
Displays a list of users who are members of this group. |
2.2. Membership
This section describes the access control membership, as shown on the corresponding Membership pane.
| Property | Description |
|---|---|
Memberships |
Displays a list of access control lists the group is a member of. |
Permissions |
Check boxes for available privileges, see the section Access Control Lists for more information. |
3. Users
Users are entities that can be authenticated against the credentials required to access a portal.
After you create a user, you can assign access rights to a user. For more information on groups, see Access Control Lists.
You can also add a user to a grouWhen you add a user to a group, all access rights assigned to a group are also assigned to the user. For more information on groups, see Groups.
3.1. User Properties
This section describes the properties of a user, as shown on the corresponding Edit pane.
| Property | Description |
|---|---|
User name |
Type the user name that this user must use to log on to iKnowBase. You cannot update the information of this property for an existing user. |
First name |
Type the first name of this user. |
Last name |
Type the last name of this user. |
Email address |
Type the e-mail address of this user. |
Dn |
Contains the dn string for this user if synchronized from an ldap directory. |
Fulldn |
Contains the full dn string for this user if synchronized from an ldap directory. |
Preferred Language |
Click the appropriate language that you want to set for this user. |
User dimension |
Select the dimension the user is associated with. Used for presenting content in context of users. |
Person card |
Select the person card associated with the user. Used for presenting content in context of users. |
Password |
Information on whether this user has stored a password in iKnowBase. If they have, they can use that for login (if iKnowBase is configured such), else iKnowBase must be configured to let them authenticate against some external auth provider (through e.g. SAML or OAuth). |
Permissions |
Select the Guest user (public) checkbox to grant guest user privileges to this user. Select the Admin privileges check box to grant administrative privileges to this user. Select the Allow document creation check box to enable this user to create and edit content when this user logs in to the iKnowBase portal. Select the Disable user check box to disable the user. The user will no longer be able to log in. |
Valid from |
Set a date value (dd.mm.yyyy) if the user should be valid after a specific date |
Valid to |
Set a date value (dd.mm.yyyy) if the user should be expired after a specific date |
3.2. Membership
This section describes the membership to groups or access control lists, as shown on the corresponding Membership pane.
| Property | Description |
|---|---|
Add or delete group membership |
Displays a list of all the groups this user is a member of. Add new groups by using the links Add group or Add groups. Remove a group membership by clicking the delete icon. |
ACL memberships |
Displays a list of all the access control lists this user is a member of. Add new access control lists by using the links Add acl or Add acls. Remove a acl membership by clicking the delete icon. For more information about the ACL permissions, see Access Control Lists. |
3.3. Acl membership overview
This section describes all membership to access control lists, either directly or thru a group membership.
| Property | Description |
|---|---|
Acl membership overview |
Click the Show link to see how the user is granted to the access control list. |
3.4. Identity federation
This section describes identity federation using OAuth2 and saml services, which links external accounts to iKnowBase user accounts. The only action permitted is removal of entries.
| Property | Description |
|---|---|
Provider |
ID of the identity provider |
User id |
External user id from the provider |
Created date |
Date when this account connection was created |
3.5. User tokens
Displays user tokens attached to the current user. To add a new token, click Add value. You can select between an activation token or a login token.
| Property | Description |
|---|---|
Token type |
Valid values are Activation and Login token |
User Tokens |
The actual token automatically generated when you create a new token. |
User tag |
Display the user tag. Not editable. |
Description |
Description of the token |
Valid to |
Date to define the expiry date for the token. The value has to be given in the form dd.mm.yyyy hh24:mi. |
3.6. Change password
Note that this password is only used in installations where the iKnowBase database is the master for password information. This is not the normal case. Instead, normally you will need to update the password in a remote directory such as Microsoft Active Directory or Oracle Internet Directory.
| Property | Description |
|---|---|
New password |
Enter a new password for the user. |
3.7. Copy a user
Create a new used based on the properties of an existing user.
User name |
Enter a unique user name for the new user. |
First name |
Type the first name of the new user. |
Last name |
Type the last name of the new user. |
Create a person card? |
If set, it will create a new user document with the same system properties as the document owner by the selected user. If the selected user doesn’t have a document, this option is hidden. |
Create a dimension? |
If set, it will create a new user dimension with the same system properties as the dimension owner by the selected user. If the selected user doesn’t have a dimension, this option is hidden. |
Copy group membership? |
If set, it will duplicate the group memberships from the selected user. |
Copy acl membership? |
If set, it will duplicate the acl memberships from the selected user. |
3.7.1. Delete a User
If the user is the owner of documents (information objects), you are asked to select a new owner for these documents from a list of existing users. Upon deletion, documents which are owned by the user to be deleted are updated with the new owner. You can click the Cancel action to cancel the deletion