Users and Groups

Owned by Robert Sikorski
Last updated: 13 Jun 2018 by Dima Andrusenko
9 min read

This tool allows to create new or edit existing Earthlight users accounts. User account needs to be created for each individual who wants to access the system. A password must be set at this point.

The Users and Groups tool window contains 2 main tabs: Users and Groups

Users

The first main tab allows to add/delete/modify an individual user accounts. The Users tab contains 4 sections:

  1. Show users from

    This section allows you to control what type of users will be displayed on the users list (section 2). You can choose any group as well as all users.
  2. Users list
    The second section shows the full list of all users or users that belong to group selected in Show users from section. By selecting any user you can see a list (section 4) of roles that he/she has and groups that he/she belongs to.
  3. Option list
    The last section contains a set of options which allows you to add/delete/edit a user account. You can also add/remove a user from a group and modify the user assigned roles. Changing name/password is also available in this section. This section contains 6 options:
    • Add 
      This option allows you to add a new Earthlight user.
    • Delete
      Deletes a selected user.
    • Edit
      This button allows you to edit a selected user account. You can edit user detailed information, change password or Inheritable user settings. You can also modify the user assigned roles. More detailed description of Edit User tool can be found in further part of this documentation.
    • Change password of the selected user account. Please enter a new password and click OK button to confirm it.

      Rename a user name of the selected account. Please enter a new user name and click OK button to confirm it.

  4. User roles list and User groups list

    By selecting any user on User list, you can see a list of roles that he/she has and groups that he/she belongs to. 

    • User Roles

      This button allows to add or remove a role to selected user with just 2 mouse clicks.

      You can create new roles or edit the existing one by using Roles tool. For more information please visit: Roles

    • User Groups

      The User Groups field allows to add or remove selected user from a group with just 2 mouse clicks.


Groups

The second main tab allows to add/delete/modify user groups. Users are allocated to groups which allow group permissions, views, etc. to be created. E.g.: departmental groups can view different maps. The Group tab contains 3 sections:

  1. Groups list
    The first section shows the full list of all groups. By selecting any group you can see a full list (in section 3) of users that belong to this group.
  2. Option list
    The second section contains a set of options which allows you to add/delete/edit a group. This section contains 3 options:
    • Add 
      This option allows you to add a new group.
    • Delete
      Deletes a selected group.
    • Edit
      This button allows you to edit a selected group. You can edit a group description, assign roles, add/remove users, change group Inheritable settings or set inheritance order. More detailed description of Edit Group tool can be found in further part of this documentation.

  3. Roles assigned to this group list and Users assigned to this group list

    By selecting any group on Group list, you can see a list of roles that selected group has and users which belongs to the group. 

    • Roles assigned to this group

      The Roles assigned to this group field allows to add or remove role from a group with just 2 mouse clicks.

      You can create new roles or edit the existing one by using Roles tool. For more information please visit: Roles

    • Users assigned to this group

      This button allows to add or remove an user from selected group with just 2 mouse clicks.

Adding/editing user accounts

Clicking any of these 2 options (Add/Edit) will open a dialog window. Both of them are very similar. The only difference is that in case of Edit User dialog window a Login: field is filled and greyed out for security reasons (it blocks inadvertently change of the username). You can change the username by selecting a user and clicking a Rename option in the More drop down list in the bottom-right corner of the Users tab. It is also possible to associate Earthlight users with existing Active Directory infrastructure. You can read more about it in further part of this documentation in Active Directory Integration section.

Explanation of the user Add/Edit dialog window

The User Add/Edit dialog window contains 4 sections:

  1. User details
    First section allows you to enter/edit the following information details of the user:
    • Login (required)
      This is a username login. He/she will require it while trying to access Earthlight system.
    • Full name (required)
      This is an additional information about the user. It is displayed in the user list.
    • Telephone (optional)
      This field allows you to enter a contact number to a person who owns the account.
    • E-mail (optional)
      This field allows you to enter an E-mail address to a person who owns the account.

  2. Change password
    This option allows you to change a user password. Please enter a new password and click OK button to confirm it.


    Aurora user should have no password (empty password).

  3. Change inheritable settings

    Inheritable settings allows you to change some (or even all) settings for selected user or group. Inheritable User Settings window look similar to a Global User Settings. To better understand the usability of Inheritable User Settings please look at the settings inheritance hierarchy below:

    Global user settings

    V

    Group settings

    V

    User settings

    When a user is logging into system – Earthlight settings loading system takes all settings from the Global User Settings. Next it is checking all Inheritable Group settings and overwrites the settings that are set for a group to which a logged person belong. As a final step it is checking all Inheritable User Settings and again it overwrites the settings that are set for individual user. In other words all settings that aren’t set for User or Group will be taken from the Global User Settings.

Active Directory Integration

It is possible to associate Earthlight users with existing Active Directory infrastructure. The operation requires StatMap personnel to change server settings which points Earthlight to your Active Directory service. You will be able to confirm that your current installation is connected to any Active Directory services by going to Administration\Users\Add button. If the button behaves like a menu and shows the list of Active Directory servers, it means that the system is ready to authenticate users against your their corporate accounts.

Importing Active Directory users

In order to use automatic Active Directory authentication mechanism, Earthlight user logins must match Active Directory names. You can do this manually but this process is very time consuming and error-prone. Therefore it is highly recommended to import them from your Active Directory service by following these steps:

  1. Go to Administration\Users And Groups
  2. Click Add menu button
  3. Select desired Active Directory services
  4. From Add Users From Active Directory dialog select desired user group
  5. Select one or more users from the dialog (it does support multi selection). You can also use the search field on the top right corner, to find a desired user.
  6. You can now assigned newly-imported users to Earthlight user groups, grant them access to Earthlight functionality via Roles command and control access to business layers via Shares command.
  7. Secure your newly imported users: See Securing Active Directory users

Securing Active Directory users

Once the users are imported they will be able to login to Earthlight without providing any passwords as long as they successfully login to their corporate PCs. However during import procedures all their Earthlight (not Active Directory!) passwords are reset, hence you need set them to strong passwords to avoid potential security breaches. In order to do this:

  1. Generate a strong password (you may use http://strongpasswordgenerator.com/ to do this)
  2. Go to Administration\Users and Groups
  3. Select all newly imported users
  4. Click More… button and select Change password…
  5. Enter new password

From now on users will be able to login to Earthlight:

  1. without entering the password as long as they are authenticated via Active Directory services
  2. using Earthlight-only strong password which you set using Change password… command. This option is useful when:
    • you as a system administrator would like to confirm the behaviour of Earthlight under different account (i.e. your machine Active Directory user name will be different than Earthlight login)
    • you are using Earthlight from outside of your organization, hence the user is using a PC which is outside Active Directory authority and cannot use Active Directory authentication

Manually logging to Active Directory accounts

Once you imported and secured Active Directory user accounts you will be able to login to Earthlight without providing passwords or user names. In order to do this just leave User and Password boxes empty and click Login button:

Enabling Active Directory auto-login

Once you are confident with Active Directory authentication and you imported and secured some users you can contact StatMap support in order to enable auto-login functionality. This feature is enabled on Earthlight server and your users will not have to press Login button any more as stated in previous point. From now on Earthlight users will be automatically authenticated at application launch.

Adding/editing groups

Clicking any of these 2 options (Add/Edit) will open a dialog window. Both of them are very similar. The only difference is that in case of Edit group dialog window a Name: field is filled and greyed out for security reasons (it blocks inadvertently change of the group name).

Explanation of the group Add/Edit dialog window

The Group Add/Edit dialog window contains 5 sections:

  1. Name/Description
    The first section allows you to set a name for the group. You can also enter a description of the created group. The description is optional.

  2. Roles
    The various roles allow different functions/permissions to be applied to the individual users or groups. E.g. Viewer only allows read access, print etc. and no editing capabilities. The field allows to add or remove role from a group with just 2 mouse clicks.

    To assign a role to selected user/group please select the role from the list. The role will be marked with orange colour. You can also remove assigned role by deselecting it or clicking small 'x' symbol.

    You can create new roles or edit the existing one by using Roles tool. For more information please visit: Roles

  3. Group users

    This section allows you to add or remove a user from the group. To add a user to the group please tick its checkbox. You can also remove a user from the group. To do so, please unselect the checkbox near its name.
    You can also use search field on the top, to filter users and to find a one.
  4. Settings inheritance order

    In this section, you can control an inheritance order for the group settings. Settings are applied in ascending order i.e. first all settings with order = 1, then with order = 2, etc. If two or more groups have the same order number and are assigned to the same user, then they are applied in an alphabetical order. User settings are always applied at the end, effectively overriding any group settings.

    Groups have own inheritance order hierarchy from 1 to 9, where 1 – less important and 9 – most important order number. For example: user 'StatMap' has three groups with different inheritance order: 1, 2 and 9 respectively. Settings are applied in ascending order, in other words, settings from group with inheritance order = 1 is overridden by settings from group with inheritance order = 2 and then it is overridden by a group with inheritance order = 9. In this case, group with inheritance order = 9 overrides all previous group settings.

  5. Group inheritable settings

    Inheritable settings allows you to change some (or even all) settings for selected user or group. Inheritable User Settings window look similar to a Global User Settings. To better understand the usability of Inheritable User Settings please look at the settings inheritance hierarchy below:


Global user settings

V

Group settings

V

User settings


When a user is logging into system – Earthlight settings loading system takes all settings from the Global User Settings. Next it is checking all Inheritable Group settings and overwrites the settings that are set for a group to which a logged person belong. As a final step it is checking all Inheritable User Settings and again it overwrites the settings that are set for individual user. In other words all settings that aren’t set for User or Group will be taken from the Global User Settings.