...
Documents the process for creating users, managing user application roles, and managing user project roles.
| Anchor | ||||
|---|---|---|---|---|
|
The default security service implementation (SecurityServiceJpa) uses the IHTSDO user management system. Upon authentication, a REST call is made to the configured management service to validate the user and get some basic information. If authentication is successful, the map user information tracked by the application is updated to the latest state (including the user's name and email address). If there isn't a map user with that username yet in the system, one is added with a default VIEWER application role.
...
The default security service also has special handling for the user "guest" which is authenticated by any password. The default installation of the system runs the "import.sql" file which creates the "guest" user in the map_users table. That means this user always exists and doesn't require authentication. The sequence of events is exactly the same for guest login as for when security is inactivated (NOTE: this is true for guest user even if security is activated).
| Anchor | ||||
|---|---|---|---|---|
|
An admin user must exist in order to perform top-level application administration activities (such as changing the application role of a user to ADMINISTRATOR). In a new system without an existing user with role ADMINISTRATOR, there is a mojo for creating an initial admin user. See "CreateMapAdministratorMojo" in the Maintenance Tools page.
...
It is strongly recommended that you create an ADMMINISTRATOR user for administration and have separate users for lead and specialist roles on projects. Project roles override application roles when deciding which dashboard to show for a user. Thus, an ADMMINISTRATOR user who is a lead on a certain project will see the lead dashboard instead of the admin dashboard when the focus project is set to that project.
| Anchor | ||||
|---|---|---|---|---|
|
If no admin user exists, an admin user can be created using a mojo. To create the admin user, execute the following commands:
| Code Block |
|---|
cd code/admin/loader
mvn clean install -PCreateMapAdmin -Drun.config=YOUR_CONFIG_VARIABLE -Dmap.user=DESIRED_USER_NAME |
Executing this command will:
- Create a new map user will be created with the following default values. To edit these, edit the map user from the Application Administration widget.
- System user name: DESIRED_USER_NAME
- User's full name: DESIRED_USER_NAME
- Email: Not set
- Application Role: ADMINISTRATOR
- If no map projects currently exist, create a new map project named Blank Project with blank or default values.
After execution, log in as the specified user to edit existing projects or the newly created Blank Project, create additional projects, or perform other administrative tasks.
| Anchor | ||||
|---|---|---|---|---|
|
Project roles for existing map users can be set by lead or admin users via the "Project Details" page for a specified project.
...