Articles in this section

See more

Manage users

  • Updated
Follow

If you are an Admin, you can create and manage users by opening the Users window.

users_and_roles.png

Create and manage users

  • To add a new user, click +, enter information on all required fields, and click Save. You must use a real email address to complete the registration.

    When a new user's account is added by the system administrator, the invite is sent to the email configured for the account. The invite contains the temporary link that a new user must follow to complete the setup of the account.

  • To resend the invitation, click Send new invite.

  • mceclip0.png

  • To edit existing users, click Edit.
  • To deactivate a user, click Deactivate.

The user's profile

user-profile.png

Roles and permissions

When creating a user, the following roles are available:

Role Description Scope
SuperAdmin Has unrestricted system access Main account, all tenants
Administrator Has full control over data, can manage users and create, edit, delete, execute Flows, Connections, and Formats. Can also view global stats and audit-trail Specific tenant only
Editor Same as Administrator, but is not allowed to manage users, view global stats and audit-trail Specific tenant only
Operator Can view and run Flows/Schedules, view execution statistics, view connections, view data and files in Explorer. Specific tenant only
Viewer Can only view Flows, Schedules, and execution statistics Specific tenant only
API User

A role for making authenticated calls to user-defined API endpoints (Listeners) that sees nothing in the system except their own API messages

 Specific tenant only

Only the users assigned to a specific tenant can have a role other than SuperAdmin. 

API users

This role can be assigned to the users who will execute user-defined APIs

Users with API role cannot execute built-in APIs.

Users with Administrator,  Editor, and Operator roles can also execute the user-defined APIs. The advantage of using API user role is that it doesn't have access to any system resources, except their own API messages. It also allows to authenticate using a static API key. 

 mceclip0.png

API key

It is possible to generate the API key, which is a non-expiring JWT token that can be used to authenticate the user when making a call to the user-defined and built-in API.

The most common use case for an API key is when Etlworks is configured to use SSO, and you want to avoid a situation when the password is changing frequently because there is a password changing policy enforced by the SSO identity provider. The API key will remain valid until it is revoked, even if the password has been changed.

The other common use case it to use API key to call Etlworks API endpoint from a webhook.

The API key can be generated and assigned to the user with any role, including Super Admin. The system administrator can disable API keys for roles other than API user. 

mceclip1.png

Create API key

To generate or regenerate the API key, click the generate API key button.

mceclip0.png

Revoke API key

To revoke the API key, click the revoke API key button.

mceclip1.png

Copy API key to the system clipboard

To copy the API key to the system clipboard, click the copy API key to the clipboard button.

mceclip2.png

Show/Hide API key

To toggle between show/hide API, key click the show/hide API key button.

mceclip3.png

SSO user management

  • Starter
  • Business
  • Enterprise
  • On-Premise
  • Add-on

This function is only available to customers with dedicated instances.

When SSO integration is configured in your account, users logged in through SSO are matched against internal system users based on email address. If a user with such email already exists in the system, it is simply getting logged in as usual, if not then new user will be created under SSO Landing tenant withViewer role. Super Admin users can then move that user from SSO Landing tenant to the desired tenant and assign an appropriate role.

Related articles

Comments

0 comments

Please sign in to leave a comment.