If you are an Admin, you can create and manage users by opening the Users
window.
Create and manage users
- To add a new user, click
+
, enter information on all required fields, and clickSave
. You must use a real email address to complete the registration.When a new user's account is added by the system administrator, the invite is sent to the email configured for the account. The invite contains the temporary link that a new user must follow to complete the setup of the account.
- To resend the invitation, click
Send new invite
. - To edit existing users, click
Edit
. - To deactivate a user, click
Deactivate
.
The user's profile
Roles and permissions
When creating a user, the following roles are available:
Role | Description | Scope |
SuperAdmin | Has unrestricted system access | Main account, all tenants |
Administrator | Has full control over data, can manage users and create, edit, delete, execute Flows, Connections, and Formats. Can also view global stats and audit-trail | Specific tenant only |
Editor | Same as Administrator, but is not allowed to manage users, view global stats and audit-trail | Specific tenant only |
Operator | Can view and run Flows/Schedules, view execution statistics, view connections, view data and files in Explorer. | Specific tenant only |
Viewer | Can only view Flows, Schedules, and execution statistics | Specific tenant only |
API User |
A role for making authenticated calls to user-defined API endpoints (Listeners) that sees nothing in the system except their own API messages |
Specific tenant only |
Only the users assigned to a specific tenant can have a role other than SuperAdmin.
API users
This role can be assigned to the users who will execute user-defined APIs.
Users with API role cannot execute built-in APIs.
Users with Administrator, Editor, and Operator roles can also execute the user-defined APIs. The advantage of using API user role is that it doesn't have access to any system resources, except their own API messages. It also allows to authenticate using a static API key.
API key
It is possible to generate the API key, which is a non-expiring JWT token that can be used to authenticate the user when making a call to the user-defined and built-in API.
The most common use case for an API key is when Etlworks is configured to use SSO, and you want to avoid a situation when the password is changing frequently because there is a password changing policy enforced by the SSO identity provider. The API key will remain valid until it is revoked, even if the password has been changed.
The other common use case it to use API key to call Etlworks API endpoint from a webhook.
The API key can be generated and assigned to the user with any role, including Super Admin. The system administrator can disable API keys for roles other than API user.
Create API key
To generate or regenerate the API key, click the generate API key
button.
Revoke API key
To revoke the API key, click the revoke API key
button.
Copy API key to the system clipboard
To copy the API key to the system clipboard, click the copy API key to the clipboard
button.
Show/Hide API key
To toggle between show/hide API, key click the show/hide API key
button.
SSO user management
- Starter
- Business
- Enterprise
- On-Premise
- Add-on
This function is only available to customers with dedicated instances.
When SSO integration is configured in your account, users logged in through SSO are matched against internal system users based on email address. If a user with such email already exists in the system, it is simply getting logged in as usual, if not then new user will be created under SSO Landing
tenant withViewer
role. Super Admin
users can then move that user from SSO Landing
tenant to the desired tenant and assign an appropriate role.
Comments
0 comments
Please sign in to leave a comment.