TRUECHART Knowledge Base Live Search

Search

Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

From v2021.2.0 onwards, users will find that the User Permissions screens have been updated with new functionality as well as an enhanced user interface. This was done in order to have a centralised space where they can manage their user's permissions.

Users can now manager their trueChart users, KPI Chat Data Permissions, Active Directory Integration as well as applying Bulk User changes in one centralised space. 


Table of Contents

User Management

  • Log into trueChart Management Console click on “User Administration” 
    and you will a view of trueChart's new user management screen.
    • trueChart has 3 user types:
      • Active Directory User. This user does not belong to an Active Directory Group
      • Active Directory User. This user belongs to an Active Directory Group
      • Local user. This user does not exist within the Active Directory and was manually created
         

...

  • Active Directory users not belonging to a group and Local users can be edited in line. Allowing for quick permission management
  • To add a new User:
    • Click on New User.
    • In the New User dialog, enter First nameLast nameUsernameLanguage, and capture the required permissions
    • Should you have a valid KPI Chat Licence and have KPI Chat Administrator privileges you will see the option to link this user to a Data Permission Role as well
    • Click on Save to create the new user.


Adding Named Users from Active Directory

  • Click on “Search in directory” and search for the user/group.
  • If more than 1 Active Directory is enabled, you may select a specific AD to search on
  • Enter the username of the user as it would appear in the Active Directory and select 
  • Select your user and enable the required permissions
  • Then click Save

...

NOTE: If this user is already part of a group, the group they belong to must be used in order to allocate the permissions

Changing existing users

  • Should a user require changes other than permissions, these can be updated by selecting edit on the corresponding line
  • Click on Save to apply the changes.

Disable Users

  • Should you need to disable specific users, you can by selecting edit Image Addednext to the corresponding user.
  • In this users profile you can check/uncheck the checkbox next to "Disable User".

Image Added

Changing existing user’s permissions on the user management screen

  • Search or scroll to the user.
  • Check or uncheck on a permission you would like to remove or add.

  • And click on Save.

NOTE: Only Local Users and Non Group AD Users can be edited on this screen. Should you require to change a Group's permissions, please edit the Group permissions under the Group Tab

Group Permissions

Active Directory groups and their permissions can be managed on the Groups Tab. 

...

To add a new AD group, search for the group name on the "Search in Directory" screeenscreen

Bulk-import users

Manual import

Users can also import local user permissions in bulk 

Image Removed

At the bottom of the screen, you see the status of the current or last import procedure.

There are 2 ways for importing users through CSV import:

Note
Users that have access to the TRUECHART Management Console will be skipped during the bulk import.

...

Local User Groups

  • To create a local user group, click on "Add Local Group"
  • Name your group next to "Local Group Name".
  • Add your groups permission and click on Save.

Image Added

  • To apply permission using "Local User Groups", select edit Image Addednext to the corresponding user.
  • In the users' profile next to "User Group" select a "User group" from the list and click on Save.

Image Added

Bulk-import users

Manual import

Users can also import local user permissions in bulk 


Image Added


At the bottom of the screen, you see the status of the current or last import procedure.

There are 2 ways for importing users through CSV import:

Note
Users that have access to the TRUECHART Management Console will be skipped during the bulk import.

First, choose a file. The format of the file should match the following example.

Code Block
username,firstname,lastname,language,email,consumer,designer,nm,kpichat_admin,kpichat_consumer
domain\ahf,Achim,Höffner,en_US,achim@domain.com,,1,1,,
domain\cml,Christian,Müller,de_DE,christian@domain.com,1,,,,


The content of the file will be displayed for manual validation of the user. Now you could start the import

  • uploading Uploading the file

  • starting Starting a background job that runs the import

  • Where imports fail, users will be able to download the log file to view errors on the failed import

Automated import

You could activate and deactivate automatic CSV import at any time you want. You only need to place a file at the server, input its file path, and enter a Cron expression.

...

Further examples and the full syntax specification could be found at www.quartz-scheduler.org.

...

Data Permission Administration

Data Permission Roles in TCMC

Following the update in v2021.2.0, Data Permission Roles can now also be managed from within TCMC

...

Dimension 1+/Value 1+ - The first 2 Dimensions of the Role and their values

Data Security Roles Add/Edit

Roles can be edited or deleted . When editing a role, users will be presented with the below screen

...

Users Table - Select the users that will be linked to this Role

Data Permission Roles in KPI CHAT

Data Permission roles can be added from within the KPI Chat interface 

...

Dimension 1+/Value 1+ - The columns here are dynamically created by the Dimensions the user has selected for the roles

Data Security Rules Add/Edit

Added rules can be edited or deleted - Select a rule and Edit/Delete button will be enabled . 

...

In order for Bob to utilize KPI-CHAT for his clients he must select both the UK  AND any 1(or more) client before KPI-CHAT will allow him access



Channel Users

Following the update for v2021.2.0 , Channel users can be managed from TCMC: 

...

  • Select a Channel
  • Select the administrator users for the channel 
    • NOTE: Only users with KPI CHAT Administrator rights will be shown here
  • Select the consumers or the channel either by specific users or by AD group
    • NOTE: Only users with KPI CHAT Consumer rights will be shown here
  • Then select Save


Channel Filters 

Users can manage Channel filters and their Data Permission Roles from within TCMC :

...

  • Select a Channel
    • If the channel is new, users may Refresh to update the list of channels
  • Select or Add a Filter Or Edit an existing Filter
    • Show in Chat Header will allow this Filter name to be shown in the Chat header of a KPI Chat window
  • Selecting a Filter will allow users to enable the required Roles for a Filter
    • View will allow the users linked to this Role to only view content in this Filter
    • Edit will allow users to participate in the Filter's chat

Bulk Data Permissions

  1. Open the TRUECHART Management Console and Click on User Administration
  2. Click on the Data Permission tab from the left side panel
  3. Click on Bulk Data Permissions.
  4. Click on File Import 

File Import



Import file (csv format) link can be given on FilePath . When the Activate check box is enabled. The file on the given path will be imported as per the Cron expression given .

...

Additional Information how to create a Cron expressions can be found here 

Active Directory Import


Available active directory connection that  are added using the Active Directories panel from TCMC will be listed in available connections .

...

SecurityRuleAttributes.ldif

...

Active Directory

...

NOTE: For users running trueChart prior to v2021.2.0 , this screen will be found under "Settings". Further functionality remains the same

Connect to an LDAP server

Follow these steps to connect the TRUECHART service to your directory via LDAP:

  1. Open the TRUECHART Management Console and go to the User page
  2. Select the Active Directory menu entry on the left
  3. Click on Add Directory in the upper right.
  4. In the New LDAP Connector dialog enter the following information:
    1. Name and Domain name of the LDAP server
    2. Host and Port the LDAP service is listening on
    3. Username and Password to authenticate to the LDAP service
    4. Sync interval and Search timeout
  5. Check to connection by clicking on button Test Connection
  6. Click on "Test connection", then Save changes by clicking on button Save

Connect to an LDAPS server

For using a secure connection to the LDAP server you need to follow the steps for connection to a LDAP server, except some adjustments:

...

In the LDAP(S) auth the checkbox for SSL must be checked and DC must have certificate also .

Edit the config

To edit the config of an already created LDAP directory connection follow these steps:

  1. Open the TRUECHART Management Console and go to the Settings page
  2. Select the User Directories menu entry on the left
  3. Select the directory configuration to edit in the center


Advanced settings

Server settings

Here the general access parameters must be specified.

Property

Description

NameThe name of the current directory setting
DomainThe domain name to be sync with
Host

The hostname or IP address to access

This should be your Domain Controller

Port

Enter 389

This is the default port. Enter this value unless you have some custom configuration for LDAP.

UsernameUsername to be used for access
PasswordThe password for given username to be used for access
Sync interval (in minutes)Sync interval is the time period (in minutes) the TRUECHART Service syncs the users and groups between the directory and itself. The default value is 60 minutes.
Search timeout (in seconds)Specify the timeout for search operation within the directory The default value is 60 seconds.
LDAP schema

Here the access names to the base directory and special user or user groups are specified.

Property

Description

Base DN

Base DN is the distinguished name of the directory.

Example: dc=TRUECHART,dc=de,dc=com

User DN (optional)

Optional value to give for user domain names.

The given OU "OU=TRUECHARTUsers" is the actual OU in the Active Directory that you chose to put your users in. Please note that this OU does not have to called "TRUECHARTUsers". It can be called anything you want or any OU that has the users you want to be in your TRUECHART Server instance. Please confirm the group is an OU and not a CN. If CN, you can use the designator CN=Users for example.

Group DN (optional)

Optional value to give for group domain names.

The given OU "OU=TRUECHARTUserGroups" is the actual OU in the Active Directory that you chose to put your users from groups in. Please note that this OU does not have to called "TRUECHARTUsersGroups". It can be called anything you want or any OU that has the users you want to be in your TRUECHART Server instance. Please confirm the group is an OU and not a CN. If CN, you can use the designator CN=Users for example.

User schema

In the following section, the TRUECHART Service attributes must be mapped from directory values to TRUECHART Service values for the users to be imported.

Property

Description

Property

Description

User objectExample: user
User object filterExample: (&(objectCategory=Person)(sAMAccountName=*))
Attribute: UsernameExample: sAMAccountName
Attribute: Username RDNExample: cn
Attribute: First nameExample: givenName
Attribute: Last nameExample: sn
Attribute: Display nameExample: displayname
Attribute: Principle nameExample: userPrincipleName
Attribute: EmailExample: mail
Attribute: Unique user IDExample: objectGUID
Attribute: User groupsExample: memberOf
Group schema

In the following section, the TRUECHART Service attributes must be mapped from directory values to TRUECHART Service values for the user groups to be imported.

Checked/Uncheck to do so, also import users within sub or nested groups

Property

Description

Group objectExample: group
Group object filterExample: (&(objectCategory=Group)(name=*))
Attribute: Unique group IDExample: objectGUID
Attribute: Group nameExample: cn
Attribute: Group descriptionExample: description
Attribute: Group membersExample: member
Fetch group members recursively
Attribute: Group nameExample: cn
Attribute: Group descriptionExample: description
Attribute: Group membersExample: member
Fetch group members recursivelyChecked/Uncheck to do so, also import users within sub or nested groups

Database Password Encrypter

  • To encrypt your database password in TCMC, you would need to click on settingsImage Added.
  • Select "Security" in the bottom left corner.
  • Under "Password Encrypter" insert your current database password next to "Password to be encrypted".
  • Your encrypted password will be displayed next to "Encrypted Database User Password".
  • This encrypted password can now be captured in your trueChart xml config file.

Image Added

Bulk User Administration:

Bulk users can can be imported/exported from within TCMC:

...

There are 2 ways for importing users through CSV import:

Manual import:

  • First, create a file. The format of the file should match the following example.

...

  • Click on Choose File.

  • Starting a background is a job that runs the import.

  • If the import was successful, you will see the  following status: Import finished. 

Automatic import:

You could activate and deactivate automatic CSV import at any time you want. You only need to place a file at the server, input its file path, and enter a Cron expression.

...