Manage User Accounts and Grant Security Permissions
- 5 minutes to read
This topic describes how to create and maintain individual user accounts and user groups on the DevExpress Report and Dashboard Server, and provides information on its user authorization mechanism.
This topic includes the following sections.
Manage User Groups
The following user groups are created by default. You are free to customize or delete these groups (with the exception of the System Administrators group), as well as create custom groups.
The following table describes these groups in greater detail.
User Group Name | Description |
|---|---|
System Administrators | Have all possible permissions, including the permission to manage user accounts. This is the only group that you cannot delete or rename. |
Data Administrators | Have permission to manage the Data Models available to the Document Creators, as well as all other permissions attached to the other two groups (Document Creators and Document Viewers). |
Document Creators | Can create, manage, view, and distribute documents (reports and dashboards). |
Document Viewers | Have permission to view any document in any category. This permission is assigned to the Guest account that is created in the Report and Dashboard Server by default. |
Manage User Accounts
Only users that belong to the System Administrators group are allowed to create new user accounts on the Report and Dashboard Server.
The total number of available user accounts depends on the type of the Report and Dashboard Server subscription. For more information on this, see License and Distribution.
To manage user accounts on the Server, switch to the User Accounts screen.
To be able to register new users, make sure that you properly specified the SMTP server that will send out notifications when an account is being created. To learn more, see Manage Server Settings.
To add a new user, click Add Account.
Specify the user’s display name and real name, as well as the email address that will be used to send notifications from the Report and Dashboard Server.
Next, associate the user with an appropriate User Group and specify the authentication type of the created account.
The Report and Dashboard Server supports the following two types of user accounts and their corresponding authentication modes.
Icon | User Account Type | Authentication Type | Description |
|---|---|---|---|
| Server | Server | Server accounts use the Server authentication. To activate a user, the specified email address needs to be verified. After adding this account, the Server sends an email to the specified address with a custom link requesting that they create a new password. During the time between when the request is sent and when the new user creates a password, the user is assigned a Pending status. |
| Domain | Windows | Users with the Domain accounts use the Windows Authentication that is provided by your Windows environment. To become active, the domain account should only be registered on the Report and Dashboard Server. |
The following image illustrates the Report and Dashboard Server login screen.
See the following sections in this documentation to learn how to enable self sign-up for new Report and Dashboard Server users, as well as support WS-Federation and OpenID Connect authentication:
To modify an existing user account, switch to the User Accounts category and click the Update button (the “pencil” icon) on its tile.
For example, to suspend a user accounts without deleting its user credentials, disable the Active option and click Update Account.
Assign Security Permissions
The user authorization model provided by the Report and Dashboard Server allows you to selectively attach security permissions to individual users, or to entire user groups.
A security permission is determined by the following properties:
- Access Mode (“Read”, “Read, Modify”, “Read, Modify, Delete”, “Create”)
- Entity Class (“All Documents”, “Documents in Category”, “Specific Document”, “All Data Models”, “Specific Data Model”, “All Scheduled Jobs”, “Specific Scheduled Job”)
- Scope
A newly created user has no permissions until they are assigned explicitly. A user’s effective permissions are those assigned to him/her individually, as well as those assigned to the group to which the user belongs.
User Permissions
By default, all access is denied for a user until the system administrator explicitly grants appropriate permissions either for the user, or for the group to which he or she belongs.
To edit the permissions attached to a user, click the Permissions button (the “gear” icon) in the user account’s tile.
In the invoked page, you can view the list of permissions assigned to a user account. On this page, you can delete existing permissions and add new ones.
To attach a new permission, click Add Permission.
Specify the Access Mode and the Entity Class of the new permission.
Depending on the selected Entity Class, it may also be necessary to specify its Scope.
Click Submit to view the created permission in the list of user permissions.
Individual permissions have a priority over group permissions.
Group Permissions
To access the user list of a specific group, click the View button (the “eye” icon) in the group’s tile.
On the opened screen, you can assess and modify the group permissions, by clicking the Permissions button.
To attach a new permission, click the Add Permission button.
Specify the Access Mode and the Entity Class of the new permission. Depending on the selected Entity Class, it may also be necessary to specify its Scope.
Click Submit to view the created permission in the list of user permissions.
The Report and Dashboard Server provides a particular set of functions that enable you to access information about a current user. Using these functions, you can make a data model return specific subsets of data to different users. This restricts access to sensitive information in your database, and users cannot access and modify these functions unless they have the required permissions. To learn more, see the User-Specific Functions section of this documentation.