User administration

Introduction

In Ametys users can be managed by different data sources (LDAP, MySQL... ). Some of these sources can be modified, while others are read-only (from the point of view of CMS).
Only the "Search" and "Take control" actions will be available for users managed by a read-only data source.

Search for users

In the Users, groups and rights tab, click on the Users button:

The Users tool opens. This screen displays the list of users in the central area, and provides a banner with a search box featuring several filters:

You can filter users by population:

Once you have selected a population, you can also filter users according to the user directory they come from:

Finally, you can search for users by name or user ID:

Add a user

To add a user, click on the New user button in the Users tab:

You must first select the population and user directory to which the new user will be assigned:

Next, enter the user's information. The identifier must be unique, between 3 and 64 characters long, and contain only letters, numbers or '_'. :

Modify a user

To modify a user, select it from the list and click on the Modify button:

You can modify the user's information:

The identifier cannot be modified.

To change the password, click on the  :

To reset it, click on the .

For security reasons, don't forget to change your password the first time you deploy the application. Then don't hesitate to change it at regular intervals.

The password is stored encrypted on the internal database, but is sent unencrypted across the network (unless your servlet engine is running in https). Generally speaking, this space is only used on an internal network where communications do not need to be encrypted.

Delete a user

To delete a user, select it from the list and click on the Delete button:

A confirmation pop-up window is displayed to confirm your choice.

Import users

Users can be imported or updated via a csv or txt file. To do this, click on the Import button:

Next, fill in the information required for import:

  • select the population and user directory to associate the new user with,
  • select the import file,
  • indicate whether you wish to delete users present in the directory but not in the file,
  • indicate whether passwords are hashed in the file.

All passwords must be hashed using SHA512 + a salt string. A 'salt' column must be present for each user. For greater security, a different random salt string per line is preferable.
The salt string must contain between 1 and 48 characters, and the hash is based on a concatenation of the salt and the password, without separation.

 

Taking control

 To connect to the application with the selected user, click on the Take control button:

 A pop-up window will open to inform you that you have taken control of the application with a specific user. You will then access the CMS as if you were the specified user, without having to enter a password (this feature is currently not available with the C.A.S. authentication system).

Back to top

Administration manual