Understand the different security roles available and how to manage the users and roles that are granted access to Datumize projects.

Objectives

In this section you will learn:

  • How to add and manage users and assign roles.
  • Understand the types of possible roles.
  • Create an API token for the API user class.

Overview

User and Role management is limited to administrators. All users can edit limited account settings. It is a good idea that all new users read the documentation beginning with our Getting Started Guide .

Zentral supports several types of user roles to better support security, usability and specialization. Administrators have the most flexible controls and are the primary owner of permissions and user management. 

When your customer account is provisioned by the Global Administrator or Datumize, at least one Customer Administrator will be provisioned; this Customer Administration will be responsible to delegate some administration activities to other Project Administrators, and take care about overall security of any user invited into the system. The Customer Administrator will likely be the person responsible for the installation of Zentral.

Inviting a User

Initially your account will only have one Administrator, the one created and assigned by Datumize subject to our terms and conditions of use. However, once you have successfully logged in you may begin building your team. The first step will be to invite users and to assign these new users should you need them based on the roles required by your use case and company structure. 

Navigate to the Users drop down, or to the Invite someone button to initiate a new user invitation. Alternatively navigate to the Users drop down to manage the Users already invited to the platform.

Security Roles

The following table explains the different security roles available. Please note that not all roles for Global and Customer level are to be assigned by Datumize, except if you're running your own Datumize Zentral installation. 

LevelRoleDescription
GLOBALAdministratorSuper administrator, can do anything.
CUSTOMERAdministratorAllows anything within the Company account and has the highest level of permissions.

DeveloperAllows the user to use the functionality under Resources, for all projects.

Deployer

Allows the user to use the functionality under Deployments, for all projects.

PROJECTAdministratorAllows the user to use to do anything, for one project.

DeveloperAllows the user to use the functionality under Resources, for one project.

DeployerAllows the user to use the functionality under Deployments, for one project.

In the Team panel you will be able to see the status of the users if they are active, revoked or if they have been invited but have not accepted the invitation. You can select the actions pane to update a user's role or revoke them entirely at any point.

Create an API User and generate and API key

To work with our API you will need to have a valid API user/ token combination.

In the previously mentioned step, instead of inviting a user, under Mange Team, navigate to More Actions and select, Generate API Token.



This will then pull up the Key generator panel. Here you will select the required validity length, and role. You will need to provide a unique API identifier name. This will be for the user management page, so it is encouraged to name this something memorable.  Select the validity length, should you want the token to expire based on project or contract needs, and then press generate.



Selecting Generate will then provide the API Key and password. From here you can view, or copy the key details to your clipboard. This is the only time this will be shown. Once the dialog is closed, the Key must be revoked and a new key generated if you forget the password.



As with all users this access can be revoked and a new key generated from the previous steps.