Actions

Manage users: Difference between revisions

From LimeSurvey Manual

No edit summary
(Marked this version for translation)
(80 intermediate revisions by 6 users not shown)
Line 7: Line 7:


<!--T:76-->
<!--T:76-->
The user management tool allows you do add additional administration users to LimeSurvey. We will call them in this chapter just''' 'users' '''. Do not confuse them with [[Survey participants|survey participants]] (respondents).
The user management tool allows you to add additional administration users to LimeSurvey. We will just call them 'users' in this chapter. Do not confuse them with [[Survey participants|survey participants]] (respondents).
 


==Create users== <!--T:3-->
==Create users== <!--T:3-->


<!--T:4-->
<!--T:4-->
To create a new user, open the user management by clicking on '''Configuration'''(located on the main LimeSurvey toolbar) -> '''Manage survey administrators''' as shown below.
To create a new user, open the user management dialog by clicking on '''Configuration''' (located on the main LimeSurvey toolbar) -> '''Manage survey administrators''' as shown below.
 


<!--T:61-->
<!--T:61-->
[[File:LimeSurveyBenuzerVerwaltung.jpg]]
<center>[[File:LimeSurveyBenuzerVerwaltung.jpg]]</center>
 


Then, click on '''Add user''' button located on the top upper right of ''User control'' table. A new window will pop up, asking you to:
<!--T:77-->
Then, click on '''Add user''' located in the upper right area of '''User control''' table. A window will show up asking you to:


<!--T:5-->
<!--T:5-->
* Enter the desired username into the text field '''Username'''.
* Enter the desired username into the '''Username''' text field.
* Enter the email address into the text field '''Email'''. Please note that:
* Enter the email address into the '''Email''' text field. Please note that:
** If you don't want the user to receive the confirmation email with a link to the LimeSurvey installation, username, and password you can use your own email address to send the confirmation email to you. After that you can change the email address to the address of the user;
** LimeSurvey sends out a confirmation email to the address entered into the '''Email''' field. This email address will be used as the standard contact email address for surveys created by the respective user.
** LimeSurvey sends out a confirmation email to the address entered into the '''Email''' field. This email address will be used as the standard contact email address for surveys created by the respective user.
* Enter the users full name into the textfield '''Full name'''. Please note that the full name entered here will be used as the standard contact person name for surveys created by this user.
** If you don't want the user to receive the confirmation email with a link to the LimeSurvey application, username, and password, you can use your own email address to send the confirmation email to you. After that, you can change the email address to the address of the user.
* Enter user's full name into the '''Full name''' text field. Please note that the full name entered here will be used as the standard contact person name for surveys created by the respective user.
* Click '''Save''' to create the new user.
* Click '''Save''' to create the new user.


[[File:LimeSurveyAddUser.jpg]]
 
<!--T:78-->
<center>[[File:LimeSurveyAddUser.jpg]]</center>
 


<!--T:6-->
<!--T:6-->
You have now your first user created. To find out more about setting user permissions, please continue reading further.
You have now created your first user. To find out more about [[Manage users#Set global permissions for a user|setting user permissions]], please read on.
 
 
<!--T:79-->
<center>[[File:LimeSurveyBleistiftSymbol.jpg]]</center>


[[File:LimeSurveyBleistiftSymbol.jpg]]


<!--T:80-->
As you can see below, there are four options under the '''Action''' column that allow you to:


==Edit newly created users==


As you can see above, there are four options under the '''Action''' column that allow you to:
<!--T:93-->
*edit the general aspects of a user;
<center>[[File:Edit users.png]]</center>
*delete the user from the survey administrators database;
*set global permissions for a user;
*set template permissions for a user.


[[Edit users.png]]


<!--T:81-->
*edit the general aspects of a user - by clicking the pen symbol.
*delete the user from the survey administrators database - by clicking the wastebin button.
*set global permissions for a user - by clicking the lock symbol.
*set theme permissions for a user - by clicking the pen-and-lock symbol.


===Edit users===<!--T:7-->
==Edit user== <!--T:7-->


<!--T:8-->
<!--T:8-->
You can use the pen symbol to edit a userː
You can use the pen symbol to edit a user.


<!--T:9-->
<!--T:9-->
You can set a new email address, full name and even change the password. If you have finished what you want to do click '''Save'''.
You can set a new email address, full name, and even change his or her password. If you have finished what you want to do, click on the '''Save''' button (right upper part of the window).


===Delete users=== <!--T:10-->
 
==Delete user== <!--T:82-->  


<!--T:11-->
<!--T:11-->
To delete a user account simply click the trash button in the line with the user account that should be deleted and hit '''OK'''.
To delete a user account, simply click on his or her corresponding wastebin button (located on the same line as the user account you want to delete) and click '''OK'''.


===Set global permissions for a user=== <!--T:14-->
==Set global permissions for a user== <!--T:14-->


{{Note|Global permissions apply to the whole LimeSurvey installation. If you want to set permissions only for a specific survey you can use the Survey permissions settings.}}
<!--T:83-->
{{Alert|Global permissions apply to the whole LimeSurvey application. If you want to set permissions only for a specific survey, you can use the [[Manage users#Setting permissions for a single survey|survey permissions settings]].}}


<!--T:15-->
<!--T:15-->
To set global permissions for a user just click the lock symbol.
To set global permissions for a user, click on the lock symbol.
 


<!--T:16-->
<!--T:16-->
[[File:User_global_permission.png]]
<center>[[File:User_global_permission.png]]</center>


<!--T:63-->
[[File:User_global_permission_complete.png]]


<!--T:65-->
<!--T:65-->
The system use CRUD (Create, read, update and delete) like the Survey permission settings. Checking the first input checks all the CRUD permission for that row. To fine-tune permission we strongly recommend to extend the view using the arrow button on top of the checkbox column.
The CRUD (create, read, update, and delete) system is employed (like in the [[Manage users#Setting permissions for a single survey|survey permission settings]]). To fine-tune user permissions, we strongly recommend to extend the matrix using the double-right arrowhead, which is located in its upper right corner. If you check the first box, all the CRUD permissions in that row are automatically checked.
 
<!--T:63-->
<center>[[File:User_global_permission_complete.png]]</center>


<!--T:17-->
<!--T:17-->
You can now add or remove the following permissions.
You can now add or remove the following permissions:


<!--T:66-->
<!--T:73-->
* '''SuperAdministrator''': This permissions can only be added or removed by the user called '''admin''' and grants full permission to the whole LimeSurvey installation. '''Please note:''' This permissions is very powerful and you should be very careful with granting this permissions .
* '''Participant panel''': For more details, continue reading about the [[Central Participant Database|central participant database here]].


<!--T:67-->
<!--T:72-->
* '''Surveys''': This gives access to all surveys. To allow a user only to create and manage their own survey survey, only give the user the 'create' permission. A creator of a survey is the owner of this survey and will always be able to manage it. Remember that each survey can have specific permission, the global permission is applied before survey specific permission.
* '''Label sets''': Permission to create, view, update, delete, export, and import label sets. The label sets don't have specific permissions (unlike themes).


<!--T:68-->
<!--T:68-->
* '''Settings & Plugins''': With this permission a user can check data integrity, save the SQL database to an .sql file, manage global setting, view the PHP info in the global settings and manage all plugins.
* '''Settings & Plugins''': With this permission a user can check data integrity, save the SQL database to an .sql file, manage global settings, view the PHP info in the global settings, and manage all plugins.


<!--T:69-->
<!--T:67-->
* '''Users''': With this permission a user can create, modify and delete his own administration users. The newly created users cannot have higher permissions than the parent - also you will not be able to edit users owned by other administration. If this has to be done then a Superadmin permission has to be granted.
* '''Surveys''': Gives access to all surveys. To allow a user to only create and manage their own survey, give the user the 'create' permission. A creator of a survey is the owner of the survey and will always be able to manage it. Remember that each survey can grant different permissions .
{{Note|'''The global permission is applied before the survey-specific permission!'''}}
 
<!--T:71-->
* '''Themes''': It allows the user to use all the available design themes and edit all non-standard themes. A person with this right should have sufficient knowledge in terms of HTML, Javascript, and CSS. If a user is not familiar with these things and is supposed to use a specific design themes, it would be better to only give him 'read' permission. Each theme can have specific permissions.


<!--T:70-->
<!--T:70-->
* '''User groups''': This permission allows a user to create/view/update/delete user groups.
* '''User groups''': This permission allows a user to create/view/update/delete user groups.


<!--T:71-->
<!--T:69-->
* '''Templates''': It allows the user to use all design templates and edit all non standard templates. A person with this right should have sufficient knowledge in terms of  HTML, Javascript and CSS. If a user is not familiar with these things and is supposed to use a specific design template it would be better to give him only access to read permission. Each template can have specific permissions.
* '''Users''': A user can create, modify, and delete his own administration users with this permission. The newly created users cannot have higher permissions than the parent user. You will also not be able to edit users owned by other administration users. If this has to be done, then a Superadministrator permission has to be granted.
 
<!--T:66-->
* '''Superadministrator''': This permissions can only be added by other Superadministrator with this setting as update and grants full permission to the whole LimeSurvey application.
{{Alert|title=Warning|text=This permissions is very powerful and you should be very careful with granting it.}}
 
<!--T:84-->
*'''Use internal database authentication''': This permission allows users to access LimeSurvey's panel via the authentication page (e.g. ''http://domain/admin/authentication/sa/login''). If it is unchecked and the respective user tries to connect to LimeSuvey's panel, he will get the following error: 'Internal database authentication method is not allowed for this user'.


<!--T:72-->
<!--T:95-->
* '''Label sets''': Permission to create, update, use (view/read) and delete label sets. The label sets don't have specific permissions (unlike design templates).
{{Note|All the permissions mentioned above that belong to the [[Optional_settings#Security|forced super administrator]] cannot be removed via the GUI.}}


<!--T:73-->
* '''Participant panel''': see [[Central participants database]]


===Set template permissions for a user=== <!--T:19-->
==Set theme permissions for a user== <!--T:19-->


<!--T:20-->
<!--T:20-->
With template permissions you can set which design templates a user can select when creating or editing a survey. It might be a good idea to restrict the design templates a user can select in order to prevent unwanted use of design templates not suitable for a user/survey.
With theme permissions, you can decide which design themes a user can select when creating or editing a survey. It might be a good idea to restrict the design themes a user can select in order to prevent unwanted use of design themes, which you might consider to not be suitable for a survey/questionnaire.


<!--T:21-->
<!--T:21-->
'''Please note:''' If you have a specific design template for a group of users or customers you might want to restrict the access for them to use only the template created for their purpose.
For example, if you have a specific design themes for a group of users or customers, you might want to restrict their access to other themes to only make them use the themes created for their purpose.


<!--T:22-->
<!--T:22-->
To set/edit the template permissions for a user simply click the pen-and-lock symbol for design templates
To set or edit the themes permissions for a user, simply click the pen-and-lock symbol for design themes:
 


<!--T:23-->
<!--T:23-->
[[File:LimeSurveySetDesignTemplatesLS.jpg]]
<center>[[File:LimeSurveySetDesignTemplatesLS.jpg]]</center>
 


<!--T:24-->
<!--T:24-->
You can now select the design templates this user can select. After you finished your selection/deselection just hit '''Save''' in the upper right corner:
Select the design themes to which the respective user or user groups should have access. After you finished your selection or deselection, do not forget to hit the '''Save''' button: [[File:Save.png|0.75px]].
 
<!--T:25-->
To get a proper understanding of this function, check [[Manage users#Examples|the examples provided below]].
 
=Use one-time passwords= <!--T:51-->


<!--T:74-->
<!--T:52-->
[[File:Save_Close.jpg]]
A user can call the LimeSurvey login at /limesurvey/admin and enter a username and a one-time password (which was previously written into the users table - ''column one_time_pw'' - by an external application).


<!--T:25-->
<!--T:53-->
The most important use cases for granting user rights are collected at the '''use cases''' part of this article.
To enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>$use_one_time_passwords = false;</code>]] has to be set 'true' in config.php (it is 'false' by default) .
 
<!--T:54-->
The URL has to contain the following variables:
* '''user:''' The username normally used to login into LimeSurvey. This username has to exist in the 'users' table of the database.
* '''onepass:''' The plain text password which is then compared to the password in the 'users' table
 
<!--T:55-->
A valid URL to login using a one-time password will look like this:
 
<!--T:59-->
<div class="simplebox">http://www.yourdomain.org/limesurvey/index.php/admin/authentication/login?user=myusername&onepass=secretpassword</div>
 
<!--T:94-->
<div class='simplebox'> [[File:help.png]] The 'secretpassword' field is plain text, not MD5 code.</div>
 
<!--T:60-->
'''Things to watch out for:'''
* To enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>$use_one_time_passwords = false;</code>]] has to be set <code>true</code> in config.php (it is 'false' by default).
* The passed username has to exist in LimeSurvey's ''users table''.
* The one-time password (which can be set via an external application) has to be stored as [https://secure.php.net/manual/en/function.md5.php MD5 hash] in column ''one_time_pw'' of table ''users''.
* (This should be ignored except "Both passwords have to match") The passed plain text password will be hashed using the sha256 function and will then be compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match.
* After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in anymore with that respective password a second time.
* My local LS system can't test the permissions with different accounts (my email password does not have a way to be connected).


=Setting permissions for a single survey= <!--T:26-->
=Set permissions for a single survey= <!--T:26-->


<!--T:27-->
<!--T:27-->
These permissions only apply for a single survey. If you want to set permissions for the whole system you can use the global permissions.
These permissions only apply for a single survey. If you want to set permissions for the whole system, you can use [[Manage users#Set global permissions for a user|global permissions]].
These permissions can be offered either to a single user or to a user group.
 


<!--T:28-->
<!--T:28-->
'''Please note:''' An existing user account is required to set permissions for a single survey. If the account doesn't exist you have to create it first and then change the survey permissions. You don't have to apply any global rights to the user, it is just necessary that the user account itself exists.
{{Alert|title=Attention|text=An existing user account is required to set permissions for a single survey. If the account doesn't exist, you have to create it first and then change the survey permissions. The same applies to offering survey permissions to a user group. Besides the necessity to have one created, you also need to add at least one user to that group in order to be able to select it and grant it survey permissions.}}
 
 
<!--T:96-->
{{Note| By default, an user (non-admin) cannot grant survey permissions to users that are not part of the same group as the survey administrator. This is a security option enabled by '''default''' in LimeSurvey. To change this, you need to deactivate option [[Global_settings#Security|Group member can only see own group]], located in the '''Global settings''', under the '''Security tab'''. However, if you feel unsure about disabling this option, you can create groups containing those users that can be seen and be granted survey permissions by a survey creator.}}


===Survey template permissions=== <!--T:29-->


<!--T:30-->
<!--T:30-->
To change the survey permissions you have to select '''Survey permissions''' from the '''Survey properties''' menu.
To change the survey permissions, you have to select the '''Settings''' sidebar of your survey. Then, click on '''Survey permissions''' and choose to whom would you like to offer permissions. The rights can be offered either separately to specific users or to a user group.
 


<!--T:31-->
<!--T:31-->
[[File:LimeSurveySurveyPermissions.jpg]]
<center>[[File:LimeSurveySurveyPermissions.jpg]]</center>
 
 
<!--T:85-->
<center>[[File:LimeSurveySurveyPermissionsRights.png]]</center>
 
 
==Grant survey permissions to a user== <!--T:29-->


<!--T:32-->
<!--T:32-->
In the next step you select the user you want to change the survey rights and click '''Add user'''.
In the next step, select the user that will receive survey rights and click '''Add user'''.
 


<!--T:33-->
<!--T:33-->
[[File:LimeSurveyAddSurveyPermission.jpg]]
<center>[[File:LimeSurveyAddSurveyPermission.jpg]]</center>
 


<!--T:34-->
<!--T:34-->
After you click '''Set survey permissions''' the survey permissions matrix for the survey and user will be shown.
After you click '''Set survey permissions''', the user's survey permissions matrix will be shown.


<!--T:35-->
<!--T:35-->
[[File:LimeSurveyUserPermissionMatrix.jpg]]
<center>[[File:LimeSurveyUserPermissionMatrix.jpg]]</center>


<!--T:36-->
<!--T:36-->
In this matrix you can set the rights for the different features and parts. You simply click  a checkbox if you want to add or remove this right. If you click a checkbox in the first column all rights for this line will be selected/removed.
You can set in this matrix the user's survey permissions. Checking a box grants survey permissions to the respective user. If you click on a checkbox from the first column, all the rights of the corresponding line will be selected/removed.  


<!--T:37-->
<!--T:37-->
In the other columns you can choose whether a user can do a single actions from this feature/part.
Click on the double-right arrowhead to access the extended version of the matrix to choose specifically the actions that can be performed by a user.
After you finished editing the survey permissions, click on the '''Save''' button, which is located in the upper right corner of the screen.
 
<!--T:39-->
Some examples are provided [[Manage_users#Examples|below]] in order to help you get a better understanding of Limesurvey's survey permissions system.


<!--T:38-->
==Grant survey permissions to a user group== <!--T:86-->
After you finished editing the survey permissions click '''Save''' or '''Save and close''' in the upper right corner.
 
<!--T:87-->
Click on add a user group and select the user group to which you would like to add the permission rights.
 
<!--T:88-->
<center>[[File:LimeSurveyPermissionRightsUserGroup.png]]</center>


<!--T:75-->
<!--T:89-->
[[File:Save-SaveAndClose-Close.jpg]]
In the next step,  select  the permissions that you will allocate to the members of that user group. Do not forget to click on the double right arrowhead to get an extended view of the permissions matrix.


<!--T:39-->
The most important use cases for granting user rights are collected at the '''use cases''' part of this article.


=Examples= <!--T:40-->
<!--T:90-->
<center>[[File:UserGroupSurveyPermissions.png]]</center>


<!--T:41-->
In this part of the article we'll provide a few ideas which use cases may exist and how and which rights would be a good choice.


==A new person in charge for administrating LimeSurvey will be added== <!--T:42-->
<!--T:38-->
* login as '''admin'''
After you finished editing the survey permissions, click on the '''Save''' button, which is located in the upper right part of the screen.
* Create a new user account
* Set global permissions for user to '''SuperAdministrator'''
* not necessary: Setting the template permissions ('''SuperAdministrator''' has all permissions for all templates)
* not necessary: Setting the survey permissions ('''SuperAdministrator''' has all permissions for all surveys)


==A new user wants to create own surveys== <!--T:43-->
<!--T:91-->
* login as '''admin''' or user with '''SuperAdministrator''' permission.
Some examples are provided [[Manage_users#Examples|below]] in order to help you get a better understanding of the Limesurvey's survey permissions system.
* Create a new user account
* Set global permissions for user to '''Create survey'''
* Set template permissions for user to the template/s that should be used by the user/user-group
* not necessary: Setting the survey permissions (The creator of a survey has all permissions for his/her surveys)


==The creator of a survey needs another person to edit his/her survey== <!--T:44-->
<!--T:92-->
* login as '''admin''' or user with '''SuperAdministrator''' permission.
{{Note|[[Manage user groups|The user group function]] is still experimental. Use our [https://bugs.limesurvey.org/ bugs tracker] to describe any kind of inconsistencies.}}
* Create a new user account
* Set '''no global permissions''' for user
* Set '''no template permissions''' for user
* Set the survey permissions the way you want. It depends on what the new user should do and how much permissions he/she needs. If he/she should have all permissions for the survey you can select the first checkboxes in the first column with checkboxes (the one with the '''<<''' or '''>>''' button as header).


==A person responsible for the survey wants to see the results of the survey and export them== <!--T:45-->
=Examples= <!--T:40-->
* login as '''admin''' or user with '''SuperAdministrator''' permission.
* Create a new user account
* Set '''no global permissions''' for user
* Set '''no template permissions''' for user
* Set survey permissions to: '''Responses''': '''View/read''' and '''export''' , '''Statistics''': '''View/read'''


<!--T:46-->
<!--T:41-->
[[File:LimeSurveyCusomerOwnStatistics.jpg]]
Different scenarios are presented below. They provide some advice about which rights are necessary for some specific tasks and how they can be granted to the users.


<!--T:47-->
----


<!--T:48-->
==I want to add a new person in charge for administrating LimeSurvey== <!--T:42-->
To be moved somewhere else once better defined:
* Log in as '''admin'''.
* Create a new user account.
* Grant that user the '''Superadministrator''' permission.
* ''Not necessary'' : Setting the theme permissions ('''Superadministrator''' has all permissions for all themes).
* ''Not necessary'' : Setting the survey permissions ('''Superadministrator''' has all permissions for all surveys).


<!--T:49-->
There are several classes of possible people who access a LimeSurvey installation.  But only one set of people is actually termed a '''user''' in the code and documentation.  So lets understand what these classes of people are so we can better understand the terminology of the program.


<!--T:50-->
==A new user wants to create his/her own surveys== <!--T:43-->
{|
* Log in as '''admin''' (or as a user that has the '''Superadministrator''' permission).
! Class !! Description
* Create a new user account.
|-
* Set global permissions for that user to '''Create survey'''.
|Installation Administrator || Those people who create login user accounts to allow others to create, edit, activate and/or view surveys and their results.  Often can be given access to edit the templates, label sets and other key features independent of any particular survey stored.
* ''Optional'' : Set theme permissions - select which theme(s) should be used by the user/user group.
|-
|Survey Administrator || A person with a login account that is given some management access to a particular survey.  Each survey can have its own set of users with specific rights to manipulate the survey.  These rights can be as broad as to activate a survey and possibly edit its question base.  They can be as minimum as simply able to review the results to date.
|-
|Participant || Those people who simply respond or participate in taking a survey.  They may or may not have token access.  They do not need a login account to the administrative interface and thus are not termed users.
|-
|Installer || A special class of person who has access to the MySQL (or similar) database server and possibly the command line interface of the computers operating system in order to install and configure the survey software.  This person is asked to setup the initial SuperAdmin user account from which other user login accounts can be created.
|-
|Developer || An very special class of person who has access to the source code and can manipulate it to change the programs behavior.  Generally only done with versions of the survey that are not available for live, active surveys.
|}


=Use one-time passwords= <!--T:51-->
==The creator of a survey needs another person to edit his/her survey== <!--T:44-->
* Log in as '''admin''' (or as a user that has the '''Superadministrator''' permission).
* Create a new user account.
* Set '''no global permissions''' for user.
* Set '''no theme permissions''' for user.
* Set the survey permissions the way you want. If he/she should receive all the survey permissions, you can check the first box from each row. Otherwise, click on the double-right arrowhead to see the expanded matrix (upper right corner) and select only those rights you believe the respective user should have.


<!--T:52-->
A user can call the LimeSurvey login at /limesurvey/admin and pass a username and a one-time password (which was previously written into the users table - ''column one_time_pw'') by an external application.


<!--T:53-->
==A person responsible for the survey wants to see the results of the survey and export them== <!--T:45-->
To enable this login method, the line [[Optional settings#Use_one_time_passwords |<code>$use_one_time_passwords = true;</code> has to be turned on in config.php.
* Log in as '''admin''' (or as a user that has the '''Superadministrator''' permission).
* Create a new user account.
* Set '''no global permissions''' for user.
* Set '''no theme permissions''' for user.
* Set survey permissions to: '''Responses''' -> '''View/read''' and '''export''', and '''Statistics''': '''View/read'''.


<!--T:54-->
The URL has to contain the following variables:
* '''user:''' The username normally used to login into LimeSurvey. This username has to exist in the 'users' table of the database.
* '''onepass:''' The plain text password which is then compared to the password in the 'users' table


<!--T:55-->
<!--T:46-->
A valid URL to login using a one-time password will look like this:
<center>[[File:LimeSurveyCusomerOwnStatistics.jpg]]</center>


<!--T:59-->
==I need help from two interns that can help me with the translation of my survey== <!--T:47-->
<div class="simplebox">http://www.yourdomain.org/limesurvey/index.php/admin/authentication/login?user=myusername&onepass;=secretpassword</div>
* Log in as ''admin'' (or as a user that has the ''Superadministrator'' permission).
* Create ''n'' user accounts (where n is the number of translators).
* Create a user group called ''Translators'' and add the ''n'' accounts to this group.
* Go to the '''Survey permissions''' and click on '''Add a user group'''.
* If they only do translations, then offer them the '''Quick translation''' permission.


<!--T:60-->
<!--T:49-->
'''Things to watch out for:'''
{{Note|Check our [[LimeSurvey Users|wiki section on users]] and their classification as it can be found in the code and documentation.}}
* One-time passwords have to be enabled by setting <code>use_one_time_passwords => true</code> in [Optional settings#Use one-time passwords| config.php].
* The passed username has to exist in LimeSurvey's ''users'' table
* The one-time password (which can be set via an external application) has to be stored as [http://www.php.net/md5 MD5 hash] in column ''one_time_pw'' of table ''users''.
* The passed plain text password will be hashed using sha256 function and will then be compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match.
* After the first login with the one-time password, it gets deleted from the database. The user won't be able to login anymore with that respective  password a second time.
</translate>
</translate>

Revision as of 15:48, 8 November 2018

Other languages:

User management

The user management tool allows you to add additional administration users to LimeSurvey. We will just call them 'users' in this chapter. Do not confuse them with survey participants (respondents).


Create users

To create a new user, open the user management dialog by clicking on Configuration (located on the main LimeSurvey toolbar) -> Manage survey administrators as shown below.


File:LimeSurveyBenuzerVerwaltung.jpg


Then, click on Add user located in the upper right area of User control table. A window will show up asking you to:

  • Enter the desired username into the Username text field.
  • Enter the email address into the Email text field. Please note that:
    • LimeSurvey sends out a confirmation email to the address entered into the Email field. This email address will be used as the standard contact email address for surveys created by the respective user.
    • If you don't want the user to receive the confirmation email with a link to the LimeSurvey application, username, and password, you can use your own email address to send the confirmation email to you. After that, you can change the email address to the address of the user.
  • Enter user's full name into the Full name text field. Please note that the full name entered here will be used as the standard contact person name for surveys created by the respective user.
  • Click Save to create the new user.



You have now created your first user. To find out more about setting user permissions, please read on.



As you can see below, there are four options under the Action column that allow you to:



  • edit the general aspects of a user - by clicking the pen symbol.
  • delete the user from the survey administrators database - by clicking the wastebin button.
  • set global permissions for a user - by clicking the lock symbol.
  • set theme permissions for a user - by clicking the pen-and-lock symbol.

Edit user

You can use the pen symbol to edit a user.

You can set a new email address, full name, and even change his or her password. If you have finished what you want to do, click on the Save button (right upper part of the window).


Delete user

To delete a user account, simply click on his or her corresponding wastebin button (located on the same line as the user account you want to delete) and click OK.

Set global permissions for a user

  Global permissions apply to the whole LimeSurvey application. If you want to set permissions only for a specific survey, you can use the survey permissions settings.


To set global permissions for a user, click on the lock symbol.



The CRUD (create, read, update, and delete) system is employed (like in the survey permission settings). To fine-tune user permissions, we strongly recommend to extend the matrix using the double-right arrowhead, which is located in its upper right corner. If you check the first box, all the CRUD permissions in that row are automatically checked.

You can now add or remove the following permissions:

  • Label sets: Permission to create, view, update, delete, export, and import label sets. The label sets don't have specific permissions (unlike themes).
  • Settings & Plugins: With this permission a user can check data integrity, save the SQL database to an .sql file, manage global settings, view the PHP info in the global settings, and manage all plugins.
  • Surveys: Gives access to all surveys. To allow a user to only create and manage their own survey, give the user the 'create' permission. A creator of a survey is the owner of the survey and will always be able to manage it. Remember that each survey can grant different permissions .
The global permission is applied before the survey-specific permission!
  • Themes: It allows the user to use all the available design themes and edit all non-standard themes. A person with this right should have sufficient knowledge in terms of HTML, Javascript, and CSS. If a user is not familiar with these things and is supposed to use a specific design themes, it would be better to only give him 'read' permission. Each theme can have specific permissions.
  • User groups: This permission allows a user to create/view/update/delete user groups.
  • Users: A user can create, modify, and delete his own administration users with this permission. The newly created users cannot have higher permissions than the parent user. You will also not be able to edit users owned by other administration users. If this has to be done, then a Superadministrator permission has to be granted.
  • Superadministrator: This permissions can only be added by other Superadministrator with this setting as update and grants full permission to the whole LimeSurvey application.
  Warning : This permissions is very powerful and you should be very careful with granting it.


  • Use internal database authentication: This permission allows users to access LimeSurvey's panel via the authentication page (e.g. http://domain/admin/authentication/sa/login). If it is unchecked and the respective user tries to connect to LimeSuvey's panel, he will get the following error: 'Internal database authentication method is not allowed for this user'.
All the permissions mentioned above that belong to the forced super administrator cannot be removed via the GUI.


Set theme permissions for a user

With theme permissions, you can decide which design themes a user can select when creating or editing a survey. It might be a good idea to restrict the design themes a user can select in order to prevent unwanted use of design themes, which you might consider to not be suitable for a survey/questionnaire.

For example, if you have a specific design themes for a group of users or customers, you might want to restrict their access to other themes to only make them use the themes created for their purpose.

To set or edit the themes permissions for a user, simply click the pen-and-lock symbol for design themes:



Select the design themes to which the respective user or user groups should have access. After you finished your selection or deselection, do not forget to hit the Save button: 0.75px.

To get a proper understanding of this function, check the examples provided below.

Use one-time passwords

A user can call the LimeSurvey login at /limesurvey/admin and enter a username and a one-time password (which was previously written into the users table - column one_time_pw - by an external application).

To enable this login method, the line $use_one_time_passwords = false; has to be set 'true' in config.php (it is 'false' by default) .

The URL has to contain the following variables:

  • user: The username normally used to login into LimeSurvey. This username has to exist in the 'users' table of the database.
  • onepass: The plain text password which is then compared to the password in the 'users' table

A valid URL to login using a one-time password will look like this:

http://www.yourdomain.org/limesurvey/index.php/admin/authentication/login?user=myusername&onepass=secretpassword
The 'secretpassword' field is plain text, not MD5 code.

Things to watch out for:

  • To enable this login method, the line $use_one_time_passwords = false; has to be set true in config.php (it is 'false' by default).
  • The passed username has to exist in LimeSurvey's users table.
  • The one-time password (which can be set via an external application) has to be stored as MD5 hash in column one_time_pw of table users.
  • (This should be ignored except "Both passwords have to match") The passed plain text password will be hashed using the sha256 function and will then be compared to the stored hash in column one_time_pw of table users. Both passwords have to match.
  • After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in anymore with that respective password a second time.
  • My local LS system can't test the permissions with different accounts (my email password does not have a way to be connected).

Set permissions for a single survey

These permissions only apply for a single survey. If you want to set permissions for the whole system, you can use global permissions. These permissions can be offered either to a single user or to a user group.


  Attention : An existing user account is required to set permissions for a single survey. If the account doesn't exist, you have to create it first and then change the survey permissions. The same applies to offering survey permissions to a user group. Besides the necessity to have one created, you also need to add at least one user to that group in order to be able to select it and grant it survey permissions.



By default, an user (non-admin) cannot grant survey permissions to users that are not part of the same group as the survey administrator. This is a security option enabled by default in LimeSurvey. To change this, you need to deactivate option Group member can only see own group, located in the Global settings, under the Security tab. However, if you feel unsure about disabling this option, you can create groups containing those users that can be seen and be granted survey permissions by a survey creator.


To change the survey permissions, you have to select the Settings sidebar of your survey. Then, click on Survey permissions and choose to whom would you like to offer permissions. The rights can be offered either separately to specific users or to a user group.




Grant survey permissions to a user

In the next step, select the user that will receive survey rights and click Add user.



After you click Set survey permissions, the user's survey permissions matrix will be shown.

You can set in this matrix the user's survey permissions. Checking a box grants survey permissions to the respective user. If you click on a checkbox from the first column, all the rights of the corresponding line will be selected/removed.

Click on the double-right arrowhead to access the extended version of the matrix to choose specifically the actions that can be performed by a user. After you finished editing the survey permissions, click on the Save button, which is located in the upper right corner of the screen.

Some examples are provided below in order to help you get a better understanding of Limesurvey's survey permissions system.

Grant survey permissions to a user group

Click on add a user group and select the user group to which you would like to add the permission rights.

In the next step, select the permissions that you will allocate to the members of that user group. Do not forget to click on the double right arrowhead to get an extended view of the permissions matrix.



After you finished editing the survey permissions, click on the Save button, which is located in the upper right part of the screen.

Some examples are provided below in order to help you get a better understanding of the Limesurvey's survey permissions system.

The user group function is still experimental. Use our bugs tracker to describe any kind of inconsistencies.

Examples

Different scenarios are presented below. They provide some advice about which rights are necessary for some specific tasks and how they can be granted to the users.


I want to add a new person in charge for administrating LimeSurvey

  • Log in as admin.
  • Create a new user account.
  • Grant that user the Superadministrator permission.
  • Not necessary : Setting the theme permissions (Superadministrator has all permissions for all themes).
  • Not necessary : Setting the survey permissions (Superadministrator has all permissions for all surveys).


A new user wants to create his/her own surveys

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set global permissions for that user to Create survey.
  • Optional : Set theme permissions - select which theme(s) should be used by the user/user group.

The creator of a survey needs another person to edit his/her survey

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set no global permissions for user.
  • Set no theme permissions for user.
  • Set the survey permissions the way you want. If he/she should receive all the survey permissions, you can check the first box from each row. Otherwise, click on the double-right arrowhead to see the expanded matrix (upper right corner) and select only those rights you believe the respective user should have.


A person responsible for the survey wants to see the results of the survey and export them

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set no global permissions for user.
  • Set no theme permissions for user.
  • Set survey permissions to: Responses -> View/read and export, and Statistics: View/read.


I need help from two interns that can help me with the translation of my survey

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create n user accounts (where n is the number of translators).
  • Create a user group called Translators and add the n accounts to this group.
  • Go to the Survey permissions and click on Add a user group.
  • If they only do translations, then offer them the Quick translation permission.
Check our wiki section on users and their classification as it can be found in the code and documentation.
Retrieved from "http://manual.limesurvey.org/index.php?title=Manage_users&oldid=129312"