Actions

Manage users: Difference between revisions

From LimeSurvey Manual

mNo edit summary
No edit summary
Line 17: Line 17:
[[File:LimeSurveyBenuzerVerwaltung.jpg]]
[[File:LimeSurveyBenuzerVerwaltung.jpg]]


Then, click on '''Add user''' button located on the upper right part of ''User control'' table. A window will pop up, asking you to:
Then, click on '''Add user''' button located on the upper right part of '''User control''' table. A window will pop up, asking you to:


<!--T:5-->
<!--T:5-->
Line 48: Line 48:


<!--T:9-->
<!--T:9-->
You can set a new email address, full name and even change the password. If you have finished what you want to do, click '''Save'''.
You can set a new email address, full name, and even change his or her password. If you have finished what you want to do, click '''Save'''.


==Delete user==  
==Delete user==  
Line 66: Line 66:


<!--T:65-->
<!--T:65-->
The system uses CRUD (Create, read, update and delete) like the [[Manage users#Setting permissions for a single survey|survey permission settings]]. If you check the first box, all the CRUD permissions for that row are automatically checked. To fine-tune a user's permissions, we strongly recommend to extend the view using the double-right arrowhead, located in the upper right corner of the matrix:  
The CRUD (Create, read, update and delete) system is employed (like in the [[Manage users#Setting permissions for a single survey|survey permission settings]]). If you check the first box, all the CRUD permissions for that row are automatically checked. To fine-tune a user's permissions, we strongly recommend to extend the matrix using the double-right arrowhead, which is located in its upper right corner:  


<!--T:63-->
<!--T:63-->
Line 81: Line 81:


<!--T:68-->
<!--T:68-->
* '''Settings & Plugins''': With this permission a user can check data integrity, save the SQL database to an .sql file, manage global setting, view the PHP info in the global settings and manage all plugins.
* '''Settings & Plugins''': With this permission a user can check data integrity, save the SQL database to an .sql file, manage global setting, view the PHP info in the global settings, and manage all plugins.


<!--T:67-->
<!--T:67-->
* '''Surveys''': This gives access to all surveys. To allow a user only to create and manage their own survey survey, only give the user the 'create' permission. A creator of a survey is the owner of this survey and will always be able to manage it. Remember that each survey can have specific permission, the global permission is applied before survey specific permission.
* '''Surveys''': This gives access to all surveys. To allow a user only to create and manage their own survey survey, only give the user the 'create' permission. A creator of a survey is the owner of this survey and will always be able to manage it. Remember that each survey can grant to users different permissions.
{{Note|The global permission is applied before the survey-specific permission.}}


<!--T:71-->
<!--T:71-->
* '''Templates''': It allows the user to use all design templates and edit all non standard templates. A person with this right should have sufficient knowledge in terms of  HTML, Javascript and CSS. If a user is not familiar with these things and is supposed to use a specific design template it would be better to give him only access to read permission. Each template can have specific permissions.
* '''Templates''': It allows the user to use all the available design templates and edit all non standard templates. A person with this right should have sufficient knowledge in terms of HTML, Javascript and CSS. If a user is not familiar with these things and is supposed to use a specific design template, it would be better to give him only access to 'read permission. Each template can have specific permissions.


<!--T:70-->
<!--T:70-->
Line 93: Line 94:


<!--T:69-->
<!--T:69-->
* '''Users''': With this permission a user can create, modify and delete his own administration users. The newly created users cannot have higher permissions than the parent - also you will not be able to edit users owned by other administration. If this has to be done then a Superadmin permission has to be granted.
* '''Users''': A user can create, modify, and delete his own administration users with this permission. The newly created users cannot have higher permissions than the parent. You will also not be able to edit users owned by other administration users. If this has to be done, then a Superadministrator permission has to be granted.


<!--T:66-->
<!--T:66-->
* '''Superadministrator''': This permissions can only be added or removed by the user called '''admin''' and grants full permission to the whole LimeSurvey installation. '''Please note:''' This permissions is very powerful and you should be very careful with granting this permissions.
* '''Superadministrator''': This permissions can only be added or removed by the user called '''admin''' and grants full permission to the whole LimeSurvey installation. '''Please note:''' This permissions is very powerful and you should be very careful with granting it.


*'''Use internal database authentication''': This permissions allows users to access LimeSurvey's panel via the authentication page (e.g. http://domain/admin/authentication/sa/login). If it is unchecked and the respective user tries to connect to the LimeSuvey's panel, he will get the following error: 'Internal database authentication method is not allowed for this user'.
*'''Use internal database authentication''': This permissions allows users to access LimeSurvey's panel via the authentication page (e.g. ''http://domain/admin/authentication/sa/login''). If it is unchecked and the respective user tries to connect to the LimeSuvey's panel, he will get the following error: 'Internal database authentication method is not allowed for this user'.


==Set template permissions for a user== <!--T:19-->
==Set template permissions for a user== <!--T:19-->
Line 106: Line 107:


<!--T:21-->
<!--T:21-->
'''Please note:''' If you have a specific design template for a group of users or customers, you might want to restrict their access in for them to use only the template created for their purpose.
'''Please note:''' If you have a specific design template for a group of users or customers, you might want to restrict their access to other templates to make them use only the template created for their purpose.


<!--T:22-->
<!--T:22-->
To set/edit the template permissions for a user, simply click the pen-and-lock symbol for design templates  
To set or edit the template permissions for a user, simply click the pen-and-lock symbol for design templates:


<!--T:23-->
<!--T:23-->
Line 115: Line 116:


<!--T:24-->
<!--T:24-->
You can now select the design templates this user can select. After you finished your selection/deselection, just hit '''Save''' in the upper right corner:
Select the design templates to which the respective user should have access to. After you finished your selection/deselection, just hit '''Save''' in the upper right corner:


<!--T:74-->
<!--T:74-->
Line 123: Line 124:
To get a proper understanding of this function, check [[Manage users#Examples|the examples provided below]].
To get a proper understanding of this function, check [[Manage users#Examples|the examples provided below]].


=Setting permissions for a single survey= <!--T:26-->
=Set permissions for a single survey= <!--T:26-->


<!--T:27-->
<!--T:27-->
Line 129: Line 130:


<!--T:28-->
<!--T:28-->
'''Please note:''' An existing user account is required to set permissions for a single survey. If the account doesn't exist, you have to create it first and then change the survey permissions. '''You don't have to apply any global rights to the user, it is just necessary that the user account itself exists.'''
'''Please note:''' An existing user account is required to set permissions for a single survey. If the account doesn't exist, you have to create it first and then change the survey permissions.  
 
{{Alert|title=Attention|text='''You don't have to grant any global rights to the user! It is only necessary to have the user account already created.'''}}


==Survey template permissions== <!--T:29-->
==Survey template permissions== <!--T:29-->


<!--T:30-->
<!--T:30-->
To change the survey permissions you have to select '''Survey permissions''' from the '''Survey properties'''.
To change the survey permissions, you have to select '''Survey permissions''' from the '''Survey properties'''.


<!--T:31-->
<!--T:31-->
Line 140: Line 143:


<!--T:32-->
<!--T:32-->
In the next step, select the user you want to change the survey rights for and click '''Add user'''.
In the next step, select the user that will receive survey rights and click '''Add user'''.


<!--T:33-->
<!--T:33-->
Line 146: Line 149:


<!--T:34-->
<!--T:34-->
After you click '''Set survey permissions''' the survey permissions matrix for the survey and user will be shown.
After you click '''Set survey permissions''', the user's survey permissions matrix will be shown.


<!--T:35-->
<!--T:35-->
Line 152: Line 155:


<!--T:36-->
<!--T:36-->
You can set in this matrix the user's survey permissions. Checking a box grants survey permissions to the respective user. If you click a checkbox from the first column, all the rights for that line will be selected/removed.  
You can set in this matrix the user's survey rights. Checking a box grants survey permissions to the respective user. If you click on a checkbox from the first column, all the rights of the corresponding line will be selected/removed.  


<!--T:37-->
<!--T:37-->
You can choose from the other columns which actions can be performed by the user.
You can choose from the other columns the actions that can be performed by the user (click on the double-right arrowhead to access the extended version of the matrix).


<!--T:38-->
<!--T:38-->
After you finished editing the survey permissions, click '''Save''' or '''Save and close''' in the upper right corner.
After you finished editing the survey permissions, click '''Save''' or '''Save and close''' in the upper right part of the screen.


<!--T:75-->
<!--T:75-->
Line 164: Line 167:


<!--T:39-->
<!--T:39-->
Some examples are provided below in order to help you get a better understanding of the Limesurvey's privileges system.
Some examples are provided below in order to help you get a better understanding of the Limesurvey's survey permissions system.


=Examples= <!--T:40-->
=Examples= <!--T:40-->


<!--T:41-->
<!--T:41-->
We have created different scenarios to provide some advice about which rights are necessary and how they can be granted to the users.
Different scenarios are presented below. They provide some advice about which rights are necessary for some specific tasks and how they can be granted to the users.


==I want to add a new person in charge for administrating LimeSurvey== <!--T:42-->
==I want to add a new person in charge for administrating LimeSurvey== <!--T:42-->
Line 175: Line 178:
* Create a new user account.
* Create a new user account.
* Set global permissions for user to '''Superadministrator'''.
* Set global permissions for user to '''Superadministrator'''.
* Not necessary: Setting the template permissions ('''Superadministrator''' has all permissions for all templates).
* ''Not necessary'': Setting the template permissions ('''Superadministrator''' has all permissions for all templates).
* Not necessary: Setting the survey permissions ('''Superadministrator''' has all permissions for all surveys).
* ''Not necessary'': Setting the survey permissions ('''Superadministrator''' has all permissions for all surveys).


==A new user wants to create his/her own surveys== <!--T:43-->
==A new user wants to create his/her own surveys== <!--T:43-->
Line 189: Line 192:
* Set '''no global permissions''' for user.
* Set '''no global permissions''' for user.
* Set '''no template permissions''' for user.
* Set '''no template permissions''' for user.
* Set the survey permissions the way you want. If he/she should have all permissions for the survey, you can check the box from the first column. Otherwise, click on the double-right arrowhead to see the expanded matrix (upper right corner of the matrix) and check exactly the rights you believe that uses should have.
* Set the survey permissions the way you want. If he/she should have all permissions for the survey, you can check the box from the first column. Otherwise, click on the double-right arrowhead to see the expanded matrix (upper right corner) and select only those rights you believe the respective user should have.


==A person responsible for the survey wants to see the results of the survey and export them== <!--T:45-->
==A person responsible for the survey wants to see the results of the survey and export them== <!--T:45-->
Line 207: Line 210:


<!--T:52-->
<!--T:52-->
A user can call the LimeSurvey login at /limesurvey/admin and pass a username and a one-time password (which was previously written into the users table - ''column one_time_pw'') by an external application.
A user can call the LimeSurvey login at /limesurvey/admin and pass a username and a one-time password (which was previously written into the users table - ''column one_time_pw'' - by an external application).


<!--T:53-->
<!--T:53-->
Line 226: Line 229:
'''Things to watch out for:'''
'''Things to watch out for:'''
* Do not forget that in order to enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>$use_one_time_passwords = true;</code>]] has to be turned on in config.php (it is 'false' by default).
* Do not forget that in order to enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>$use_one_time_passwords = true;</code>]] has to be turned on in config.php (it is 'false' by default).
* The passed username has to exist in LimeSurvey's ''users'' table
* The passed username has to exist in LimeSurvey's ''users'' table.
* The one-time password (which can be set via an external application) has to be stored as [http://www.php.net/md5 MD5 hash] in column ''one_time_pw'' of table ''users''.
* The one-time password (which can be set via an external application) has to be stored as [http://www.php.net/md5 MD5 hash] in column ''one_time_pw'' of table ''users''.
* The passed plain text password will be hashed using sha256 function and will then be compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match.
* The passed plain text password will be hashed using sha256 function and will then be compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match.
* After the first login with the one-time password, it gets deleted from the database. The user won't be able to login anymore with that respective  password a second time.
* After the first login with the one-time password, it gets deleted from the database. The user won't be able to login anymore with that respective  password a second time.
</translate>
</translate>

Revision as of 17:56, 9 August 2017

User management

The user management tool allows you do add additional administration users to LimeSurvey. We will call them in this chapter just 'users'. Do not confuse them with survey participants (respondents).

Create users

To create a new user, open the user management dialog by clicking on Configuration(located on the main LimeSurvey toolbar) -> Manage survey administrators as shown below.

File:LimeSurveyBenuzerVerwaltung.jpg

Then, click on Add user button located on the upper right part of User control table. A window will pop up, asking you to:

  • Enter the desired username into the text field Username.
  • Enter the email address into the text field Email. Please note that:
    • If you don't want the user to receive the confirmation email with a link to the LimeSurvey installation, username, and password, you can use your own email address to send the confirmation email to you. After that you can change the email address to the address of the user;
    • LimeSurvey sends out a confirmation email to the address entered into the Email field. This email address will be used as the standard contact email address for surveys created by the respective user.
  • Enter the users full name into the textfield Full name. Please note that the full name entered here will be used as the standard contact person name for surveys created by the repsective user.
  • Click Save to create the new user.

You have now your first user created. To find out more about setting user permissions, please continue reading further.

As you can see below, there are four options under the Action column that allow you to:

  • edit the general aspects of a user - by clicking the pen symbol;
  • delete the user from the survey administrators database - by clicking the trash button;
  • set global permissions for a user - click the lock symbol;
  • set template permissions for a user - click the pen-and-lock symbol.

Edit user

You can use the pen symbol to edit a user.

You can set a new email address, full name, and even change his or her password. If you have finished what you want to do, click Save.

Delete user

To delete a user account, simply click the trash button in the line with the user account that should be deleted and hit OK.

Set global permissions for a user

  Global permissions apply to the whole LimeSurvey installation. If you want to set permissions only for a specific survey you can use the survey permissions settings.


To set global permissions for a user, click on the lock symbol.

The CRUD (Create, read, update and delete) system is employed (like in the survey permission settings). If you check the first box, all the CRUD permissions for that row are automatically checked. To fine-tune a user's permissions, we strongly recommend to extend the matrix using the double-right arrowhead, which is located in its upper right corner:

You can now add or remove the following permissions:

  • Label sets: Permission to create, view, update, delete, export, and import label sets.. The label sets don't have specific permissions (unlike design templates).
  • Settings & Plugins: With this permission a user can check data integrity, save the SQL database to an .sql file, manage global setting, view the PHP info in the global settings, and manage all plugins.
  • Surveys: This gives access to all surveys. To allow a user only to create and manage their own survey survey, only give the user the 'create' permission. A creator of a survey is the owner of this survey and will always be able to manage it. Remember that each survey can grant to users different permissions.
The global permission is applied before the survey-specific permission.
  • Templates: It allows the user to use all the available design templates and edit all non standard templates. A person with this right should have sufficient knowledge in terms of HTML, Javascript and CSS. If a user is not familiar with these things and is supposed to use a specific design template, it would be better to give him only access to 'read permission. Each template can have specific permissions.
  • User groups: This permission allows a user to create/view/update/delete user groups.
  • Users: A user can create, modify, and delete his own administration users with this permission. The newly created users cannot have higher permissions than the parent. You will also not be able to edit users owned by other administration users. If this has to be done, then a Superadministrator permission has to be granted.
  • Superadministrator: This permissions can only be added or removed by the user called admin and grants full permission to the whole LimeSurvey installation. Please note: This permissions is very powerful and you should be very careful with granting it.
  • Use internal database authentication: This permissions allows users to access LimeSurvey's panel via the authentication page (e.g. http://domain/admin/authentication/sa/login). If it is unchecked and the respective user tries to connect to the LimeSuvey's panel, he will get the following error: 'Internal database authentication method is not allowed for this user'.

Set template permissions for a user

With template permissions, you can decide which design templates a user can select when creating or editing a survey. It might be a good idea to restrict the design templates a user can select in order to prevent unwanted use of design templates not suitable for a user/survey.

Please note: If you have a specific design template for a group of users or customers, you might want to restrict their access to other templates to make them use only the template created for their purpose.

To set or edit the template permissions for a user, simply click the pen-and-lock symbol for design templates:

Select the design templates to which the respective user should have access to. After you finished your selection/deselection, just hit Save in the upper right corner:

To get a proper understanding of this function, check the examples provided below.

Set permissions for a single survey

These permissions only apply for a single survey. If you want to set permissions for the whole system you can use the global permissions.

Please note: An existing user account is required to set permissions for a single survey. If the account doesn't exist, you have to create it first and then change the survey permissions.

  Attention : You don't have to grant any global rights to the user! It is only necessary to have the user account already created.


Survey template permissions

To change the survey permissions, you have to select Survey permissions from the Survey properties.

In the next step, select the user that will receive survey rights and click Add user.

After you click Set survey permissions, the user's survey permissions matrix will be shown.

You can set in this matrix the user's survey rights. Checking a box grants survey permissions to the respective user. If you click on a checkbox from the first column, all the rights of the corresponding line will be selected/removed.

You can choose from the other columns the actions that can be performed by the user (click on the double-right arrowhead to access the extended version of the matrix).

After you finished editing the survey permissions, click Save or Save and close in the upper right part of the screen.

Some examples are provided below in order to help you get a better understanding of the Limesurvey's survey permissions system.

Examples

Different scenarios are presented below. They provide some advice about which rights are necessary for some specific tasks and how they can be granted to the users.

I want to add a new person in charge for administrating LimeSurvey

  • Log in as admin.
  • Create a new user account.
  • Set global permissions for user to Superadministrator.
  • Not necessary: Setting the template permissions (Superadministrator has all permissions for all templates).
  • Not necessary: Setting the survey permissions (Superadministrator has all permissions for all surveys).

A new user wants to create his/her own surveys

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set global permissions for that user to Create survey.
  • "Optional" : Set template permissions - select which template(s) should be used by the user/user-group.

The creator of a survey needs another person to edit his/her survey

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set no global permissions for user.
  • Set no template permissions for user.
  • Set the survey permissions the way you want. If he/she should have all permissions for the survey, you can check the box from the first column. Otherwise, click on the double-right arrowhead to see the expanded matrix (upper right corner) and select only those rights you believe the respective user should have.

A person responsible for the survey wants to see the results of the survey and export them

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set no global permissions for user.
  • Set no template permissions for user.
  • Set survey permissions to: Responses -> View/read and export and Statistics: View/read.

{{Note|Check our [[LimeSurvey Users|wiki on users}} and their classification as it can be found in the code and documentation.

Use one-time passwords

A user can call the LimeSurvey login at /limesurvey/admin and pass a username and a one-time password (which was previously written into the users table - column one_time_pw - by an external application).

To enable this login method, the line $use_one_time_passwords = true; has to be turned on in config.php (it is 'false' by default).

The URL has to contain the following variables:

  • user: The username normally used to login into LimeSurvey. This username has to exist in the 'users' table of the database.
  • onepass: The plain text password which is then compared to the password in the 'users' table

A valid URL to login using a one-time password will look like this:

Things to watch out for:

  • Do not forget that in order to enable this login method, the line $use_one_time_passwords = true; has to be turned on in config.php (it is 'false' by default).
  • The passed username has to exist in LimeSurvey's users table.
  • The one-time password (which can be set via an external application) has to be stored as MD5 hash in column one_time_pw of table users.
  • The passed plain text password will be hashed using sha256 function and will then be compared to the stored hash in column one_time_pw of table users. Both passwords have to match.
  • After the first login with the one-time password, it gets deleted from the database. The user won't be able to login anymore with that respective password a second time.