First Steps
After your first login you will see that everything is rather empty. A good starting point are the general application settings, groups and modules.
Application Settings
The general application settings can be found in the Admin settings.
Go to:
Modules (on the side navigation) > Admin > Settings
On this page you may change the general application settings such as login behavior, server localization, logging etc.
Modules
Under Modules
on the side navigation you can see all installed modules. By clicking on them you will get additional module information and module specific settings.
If you want to install additional settings search for specific keywords on the module page and you will receive suggestions based on these keywords. You can then check out the detailed information of these modules in order to further inspect the features the modules provides.
Groups
Groups are an easy solution to managing multiple users at the same time. After the installation only a handful of groups exist. Feel free to create additional groups based on your requirements.
Guest
: Users in this group have no permissions (cannot even login by default)User
: Users in this group have basic read and write permissionsAdmin
: Users in this group have all permissions
If a user is part of multiple groups (this is often the case in more complex permission handling) the user has the permissions of all groups he is part of. This allows to configure groups very carefully with only the necessary permissions.
Permissions
Groups (and accounts) can have the following permissions:
READ
: The user can read/see certain contentCREATE
: The user can create/write certain contentMODIFY
: The user can modify/change certain contentDELETE
: The user can remove certain contentPERM
: The user can change permissions
It's also possible to assign permissions directly to individual users but this is not recommended as this makes managing permissions much more difficult.
When you assign the above mentioned permissions to a group you will see that you can also define:
- The
Unit
this permission is for (after the installation you only have one unit but you maybe want to have additional units/sub-organizations later on) - The
App
this permission is for (after the installation you only have theBackend
and theApi
but in the future you may have additional apps, which sometimes even get provided by other modules e.g.TicketApp
) - The
Module
this permission is for (e.g. the group only has create/write permissions for a certain module) - The
Category
is module specific and can be found in the module help. This can be e.g. news-article in the News module, account in the Admin module etc. - The
Element
is the specific model/element (e.g. a specific news article). This is represented by the element ID/number. - The
Component
is the specific component of a element/model (e.g. the title of a news article).
These restrictions show that it is possible to do very fine/granular permissions. It is possible to leave some of the above mentioned restrictions empty to allow a broader permission definition. Examples:
- Everything empty = Group/user has the permissions (e.g. read, create, ...) on everything
- Only define module = Group/user has the permissions (e.g. read, create, ...) on everything in this module
- Only unit and module is defined = Group/user had the permissions(e.g. read, create, ...) on everything in this module but only for the specified unit/sub-organization.
Accounts
By default only admin users can create new accounts. However it is possible to allow users to register by themselves in the admin module settings. Self-registered users are always part of the user
group. Make sure the user
group permissions are designed while keeping that in mind.
If a admin user creates a new account you must decide if the user/account should also be allowed to login/have a profile or if this account is just an internal account.
If the user should be allowed to login/active user you should click on Create Profile
to also create a profile for the user. Upon doing this the user will receive a registration email in the same way as if he registered by himself. The registration email contains a preliminary password which the user should change.