Restricting user field rights and menu access on databases

<< Click to Display Table of Contents >>

Navigation:  Administration > Server Administration > Manage Users >

Restricting user field rights and menu access on databases

Users receive access to databases through a specific matter named "All User Groups" to which all databases and all users are automatically associated. When a user account is setup, it is automatically added to a specific group named "All Users." The "All Users"group is automatically assigned to the "All User Groups" matter. Likewise, as a database is created, it is automatically assigned to the "All User Groups" matter.  It is this assignment of the databases and the "All Users" group to the "All User Groups" matter that allows all users to have access to all databases on the Concordance Desktop server.

In similar fashion, initial field rights and menu access settings to all databases are controlled through the settings in each user's user account displayed in the Admin Console. The only exception is when user accounts are added through the migration of a Concordance 10.x database to Concordance Desktop.

To further explain:

When adding users through the Admin Console, by default, full rights to fields (read and write) and full menu access (all menus in each database) are granted to the user. However, these defaults can be changed if you need to restrict the user's field rights and menu access rights across all databases. See Restricting user access on databases for more details.  

When adding users by registering a migrated Concordance 10.x database, user accounts and rights to the migrated database are carried over from the Concordance 10.x database and applied to that database in Concordance Desktop. However, for all other databases on the server, field rights and menu access defaults are used. Therefore, users added through migration may have restricted rights, while all other users on the Concordance Desktop server still have full rights to the migrated database. If you need to restrict user rights on these migrated databases, you can do so from the User Management screen. See Restricting user access on databases for more details.  

When adding users through an external domain (such as Active Directory), as with users manually added in the Admin Console,  the default of full rights to fields (read and write) and full menu access (all menus in each database) are granted to each user. These defaults can be changed if you need to restrict a user's field rights and menu access across all databases. See Restricting user access on databases for more details.

It is important to note that no matter how users are added to the Concordance Desktop server, if you need to setup restrictions for a user across all databases, you need to do so in the user's user account in the Admin Console immediately after their user account appears in the Admin Console. This is the only way in which to ensure that the restrictions you setup will be applied to all databases on the Concordance Desktop server. If you setup restrictions later on, the new settings will only apply to all databases added to the server from that point forward.

If you have a need to restrict a user's field rights and menu access settings for a specific database, you do so from the User Management dialog box in Concordance Desktop.

If you need to setup the same restricted field and menu access rights to one or more users across multiple databases, but not all databases, you can setup the restrictions for each user in one database, and they export the settings to a role template (.csv file) and import those same user restrictions to those same users on other databases.

When you make changes to user settings in the User Management screen, and the user currently has the database open on their desktop, the changes are not applied until the database is closed and reopened by that user.

 

To Restrict a User's Field Rights and Menu Access Across All Databases

In  each user's account, you can quickly restrict database field rights and menu access, which is then applied to all databases when you synchronize the changes with the databases. The one exception is if the user ID is listed in a Concordance 10.x database that has been migrated to Concordance Desktop; in which case, the field rights and menu access settings for that user in that database override whatever settings are selected in the user's account in the Admin Console.  

To set a user's Field Rights & Menu Type restrictions across all databases, you must change the default settings when the user is first added to the Concordance Desktop server. If you change a user's settings later on, the new settings will only take affect on databases added to the server from that point forward.

To set user restrictions for a user across all databases on the Concordance Desktop server:

1.In Concordance Desktop, click on the Workspace tab to ensure that your focus is not on a database.

2.From the File menu, click Administration, and then Admin Console.

3.Log onto the server where you need to restrict the user's rights.

4.Click the Management tab.

5.Double-click the Users folder.

6.Click on the user ID of the user for whom you need to apply access restrictions.

7.Click the Field Rights down-arrow and select whether the user should be able to read and write to all fields in all databases or just read access.

8.Click the Menu Type down-arrow and select the user Preset you want to apply for this user across all databases.

Supervisor:

User has access to all menus and menu commands.

Administrator:  

User has access to all menus and menu commands except the Modify, User Management, and Zap menu commands.

Editor:

User does not have access to the menu commands restricted in the Administrator preset, and does not have access to the following menu commands: New, Reindex, Index, Pack, Begin program, Edit program, and the menu commands for data validation. Though Editors can still search and edit, perform a global edit, load and unload data, and run reports.

Researcher:

User does not have access to the menu commands restricted in the Administrator and Editor presets, and cannot edit or append, load, overlay, import data, perform global edits, or unload a copy of the database's structure.

No Access:

User does not have access to any menus or menu commands. User can only open and exit the database.

9.Repeat steps 6 through 8 for each user you need to set restrictions on.

10.Click the Synchronize now button to apply the restrictions.

These restrictions are applied to all databases, except for those in which the user was added to a Concordance 10.x database that has been migrated to Concordance Desktop. In this case, the settings assigned in the database are carried over and override the settings from the user account in the Admin Console.

 

To Restrict a User's Field Rights and Menu Access on a Specific Database

When you make changes to user settings in the User Management dialog box, the changes are not applied until the database is closed and reopened by the user whose settings were changed.

1.In Concordance Desktop, open the database in which you need to set user restrictions.

2.From the File menu, click Administration, and then User Management.

i.The User Management screen opens.

3.Click on the user name of the user for whom you need to set restrictions.

4.To set or modify field rights, click the Field rights tab.

In the Field list, select the fields to apply or remove field rights. To select multiple fields, use CTRL+click or SHIFT+click.

i.By default, the Full access check box is selected for all fields when you add a user to the Concordance Desktop server.

Full access:

Gives users both read/write access to a field. This level of access for all fields is required for anyone who will be performing maintenance functions such as, indexing, packing, or a database modify. If the user does not have full access to the fields, Concordance Desktop does not either.  

Read only:

Gives users the ability to search, browse, and print the field. They may not edit or otherwise modify read-only fields. Commands such as Global edit and Load do not display fields which have read-only access. These fields are displayed in Edit view, but only for reference or to copy text to the clipboard.

The Read-only setting for fields in the Data Entry Attributes dialog box takes precedence over the read-only setting for fields on the Field rights tab in the User Management dialog box.

For example, if the Read only check box is selected for the OCR1 field in the Data Entry Attributes dialog box, and the Full access check box is selected for the OCR1 field on the Field rights tab in the User Management dialog box, the OCR1 field will be read-only for the user in the Edit view.

For more information about the Data Entry Attributes dialog box, see Setting data validation.

Write only:

Give very limited access. Users with write-only field access can load data into fields using Load, and assign values to them through the programming language, but they are not able to view or search these fields. The Edit view does not display write-only fields and therefore, they cannot be edited. The searches are post-processed to remove any references to hits in these fields. The searches may also run slower.

No rights:

Denies all access to the field. Users are not able to search for data in these fields. Searches are post-processed to remove any references to hits in these fields. The searches may run slower and the results may not contain the same count as a search with read-only field access.

5.To set or change menu access rights, click the Menu access tab, click one of the menu access preset buttons, and/or manually define the menu and menu command access for the user in the menu tree.

i.By default, new users have full access to all menus and menu commands on the Menu access tab.

ii.You can manually select the menu access permissions for each menu, select one of the menu access presets, or select a preset and then manually customize the menu permissions for the individual user.

Supervisor:

User has access to all menus and menu commands.

Administrator:  

User has access to all menus and menu commands except the Modify, User Management, and Zap menu commands.

Editor:

User does not have access to the menu commands restricted in the Administrator preset, and does not have access to the following menu commands: New, Reindex, Index, Pack, Begin program, Edit program, and the menu commands for data validation. Though Editors can still search and edit, perform a global edit, load and unload data, and run reports.

Researcher:

User does not have access to the menu commands restricted in the Administrator and Editor presets, and cannot edit or append, load, overlay, import data, perform global edits, or unload a copy of the database's structure.

No Access:

User does not have access to any menus or menu commands. User can only open and exit the database.

When a menu or menu command check box is checked, the user has access to this menu or menu command.

When a menu check box is checked but the check box is gray, the user has access to the menu, but does not have access to some of the menu command on the menu.

When a menu or menu command check box is  not checked (blank), the user does not have access, and cannot view the menu or menu command in Concordance Desktop.

6.Click the Apply button to save the user settings.

7.Repeat the steps for each user you need to restrict.

If you are setting up user database restrictions for a new database, and want to import restricted user settings, including users, from another database, be sure to import the user management settings before manually defining any restrictions in the User Management screen.  

When you import user restrictions from a .csv file, the file overwrites all existing settings previously defined in the User Management screen or in the Admin Console, for the selected database only.

Whenever you add or rename a field in the database, by default, full field access rights are granted to all users. Therefore, if you have renamed a field to which some users were assigned specific restrictions, you will need to reset those restriction for those users. If you have created a new field that some users should have limited or no rights in, you will need to set those user restrictions.

As users are added to the Concordance Desktop server, they are granted administrative rights across all databases, unless you change their License Type and Menu Type settings in the Admin Console. Administrative users have access to additional menu options that other user types cannot access. These additional menu options are described below under the Administrator default menus section.

 

Administrator Default Menus

Database Administrator Only - Menu Commands When Focus is on a Database Tab

On the File menu, you can access the following Administration commands:

Admin Console (Server and license management, and user, database, user group, matter, and client setup and maintenance at the Concordance Desktop server level)

Added menu items (Adding custom menus at the database level)

User Management (Field rights and Menu access at the database level)

Pack > Database

Pack > Dictionary

Zap

Imagebase Management (Rename media paths/folder, rename or delete media keys, export imagebse to OPT format, calculate or update document page count)

Remove Kashida Characters

Bulk Field Format Reset

Concatenate > Edit Concatenation (Add databases to a concatenated set, or create a concatenated set by adding databases to the currently opened database. Remove one or more databases from a concatenated set.

Concatenate > Clear Concatenation (Remove a concatenated set)

Administrator-Only Commands When Focus is on the Workspace Tab

On the File menu, you can access the following Administration commands:

Admin Console (Server and license management, and user, database, user group, matter, and client setup and maintenance at the Concordance Desktop server level)

 

Optional Field and Menu Restrictions

There are two options you can implement to prevent users from accessing fields and menus.

Restricting Field Access

Even if user management is not applied to a database, you can apply read-only rights to fields in the Data Entry Attributes dialog box. Any field marked as read-only in this box applies to all database users and also overrides field rights applied in the user management console.

For more information about the Data Entry Attributes dialog box, see Setting data validation.

 

User Restriction Guidelines for Concatenated Databases

Setting up user restrictions for concatenated databases includes the following guidelines:

User restrictions need to be set up in each database. Setting them in a concatenated database set only affects the primary database.

The user name and password must be the same for all databases in the concatenated set.

When the user name and password in the primary database does not exist in a secondary database, the concatenated database will not open. The user will receive a message that they do not have access rights to the specific database.

When a secondary database has user restrictions and the primary database does not have, the user is prompted for their user name and password when using the secondary database. The user name and password entered becomes the user name and password for the concatenated database set.

 

To Export User Management Settings

You can export the user management settings from a Concordance Desktop database and import them into another Concordance Desktop database. When you export Concordance Desktop user management settings, you are exporting all of the user access settings, including users, that are defined for the database in the User Management dialog box. The exported settings can be used to set up a database template with your user access specifications.

It is best practice to always export a copy of your user access settings each time you update them so you have a current backup copy to reference. Be sure your supervisor or secondary database administrator has access to this file in case of an emergency.

1.On the File menu, click Administration, and then User Management.

i.The User Management dialog box opens.

2.In the Field rights tab, click the Export button.

i.The Save As dialog box opens.

3.Navigate to where you want to save the exported user access settings file, type the name of the file in the File name field, make sure that Comma separated file (*.csv) is selected in the Save as type field, and click Save.

i.It is best practice to store this file in a separate, secure folder on your network.

ii.Here is an example of exported user access settings file in a spreadsheet:

7.Click OK to close the User Management dialog box.

To Import User Management Settings

You can import the user management settings from one Concordance Desktop database into another Concordance Desktop database. When you import Concordance Desktop user management settings, you are importing all of the user access settings, including users, that were defined  for the database in the User Management dialog box.

The import requires at least one commonly named field between the .csv file and the database to which the file is being imported. Before importing a .csv file exported from another Concordance Desktop database, make sure that there is at least one commonly named field. For example, the user access settings for the DOCTITLE field are exported to the user management settings .csv file, and the .csv file is being imported into a database also containing a field named DOCTITLE.

If you are setting up user management, and want to import the user access settings, including users, from another database, be sure to import the user access settings before manually defining any user access settings on users in the database.

When you import a user management settings CSV file, the file overwrites all existing user access settings defined in the User Management dialog box.

1.On the File menu, click Administration, and then User Management.

i.The User Management dialog box opens.

2.On the Field rights tab, click the Import button.

i.An Open dialog box opens.

3.Browse to and click the .csv file containing the user management settings you want to import and click the Open button.

i.The user access settings from the file are imported into the database. If there were any existing user access settings defined in the User Management dialog box, they are overwritten by the user access settings defined the .csv file during the import.

4.Click OK to close the User Management dialog box.