CORE’s access control and project permissions give you the complete control over access to CORE as well as projects, elements, and even individual attributes if desired. This article is the first in a two part series of posts related to access control and permissions. Let’s first discuss the foundation of permissions, managing users and groups.
CORE is packaged with a single user account (Administrator) with the default password of “admin”. This Administrator account (or any account with system administrator privileges) can create and delete CORE user accounts from the Users and Groups segment of the Administrative Tools panel. (To access the Administrative Tools panel, log into CORE and click Tools > Administrative Tools.)
The User Properties window is opened by double-clicking on a user and allows the CORE system administrator to edit individual user account properties. Here you can set the password, force the user to change their password, disable the account and more. Under User Privileges you can grant specific system permissions to the user.
The System Administrator option will grant the user CORE system administrator privileges. This will grant the user access to the Users & Groups tool, allow administration of sessions, the API, and CORE2net. This option is only set by automatically for the default Administrator account.
Project Creation will allow the user to create a new project. This is recommended for all users and is granted to new users by default. If you wish to restrict this privilege, you must manually remove this option after creating a new user.
We recommend two best practices in relation to User accounts:
- Use the default Administrator only for system administration. Even you if you are using CORE in a Local Repository for a single-person project, login using a separate user account to do your work.
- If your company policy permits this, disable a user account rather than deleting the user. This will maintain the history of user access.
Groups are a collection of user accounts and have the same permission properties as a user account. When permissions are granted to a group all members of the group receive those permissions as well. A user can be a member of more than one group. Over time, groups are far more stable than individual team members who may join/leave the team or change roles. It’s considered a best practice in CORE to grant permissions to groups rather than individuals. When your team changes, you can simply change the group membership, rather than adding or removing permissions (which may be very in depth) for individuals.
Groups are created using the Users and Groups section of the Administrative Tools panel. Double click on a group to view the Group Properties window.
CORE is packaged with a single group, All Users, that includes the Administrator account. As new accounts are created they are added to the All Users group automatically.
The second post in this series will address Permissions. Do you have a questions about Access Control? Post a comment and I’ll address it!