SSO Supervisor / Admin / Master Specific Content
In SSO server the following roles are defined, with ascending order for access level:
"Standard" users (i.e. registered via signup form) have role USER, which allows them to perform actions on themselves and their subaccounts only. ADMINISTRATOR, MASTER and SUPERVISOR are special users with increased permissions.
U = USER
A = ADMIN
M = MASTER
S = SUPERVISOR
S can delete all, M can delete A and U users, A can delete U users, U cannot delete
S can see all, M can see A and U users, A can see U users, U can see himself and subusers
S can see all, M can see A and U users, A can see U users, U can see himself and subusers
S can modify all, M can modify A and U users, A can modify U users, U can modify himself and subusers
S can add all, M can add A and U users, A can add U users, U cannot add
S can see all, M can see A and U users, A can see U users, U cannot see
S can update all, M, A, U cannot update
S can see all, A can see all, M, U cannot see
This roles should be distinct from roles defined in SSO Common Content section of wiki which relate to user created roles for permissions on ginstr apps tables while SSO roles relate to permissions for SSO users.
When user with SUPERVISOR permission log in to SSO additional options appear in menu in top right corner:
- edit users
- configure lobby
- configure applications
When users with ADMINISTRATOR or MASTER role log in to SSO they get only additional "edit users" option in menu in top right corner
In this section are listed all SSO users with options to create new users, edit users, delete users and enable/disable ginstr for certain user.
This list of users is divided in multiple columns containing different info related to users. Table can be sorted by each of this columns.
Columns which need additional explanation are DB num, main account, account status and max subs.
DB num - in this column is displayed id of user which is generated by SSO server automatically. This is unique identifier for each user.
main account - this column have value only if user is subaccount user. In this column is displayed main account of subaccount user
account status - existing account statuses are ACTIVE, SUSPENDED (if for example user tried log in with incorrect password for several times), DELETED (if account is no longer in use it can be set to have DELETED status and will be completely removed after several days), UNCONFIRMED (this is status which have every new user until activate account by click on activation link in e-mail send after registration)
max subs - in this column is displayed maximal number of subaccounts which user can create. This number is defined by SUPERVISOR/ADMIN/MASTER when creating new user or editing existing user on edit user page or it is defined by ginstr subscription bought in ginstr shop on ginstr web site.
On far right side of page there are several links which when clicked open new pages or make some status changes on user accounts. This links are:
- EULA decisions
- enable ginstr/disable ginstr
- reset ginstr
On this page there are different sections and will describe each section separately. This page is same as page for creating new user which is opened when click on "new user" button on list of users page.
On top left side there are fields with general info related to user account. Same data exists on sign up page on SSO log in page when user registers new account.
In bottom left side there is section where SUPERVISOR/ADMIN/MASTER can set if uploading of attachments (pictures, videos, audio files and documents) is allowed for that account and if allowed then to set limit for each attachment type and total files limit. Limits are defined in MB. In this section there is also checkbox to disable support chat for that account in SSO and ginstr web.
In top right corner there is section related to settings of user account.
Here can be added some comment related to user in "comment about user" field.
In account status drop down menu can be changed status of account (active, suspended, deleted)
In role drop down can be changed SSO role of that account (user, master, administrator, supervisor)
By checking "enforce password expiry policy?" checkbox user will be forced to renew password after certain period of time
By checking "ignore password and username minimum requirements for this account?" rule that password must have one number, one uppercase letter, one lowercase letter and at least eight characters will not be respected on next renewal or change of password by user.
In language drop down can be changed language in which SSO content will be displayed for that user.
In "number of booked subaccounts" field can be entered amount of subaccounts which that main user can create. This field does not exist if edit subaccount. Once this amount set here manually then ginstr shop does not control subscription anymore but it is controlled by SUPERVISOR/ADMIN/MASTER
Additional item that appear in this section if editing subaccount is "account was created by" where is displayed name of main account which created that subaccount.
In bottom right corner there is list of all existing applications where SUPERVISOR/ADMIN/MASTER can enable/disable some app for account, remove tables and data of certain app for that user, set maximal amount of rows that can be added in table of some app and generate demo data for PLUS applications.
On top of this section there are 3 links activate all, deactivate all, remove all tables.
Click on activate all link enables all applications in list below.
Click on deactivate all link disables all applications in list below.
Click on remove all tables removes all tables and data from enabled applications in list below.
In top part of application list are listed modules which are displayed in SSO lobby and after this modules are displayed ginstr apps which are displayed in hide/show content section of my account page on every main user account.
Before each module and application name there is checkbox that enables to manually activate / deactivate each separate module and application
After each ginstr application name there is trash can icon which when clicked opens dialog with security question. If SUPERVISOR/ADMIN/MASTER choose yes in dialog then all tables and data of that app for user which is currently edited will be removed.
If tables of some ginstr app are already generated for account which is edited then after name of that application will be present pencil icon. Clicking on that icon will open dialog where can be set maximal amount of rows in each table of that application.
In this dialog it can be defined for each app's table what should be maximal amount of rows that can be added to that table by user. If user try to add more then set amount then appropriate error will be displayed to user. If values in fields in this dialog are empty this means that unlimited amount of rows can be added to table.
If Application is removed for some user amounts of rows which are set as limit will be preserved and applied again if application is enabled for that user again.
For PLUS applications there is additional arrow icon. Click on that icon opens dialog where can be chosen language and predefined demo data for that language will be generated for that PLUS app on user account which is edited.
Click on this link will set that account status to DELETED. After several days account and all of its data will be completely removed.
When click on this link that new page will open with table which contains information if EULA (End User License Agreement) was accepted or declined by that user, for which apps at what time and from which IP address.
enable ginstr/disable ginstr
If ginstr is disabled for certain account that means that user will not be able to use ginstr module at all. Enabling / disabling of ginstr is actually controlled by shop on ginstr web site in a way that if user bought subscription for certain amount of subaccounts once user activate account via link in e-mail then account will be activated with that number of booked subaccounts and with enabled ginstr for main account and all subaccount which will that main account create. After subscription expire ginstr becomes disabled. enable ginstr/disable ginstr links in list of users table are introduced so that SUPERVISOR/ADMIN/MASTER can manually enable/disable ginstr for some accounts. In case ginstr is enabled/disabled manually then ginstr shop lose control over that account and all further actions in this regard on that account must be performed manually by SUPERVISOR/ADMIN/MASTER.
When click on reset ginstr link for some account then control over that account is returned to ginstr shop and all changes previously made manually by SUPERVISOR/ADMIN/MASTER are overridden.
In this section SUPERVISOR can configure modules which are displayed in SSO server lobby.
Here SUPERVISOR can configure name of module that will be displayed in SSO lobby, link to module address, choose one of icons which will be displayed in SSO lobby for that module and select if module should be displayed for all users by default in SSO lobby