Add Users

This article shows how to add users and assign permissions and roles to them. There are two ways to add new users; one is from the Users page and the other from the roles page. This article talks about both methods.

Types of Users

The following kinds of users can be added to a role:

User type Info Needed Description Example
Individual User email A person with an email address. person@email.com
Team org path A team with an org path. /WHO/*
Client Application Client ID Only applies to the data API. The data API is available to an external client application. bb4bfe5b-92a5-4246-a78d-318e5264bc5b
Mart Service Account Service Account name Allows data to be read across marts SVC_MART_CJFTEST

Add and Edit Individual Users from Users Page

Go to the Users tab in Admin

Image showing the menu options to get to the Users tab. The Main Menu is on Admin and there is a red box around the New Users tab name. There is a list of users with a blue box in the middle with "+ New User". To the right there is a link marked "User Properties" and to the right of that are two blue buttons marked Export and Import

Add individual user from the Users Page

Pressing the + on the New User button.

Image showing a red box around the "+ New User" button

This will bring up a pop-up allowing an individual to be added

Image showing a a pop‑up window titled "Add individual". At the top, there is an empty text field labeled "Account Email" with a placeholder that says "Search for an User Email". Below it are two tabs marked "Roles & Permissions" and "Properties". The "Roles & Permissions" tab is selected. On the left of the main section there is panel entitled "Roles". In this there is a scrollable list labeled “Assign roles to user,” containing multiple unchecked checkboxes for all of the different roles. To the right of that is a panel entitled Personal Permissions with a blue plus sign next to it. Underneath is an empty list containing 3 column headers; Action, Perm Title, Perm Filter. At the bottom of the window are two buttons: a grey "Cancel" button and a blue "Save" button.

Add Individual User Email Address

Enter a user email into the Account Email box. As you start to type, a list of users will appear underneath the box.

Image showing the "Add individual" pop-up with the cursor in the Account Email box and a list of users underneath.

The list filters depending on the letters entered until the user is found.

Edit Individual User

To edit an individual user, go to the users list and select the user. The roles and property values will appear on the right. Click on the pencil icon and then follow the same steps as above to change user Roles and Properties

Image showing the "Add individual" pop-up with the cursor in the Account Email box. In the Account Email box is the name "faulknerc@who.int". The Properties tab has been selected and underneath are a list of the properties with no values.

New User Menu

The New User button has a menu which can be dropped down by clicking on the down arrow to the right.

It has these options

Image showing the New User button with a menu expanded underneath it. The options in the menu are "Add Team", "Add Client Application" and "Add List of Users"

Add Team

In xMart, it is possible to add a team of people. So if, for example, you wanted to add everyone in the WHO to your mart, you would click on “Add Team” which would bring up the “Add Team” pop-up. Type the OrgPath (e.g. WHO) into the “Team Org Path” text box and then press Enter. “/*” may be added to the end of the team to indicate that all sub-teams are also included.

The team needs to be allocated to one or more roles as before.

Image showing pop-up with the title of "Add Team". Underneath is a field titled "Team Org Path" which has the team name just entered in it. Underneath is a list of all of the roles in the mart with an unchecked checkbox to the left

As before, clicking on the properties tab enables values to be added to the properties.

Add Client Application

In order to access private (i.e. non-public) data, the external users needs to register a client application. This then needs to be registerd as a user in your mart. To do this, click on “Add Client Application” which would bring up the “Add App” pop-up.

Image showing pop-up with the title of "Add app". Underneath is a textbox with the text "Client ID". Underneath is another checkbox marked "Name of the application". Underneath is a list of all of the roles in the mart with an unchecked checkbox to the left

Enter the Client ID of the app in the Client ID box and the name of the application underneath it.

The app needs to be allocated to one or more roles as before. Clicking on the properties tab enables values to be added to the properties.

Add List of Users

You can add a delimited list of users using the “Add List of Users” menu option.

Image showing pop-up with the title of "Add list of users". Underneath is a multi-line field titled "List of Emails (addresses will be recognized regardless for format" which is empty. Underneath is a list of all of the roles in the mart with an unchecked checkbox to the left

The user list can be in any delimited format.

The users need to be allocated to one or more roles as before. Clicking on the properties tab enables values to be added to the properties.

Add Mart Service Account

In order to read data from another mart, the service account of your mart will need to be given read access on the other mart (with the exception of REFMART)

You can add the mart service account using the “Add Mart Service Account” menu option.

Image showing pop-up with the title of "Add mart service account". Underneath is a single-line field titled "Service account name" which is empty. Underneath is a list of all of the roles in the mart with an unchecked checkbox to the left

Start typing the name of the mart in the field titled “Service account name” and a list of suggestions will appear.

Image showing pop-up with the title of "Add mart service account". Underneath is a single-line field titled "Service account name" which is empty. Underneath is a list of all of the roles in the mart with an unchecked checkbox to the left. To the right of that is

Select the account you want to add and the roles or permissions as before.

Assign Users to Roles

Once you have added the user, you can select the roles by checking the boxes next to the role names.

Image showing the "Add individual" pop-up with the cursor in the Account Email box. In the Account Email box is the name "faulknerc@who.int". The Roles tab has been selected and underneath, two roles have been selected, "App Data Consumer" and "Initial Admin".

Add Permissions to a User

As well as roles, permissions can assigned to users. To do this, click on the blue + sign next to the Personal Permissions title. This will bring up a pop-up with list of permissions in a drop-down.

Image showing the "Add Perm" pop-up with the permissions drop-down extended.

Some permissions can be filtered (such as Data View, Load Origin, Pipeline Manage, User Manage)

Assign Property Values to Individual Users

Clicking on the “Properties” tab will allow you to assign property values to the user which are used in Row Level Security.

Image showing the "Add individual" pop-up with the cursor in the Account Email box. In the Account Email box is the name "faulknerc@who.int". The Properties tab has been selected and underneath are a list of the properties with no values.

Save Changes

Once you are happy with the changes, click Save. To abandon all changes, click Cancel

Add Users from Roles Page

In order to manage the roles, navigate to the roles page from the Admin menu option

Go to the Roles tab in Admin

Image showing the menu options to get to the Roles tab. The Main Menu is on Admin and there is a red box around the  Roles tab name"

Users can be added to individual roles. First, the roles need to be created.

Once they have been created, select the roles page and press Configure against the role to which you wish to add the users.

Image showing the menu options at the top with the Roles tab selected. Underneath is the text Roles and to the right is a blue button marked "New". Underneath that is a Role called "PIP Data Consumer" with the word "Configure" in a light blue. This has a red box around it

Select the Users tab

Image showing the main menu at the top with the Admin option selected. Below that is the Tab list with Roles selected. Underneath that are more tabs which from left to right are marked "Users", "Perms", "Properties" and "RLS". There is a red box around the "Users" option.  Underneath that are 5 buttons which, from left to right are marked "Add Individual User", "Add Team" "Add Anonymous User", "Add Client Application" and "Add List of Users"

Add Individual User

Select Add Individual user and enter their email. The name of the person will be obtained from the account provider system when they login.

Image showing a pop-up window titled 'Add individual'. The window contains a text field labeled 'Account Email' with placeholder text that reads 'Search for an User Email.' Below the text field, there are two buttons: a grey button labeled 'Cancel' and a blue button labeled 'Save.'

Add Team

Select Add Team and enter the absolute org path of the team.

Image showing a pop-up with the heading "Add Team". There is a text field labeled 'Team Org Path:' with placeholder text that reads 'Search for an existing OrgPath.' Below the text field, there are two buttons: one labeled 'Cancel' in gray and another labeled 'Save' in blue

Type the OrgPath (e.g. WHO) into the “Team Org Path” text box and then press Enter. “/*” may be added to the end of the team to indicate that all sub-teams are also included.

Add Anonymous User

The Add Anonymous User button is no longer functional. To make tables available to the public via the OData API, add read permission in the Public/Anonymous API Consumer role.

Add Client Application

Select Add Client Application and enter the Client ID of the application as well as a human-readable name (so you know what the application is later).

Image showing a pop-up window titled 'Add app'. It contains two input fields and two buttons. The first input field is labeled 'Client ID (ex: cb36754f-20a2-47a9-bba1-cce2ea4a1c2a)' and the second input field is labeled 'Name of the application (ex: eJRF).' Below these fields, there are two buttons: a blue button labeled 'Create' and a gray button labeled 'Cancel.'

Just adding the Client ID in this manner is not sufficient to grant rights to an external application. It is necessary to register the client application.

Add List of Users

You can add a delimited list of users using the “Add List of Users” menu option.

Image showing a pop-up window titled 'Add list of users.' Inside the window, there is a text box with the placeholder text 'List of Emails (addresses will be recognized regardless of format).' Below the text box, in red font, it says 'List of Emails (addresses will be recognized regardless of format) is required.' At the bottom of the pop-up window, there are two buttons: one labeled 'Cancel' in gray and another labeled 'Save' in blue.

The user list can be in any delimited format.