1. Administration Overview
The admin dashboard can be accessed by authorized users through the dashboard menu and is used to manage users and work item access permissions within edoras one.
1.1. Tenants
An edoras one installation may provide one or more tenants. A tenant is an isolated environment for a specific group of users. No data can be shared between tenants and users are always logged into a specific tenant. The edoras one tenant support allows multiple edoras one environments to be provided by a single server instance.
Tenants are not directly visible in the administration dashboard and cannot be administered there, as the tenant selection has already been made when the user logged in, but it is perhaps useful to know that the administration operations described here take place within the context of a particular tenant.
1.2. Users
User entries define the people who are allowed to log into the system and their settings.
The following attributes may be set for a user:
| Name | Required | Description | 
|---|---|---|
| Display name | Yes | the name that will be shown in the edoras one application | 
| Login name | Yes | the name used to login to edoras one | 
| Email address | Yes | the user’s email address | 
| Language | No | the user’s language | 
| Password | Yes | the user’s password | 
| Last name | No | the user’s last name | 
| First name | No | the user’s first name | 
| Address | No | the user’s address | 
| Phone | No | the user’s phone number | 
| Mobile | No | the user’s mobile phone number | 
| Notes | No | additional notes | 
A user can also enable automatic email notification of specific events within the system:
- 
when a task is assigned to the user 
- 
when a task assigned to the user is edited 
- 
when a task owned by the user is edited 
The password may be changed at any time by entering a new password in the two password fields. The password will be changed only when the two fields contain the same value.
The non-required fields are provided for information purposes only and are not used by edoras one itself.
A user belongs to an account and can be moved between accounts using the move action.
User entries can be activated and deactivated. Deactivated users will not be able to log into the system and will not be shown in the application, for example when reassigning a work object.
1.2.1. Predefined users
Each tenant in edoras one has an administration user. This user has full access to all work items in the system and certain special access permissions for system administration tasks.
1.3. Accounts
Accounts are used to collect users and groups that are related to each other, making it easier to organize and locate particular entries.
The following attributes may be set for an account:
| Name | Required | Description | 
|---|---|---|
| Name | Yes | the account name | 
| Description | No | the account description | 
| Main color | No | the main color | 
| Bright Bg color | No | the first background color | 
| Dark Bg color | No | the second background color | 
| Logo URL | No | the URL for the application logo | 
The color and logo settings will be used when any user that belongs to the account is logged in.
If an account is activated or deactivated then all users and groups in that account will also be changed to the new state.
1.3.1. Predefined accounts
The following accounts are defined by default in edoras one:
- admin
- 
contains the standard users and groups provided by edoras one and needed for correct operation of the system 
- <tenant name>
- 
a tenant-specific account which contains any additional tenant users and groups 
1.4. Groups
Groups are used to control the accessibility of objects within edoras one.
The following attributes may be set for a group:
| Name | Required | Description | 
|---|---|---|
| Name | Yes | the group name | 
| Description | No | the group description | 
As with a user, the group belongs to an account and can be moved between accounts using the move action.
A group can also be activated and deactivated. Note that deactivating a group simply means that objects cannot be shared with that group in the future. Existing objects that are shared with a deactivated group will be unaffected.
1.4.1. Predefined groups
- All users
- 
A group for all users in the tenant. 
- edoras one Admin
- 
The administration group with access to the administration dashboard. 
- edoras one Manager
- 
The manager group with access to the management dashboard. 
- edoras one Modeler
- 
The modeler group with access to the modeler dashboard. This is also the default group for sharing models. 
- edoras one User
- 
The user group with access to the user dashboard. 
- edoras one Supervisor
- 
Users that belong to the supervisor group can view all work items in the system, regardless of who they are assigned to or shared with. 
1.5. Apps
It is possible to manage the properties from the app models with the apps. By clicking on one app, the same property view is showed as with the deploy action view, however, the static properties are read-only. Only dynamic properties might be changed.
1.6. Access permissions
Access permissions in edoras one are controlled by group membership. To change a user’s group membership settings, select the user to be updated and then use the Group membership action to add or remove groups as required.
1.6.1. Work item visibility
A work item in edoras one is visible to a particular user if one of the following conditions is satisfied:
- 
the work item is owned by the user 
- 
the work item is assigned to the user 
- 
the user is a member of a group that appears in the work item’s sharing group list 
If a work item is visible by a particular user then it can also be edited. No fine-grained access control mechanism is provided, for example to allow read-only access.
1.6.2. Dashboard visibility
A particular dashboard is visible to a given user if the user is a member of the relevant group. For a list of the predefined dashboard groups please refer to the section Predefined groups.
2. Glossary
- tenant
- 
a tenant is an isolated environment in edoras one where users can work and processes can be executed without risk of affecting the contents of other tenants in the same server. 
- user
- 
a user work item gives access to a particular tenant in edoras one, with associated attributes and permissions. 
- group
- 
groups are used to control access to work items (and dashboards, in the case of the predefined groups). 
- accounts
- 
accounts are used as a container for related users and groups. They can also be used to control the appearance of edoras one. 
apps: a "singleton" work item from the app model. The app model properties are accessible from the app.