1. Administration Overview

The admin dashboard can be accessed by authorized users through the dashboard menu and is used to manage users and work item access permissions within edoras one.

1.1. Tenants

An edoras one installation may provide one or more tenants. A tenant is an isolated environment for a specific group of users. No data can be shared between tenants and users are always logged into a specific tenant. The edoras one tenant support allows multiple edoras one environments to be provided by a single server instance.

Tenants are not directly visible in the administration dashboard and cannot be administered there, as the tenant selection has already been made when the user logged in, but it is perhaps useful to know that the administration operations described here take place within the context of a particular tenant.

1.2. Users

User entries define the people who are allowed to log into the system and their settings.

The following attributes may be set for a user:

Table 1. User attributes
Name Required Description

Display name

Yes

the name that will be shown in the edoras one application

Login name

Yes

the name used to login to edoras one

Email address

Yes

the user’s email address

Language

No

the user’s language

Password

Yes

the user’s password

Last name

No

the user’s last name

First name

No

the user’s first name

Address

No

the user’s address

Phone

No

the user’s phone number

Mobile

No

the user’s mobile phone number

Notes

No

additional notes

A user can also enable automatic email notification of specific events within the system:

  • when a task is assigned to the user

  • when a task assigned to the user is edited

  • when a task owned by the user is edited

The password may be changed at any time by entering a new password in the two password fields. The password will be changed only when the two fields contain the same value.

The non-required fields are provided for information purposes only and are not used by edoras one itself.

A user belongs to an account and can be moved between accounts using the move action.

User entries can be activated and deactivated. Deactivated users will not be able to log into the system and will not be shown in the application, for example when reassigning a work object.

1.2.1. Predefined users

Each tenant in edoras one has an administration user. This user has full access to all work items in the system and certain special access permissions for system administration tasks.

1.3. Accounts

Accounts are used to collect users and groups that are related to each other, making it easier to organize and locate particular entries.

The following attributes may be set for an account:

Table 2. Account attributes
Name Required Description

Name

Yes

the account name

Description

No

the account description

Main color

No

the main color

Bright Bg color

No

the first background color

Dark Bg color

No

the second background color

Logo URL

No

the URL for the application logo

The color and logo settings will be used when any user that belongs to the account is logged in.

If an account is activated or deactivated then all users and groups in that account will also be changed to the new state.

1.3.1. Predefined accounts

The following accounts are defined by default in edoras one:

admin

contains the standard users and groups provided by edoras one and needed for correct operation of the system

<tenant name>

a tenant-specific account which contains any additional tenant users and groups

1.4. Groups

Groups are used to control the accessibility of objects within edoras one.

The following attributes may be set for a group:

Table 3. Group attributes
Name Required Description

Name

Yes

the group name

Description

No

the group description

As with a user, the group belongs to an account and can be moved between accounts using the move action.

A group can also be activated and deactivated. Note that deactivating a group simply means that objects cannot be shared with that group in the future. Existing objects that are shared with a deactivated group will be unaffected.

1.4.1. Predefined groups

All users

A group for all users in the tenant.

edoras one Admin

The administration group with access to the administration dashboard.

edoras one Manager

The manager group with access to the management dashboard.

edoras one Modeler

The modeler group with access to the modeler dashboard. This is also the default group for sharing models.

edoras one User

The user group with access to the user dashboard.

edoras one Supervisor

Users that belong to the supervisor group can view all work items in the system, regardless of who they are assigned to or shared with.

1.5. Apps

It is possible to manage the properties from the app models with the apps. By clicking on one app, the same property view is showed as with the deploy action view, however, the static properties are read-only. Only dynamic properties might be changed.

1.6. Access permissions

Access permissions in edoras one are controlled by group membership. To change a user’s group membership settings, select the user to be updated and then use the Group membership action to add or remove groups as required.

1.6.1. Work item visibility

A work item in edoras one is visible to a particular user if one of the following conditions is satisfied:

  • the work item is owned by the user

  • the work item is assigned to the user

  • the user is a member of a group that appears in the work item’s sharing group list

If a work item is visible by a particular user then it can also be edited. No fine-grained access control mechanism is provided, for example to allow read-only access.

1.6.2. Dashboard visibility

A particular dashboard is visible to a given user if the user is a member of the relevant group. For a list of the predefined dashboard groups please refer to the section Predefined groups.

2. Glossary

tenant

a tenant is an isolated environment in edoras one where users can work and processes can be executed without risk of affecting the contents of other tenants in the same server.

user

a user work item gives access to a particular tenant in edoras one, with associated attributes and permissions.

group

groups are used to control access to work items (and dashboards, in the case of the predefined groups).

accounts

accounts are used as a container for related users and groups. They can also be used to control the appearance of edoras one.

apps: a "singleton" work item from the app model. The app model properties are accessible from the app.