Manage Security in Semarchy xDG

Semarchy xDG uses role-based security and privilege grants for accessing its modules. Users accessing Semarchy xDG are authenticated and their experience is customized depending on their privileges.

Site and Module Security

There are two levels of security in Semarchy xDG:

  • Site-level security defines access to the modules of the platform (e.g., access to the administrative features or the Semarchy xDG capabilities). Site-level security sets platform users' privileges (i.e., who can add users, access Semarchy xDG as a reader, etc.).

  • Module-level security defines security privileges to access and modify data specifically in the Semarchy xDG module. Defining these privileges is a decision that should be made as part of the broader data governance initiative.

Built-in Site Roles

The following roles are built into the platform:

  • Site Admin: this role has full access to all the features and modules of the platform with no restrictions. It is the only role that gives you access to user management

  • this role must be granted for a user to log in. It should be granted

  • Semarchy xDG Admin: this role grants access to the Semarchy xDG module as an administrator.

  • Semarchy xDG User: this role grants access to the Semarchy xDG module as a basic reader user. The privileges can then be modified by the Semarchy xDG Administrators.

Be cautious when granting the Site Admin role. This role defines a superuser who can create users, modify roles, and grant privileges.

Manage Users in Semarchy xDG

Users in Semarchy xDG include all the individuals interacting with the platform, including the administrators, editors, or business users.

User Authentication

Users authenticate using the Internal Identity Provider - which stores user and roles in the Semarchy xDG.

Through the login process:

  • The user is given access to Semarchy xDG.

  • The user receives a set of effective roles, which will grant him platform and module-level privileges.

  • The user’s profile information is seeded or set.

Create a User

You must create users connecting to Semarchy xDG using the Internal Identity Provider. When creating these users, you define their full name and email.

To create a user:

  1. Browse the Site administration UI. The Users list opens.

  2. Click on the Add User icon button on the right side of the editor header.

  3. In the Add User dialog, enter the following information:

    • Email - Mandatory

    • First name

    • Last name

  4. Click Submit.

The new user will receive an invitation email to complete the user registration and will be required to accept the terms and conditions, review user profile information, set a password, and set up a one-time password (OTP).

Reset a user’s credentials

You might need to reset the user’s credentials when a user loses his password or when the invitation email expires.

To reset a user’s credentials:

  1. Browse the Site administration UI. The Users list opens.

  2. Select the user to reset with the checkbox.

  3. Open the action menu and select Reset credentials. A confirmation dialog opens.

  4. Click Confirm.

Depending on the user’s status, an email will be sent:

  • To reset the password and OTP for active users

  • A new invitation email is sent for users pending activation.

Delete a User

To delete a user from the users' list:

  1. Browse the Site administration UI. The Users list opens.

  2. Select the user to delete with the checkbox.

  3. Open the action menu and select Delete users. A confirmation dialog opens.

  4. Click Confirm.

To delete a user from the user details form:

  1. Browse the Site administration UI. The Users list opens.

  2. Click on the user to delete.

  3. Open the Action menu from the editor header and select Delete user. A confirmation dialog opens.

  4. Click Confirm.

Disable a User

Disabling a user allows to remove the user access without deleting it permanently.

To disable a user from the users' list:

  1. Browse the Site administration UI. The Users list opens.

  2. Select the user to disable with the checkbox.

  3. Open the action menu and select Disable users. A confirmation dialog opens.

  4. Click Confirm.

  5. The user status is set to Disable and will not be able to log in anymore.

To disable a user from the user details form:

  1. Browse the Site administration UI. The Users list opens.

  2. Click on the user to disable.

  3. Click the Disable user icon button from the right side of the editor header. A confirmation dialog opens.

  4. Click Confirm.

  5. The user status is set to Disable and will not be able to log in anymore.

This action is available only for Active users.

Enable a User

Enabling a user allows to restore the user access for a disabled user.

To enable a user from the users' list:

  1. Browse the Site administration UI. The Users list opens.

  2. Select the user to delete with the checkbox

  3. Open the action menu and select Disable users. A confirmation dialog opens.

  4. Click Confirm.

  5. The user will not be able to log in anymore.

To disable a user from the user details form:

  1. Browse the Site administration UI. The Users list opens.

  2. Click on the user to enable.

  3. Click the Enable user icon button from the right side of the editor header. A confirmation dialog opens.

  4. Click Confirm.

  5. The user status is set to Disable and will not be able to log in anymore.

This action is available only for Disabled users.

Modify the Assigned Roles

A user authenticating receives the roles configured in the Site Administration.

To modify the roles assigned to a user:

  1. In the Users list, select the user. The user information form opens.

  2. In the Roles section, click on the Modify roles icon button.

  3. Using the checkboxes:

    1. Select the roles to assign

    2. Unselect the roles to unassign

  4. Click Apply.

Additionally, roles can be unassigned from the roles list using the quick action button on hover.