User rights

Read on to find out about the different types of user accounts, especially those of privileged users who have specific rights. 

In this article we will see the 3 types of users within LockSelf :

________________________________________________________________________________________

Summary table of user rights

tableau_anglais.png

The Main Administrator (Super Administrator)

Who appoints him? 

The main Administrator account is activated when the organisation is created, and therefore when your LockSelf environment is created. 

What is it used for? 

The Administrator account is responsible for the main organisation. He will be able to appoint Moderators within his organisation and can also create sub-organisations.

What are his rights?

The Administrator account has full rights over the entire organisation : user management, configuration of shared spaces and access management. 

If I lose my logins, can I recover them? 

No. It is therefore recommended to use a service account for this Administrator account : the access logins can be shared with a restricted circle of trusted users who can use it for specific needs. 

What is its role in relation to sub-organisations ? 

The main Administrator account has no visibility on the shared spaces of the sub-organisations, and therefore on the shared spaces and the data they contain.

However, he has a major right : he is the only one who can create sub-organisation and chose the related sub-Administrator, who he can change at any time (please note that this implies that the sub-organisation Administrator has appointed Moderators beforehand).

Administrator account and SSO

When an interconnection with your Enterprise Directory is set up, the Administrator account remains a local account. In case of a problem with your Enterprise Directory, the data will be viewable and exportable from this account. 


Sub-Organisational Administrators

Who appoints them ? 

Sub-organisation Administrator can only be appointed by the main Administrator account (organisation N).  

What are they used for ? 

Sub-Administrator are used to manage users and data in their respective organisations.

Can they be changed later ?

Yes, they can be replaced by a Moderator from their organisation at any time. This can be done from the main Administrator account, but requires that Moderators are appointed and exist in the relevant sub-organisation.


The Moderators

Who appoints them ? 

Moderators can only be appointed by the Administrator account of their organisation. Unlike an Administrator account, there can be more than one Moderator in an organisation. 

What are they for ? 

The Moderator status has been designed so that users in charge of running the tool in your organisation can manage users and data on a daily basis. Moderators have the same rights as the Administrator account, except for two elements : the possibility to create sub-organisations and the possibility to appoint other Moderators.

Can a Moderator be in multiple organisations ? 

No, Moderator status is only valid in one organisation. This means that a user cannot have Moderator rights in both an organisation AND a sub-organisation simultaneously. 


Category/Folder Managers

Who appoints them ? 

Category/File Managers can be appointed by the Administrator account, Moderators and other Category/File Managers.

Where can I manage this right ? 

Unlike the Administrator and Moderator profiles, the Manager role is managed directly in the shared spaces (LockPass and LockFiles).

For more information on managing access, see this documentation.

What are they used for ?

The Manager status allows you to give a user full rights to one or more shared spaces. In fact, the Manager has the same rights as an Administrator or Moderator but limited to one or more specific spaces. 

Can they combine rights in multiple spaces ?

Yes, just as it is possible to give a user access to several shared spaces, it is also possible to give Manager rights to a user in several spaces.

What are the cases of application of this role ? 

The Manager role can be given to a manager or department head so that he or she has control over his or her password (LockPass) / document (LockFiles) perimeter. 

The Manager status allows you to give full rights to a space to users so that they have the freedom to configure the space as they wish. 

It is possible to give the Manager role to all users of a shared space.

Updated