Manage security in Semarchy xDG

Semarchy xDG uses role-based security and privilege grants for accessing its modules. Users accessing xDG are authenticated and receive customized experiences based on their privileges.

Site and module security

Security in xDG is enforced on two levels:

Site-level security: governs access to platform modules (e.g., administrative features or xDG capabilities). Site-level security dictates platform users' privileges (i.e., adding users, granting read access to xDG, etc.).
Module-level security: governs access and data modification privileges within the xDG module. Determining these privileges should be considered carefully as part of the broader data governance effort.

Built-in site roles

The platform includes the following built-in roles:

Site Admin: provides full and unrestricted access to all platform features and modules, including exclusive access to user management.
Semarchy xDG Admin: grants access to the xDG module as an administrator.
Semarchy xDG User: provides basic read access to the xDG module. Administrators can adjust these privileges as needed.

Exercise caution when assigning the Site Admin role. This role entails superuser capabilities that enable individuals to create users, modify roles, and grant privileges.

Manage users in xDG

Users include all individuals interacting with the platform, including administrators, editors, and business users.

User authentication

Users authenticate through the built-in identity provider (i.e., internal IDP), which stores users and roles within xDG.

During the login process:

Users are given access to xDG.
They are assigned a set of effective roles, which determines their platform and module-level privileges.
Their user profile information is seeded or set.

Create a user

xDG users must be created through the internal IDP. During the creation process, their full name and email address must be specified.

To create a user:

Access the Site Administration interface.
The Users view is immediately displayed.
In the header of the Users view, click on the Add user button.
The Add user dialog opens.
Enter the following information:
- Email (mandatory)
- First name
- Last name
Click Submit.

Upon user creation, a registration invitation email is dispatched. The recipient is required to accept the terms and conditions, review profile details, set a password, and configure a one-time password.

Reset a user’s credentials

Occasionally, you may need to reset a user’s credentials if they forget their password or if the invitation email expires.

To reset credentials from the user list:

Upon accessing the Site Administration interface, browse the Users list.
Select the checkbox next to the user requiring a reset.
Open the Actions menu and select Reset password.
A confirmation dialog opens.
Click Confirm.

You can also reset a user’s credentials from the user details form:

From the Users list, click on the user requiring a reset.
The user details form opens.
In the form header, open the Actions menu and select Reset password.
A confirmation dialog opens.
Click Confirm.

An email is dispatched based on the user’s status:

Active users receive instructions to reset their static or one-time password.
Pending activation users receive a new invitation email.

Delete a user

To remove a user from the user list:

Upon accessing the Site administration interface, browse the Users list.
Select the checkbox next to the user you wish to delete.
In the header of the Users view, click on the Delete users button.
A confirmation dialog opens.
Click Confirm.

You can also delete a user from the user details form:

From the Users list, click on the user you wish to delete.
The user details form opens.
In the form header, open the Actions menu and select Delete user.
A confirmation dialog opens.
Click Confirm.

Disable a user’s access

Disabling a user’s access removes their ability to log in to the platform without permanently deleting their account.

To disable user access from the user list:

Upon accessing the Site Administration interface, browse the Users list.
Select the checkbox next to the user whose access you wish to disable.
Open the Actions menu and select Disable users.
A confirmation dialog opens.
Click Confirm.
The user status is set to Disabled and they will no longer be able to log in.

You can also disable user access from the user details form:

From the Users list, click on the user whose access you wish to disable.
The user details form opens.
In the form header, click the Disable user button.
A confirmation dialog opens.
Click Confirm.
The user status is set to Disabled and they will no longer be able to log in.

This action is available only for users with an Active status.

Enable a user’s access

Enabling a user’s access restores their ability to log in to the platform after their access has been disabled.

To enable user access from the user list:

Upon accessing the Site Administration interface, browse the Users list.
Select the checkbox next to the user whose access you wish to restore.
Open the Actions menu and select Enable users.
A confirmation dialog opens.
Click Confirm.
The user status is set to Active and they will be able to log back in.

You can also restore user access from the user details form:

From the Users list, click on the user whose access you wish to restore.
The user details form opens.
In the form header, click the Enable user button.
A confirmation dialog opens.
Click Confirm.
The user status is set to Active and they will be able to log back in.

This action is available only for users with a Disabled status.

Modify assigned roles

When a user authenticates, they obtain the roles set in the Site administration interface.

To modify a user’s role:

From the Users list, click on the user you wish to modify.
The user details form opens.
Navigate to the Module access section.
Using the checkboxes:
1. Select the roles you wish to assign.
2. Deselect the roles you wish to unassign.