Administering users

The OVE Asset Manager allows limited guest access, but users must log in before they can create new projects, edit projects, or view projects that are not public.

Projects can be added to access groups by clicking on the shield icon on the table of projects, or by clicking the “Edit access controls” button on the table of assets. Each user account has a list of groups for which it has read access, and a list of groups for which it has write access.

Account details are stored in a MongoDB database (as configured in config/auth.json).

Users can be managed using a command-line tool. This provides help for either all user management actions (./am-cli.sh user -h) or specific actions (./am-cli.sh user add -h, ./am-cli.sh user info -h, ./am-cli.sh user edit -h, ./am-cli.sh user remove -h).

Adding a user

The command ./am-cli.sh user add <username> creates a new user. By default, a user will not have read or write access to any groups, and will not be an admin.

To grant access, lists of space-separated group names can be provided to the --read and --write arguments. To grant a user admin rights, the --admin argument can be provided.

Example:

./am-cli.sh user add <username> --read <group1 group2> --write <group1 group2> --admin

Listing user permissions

The permissions of all users can be listed with ./am-cli.sh user info.

The permissions of a single user can be listed with ./am-cli.sh user info <username>.

Editing a user

You can reset a user’s password using ./am-cli.sh user edit --password <username>.

You can update the groups to which a user has read or write access by providing --read <group1 group2 ...> or --write <group1 group2 ...> in place of --password.

You can remove reading/writing permissions for all groups using --noread or --nowrite.

You can grant admin rights with --admin, or remove admin rights using --noadmin.

Removing a user

A user’s account can be removed with the command ./am-cli.sh user remove <username>.