All features (e.g., search) and all types of datasets are secured and managed via a user and permission management. Depending on the BEXIS2 configuration, some features (e.g., search) are also accessible for non-registered users, while others only for authorized users. After registration in BEXIS2, the system administrator assigns the appropriate permissions individually or by assigning the user to a permission group. In general, it is possible to add, remove, or modify existing permissions on features and all types of datasets. Each user can also grant permission for their datasets to others. Also, it is possible to generate a personal token for authentication to access BEXIS2 via API.
The registration form is accessible via the Register button on the right side. All fields of the form are mandatory and it is required to agree on the Terms and Conditions and Privacy Policy. Then you are asked to confirm your email address. As the last step, you have to provide some information (e.g., name, affiliation to the project, organization). Based on the provided details, the project Team grants permissions within three days.
Press the Login button on the right side. BEXIS2 redirects you to the login form, where you have to enter your account credentials (email or user name and password). If the login is successful, the start page (e.g., Dashboard or Search) is loaded. Otherwise, you will see information about the status and reason for the failed login.
In general, two mechanisms, authentication, and authorization protect the APIs of BEXIS2. Unlike logon, which uses the usual credentials, the APIs use a personalized token for authentication. The token can be found in the user menu.
User accounts are used to assign permissions and track actions like the creation of a dataset. Accounts can be linked to the party module and the real user name is shown instead of the account name.
In addition to the self-registration procedure, the administrator can also create accounts. This feature is available here: Settings > Manage Users > Create User. The system supports you with validation on all entered information.
Under Settings > Manage Users it is possible to view, modify, and delete user information using the following options:
Button | Description |
---|---|
Edit | for security and usability reasons, not all fields can be modified (e.g., user name). |
Group | show the membership in a group status can be changed by (un)selecting the corresponding checkbox |
Delete | delete a user account (exception: user accounts already used) |
Groups combine a set of permissions for its members. Users can be assigned to different groups.
This feature is available under Settings > Manage Groups > Create Group. A new group can be defined.
Under Settings > Mange Groups it is possible to view and modify group information.
Button | Description |
---|---|
Edit | change group name or description |
Group | members of a group can be (un)selected |
Delete | delete a group (exception: Groups already used) |
Former member management gives you the possibility to change rights in BEXIS for users who are no longer active in your project. The feature also allows you to undo the changes. The precondition for the use of this feature is a special role in BEXIS to which you then assign all the rights that former members should have.
This feature is available under *Settings > Manage Former Members.
Former member management uses end date of a user party to find e.g. users who have not been project members for a certain period of time. By using the end date filter, time-related queries can be made to users. To set a user as former member the checkbox in the is former member column must be set. The system admin and the user will then receive a confirmation email. With the activation of the former member status, all feature and role rights are removed from the user. And the user is added to the former member role.
To customize the confirmation email the text blocks of the email can be changed in the SAM settings file. The file is located at "...\Workspace\Modules\SAM". If the subject remains empty, the default subject of BEXIS is used.
To undo the former member status the checkbox must be deactivated. This means that the former member role will be removed from the user and his previous rights will be activated again. A confirmation email will be sent when the change is made.
Permissions contain specific security regulations. The security system of BEXIS2 distinguishes between two types of permissions. The feature permission allows or prohibits access to a well-defined and delimited area of the application, so-called Features. The data permission provides the option to protect all types of datasets.
Under Settings > Manage Feature Permissions you can customize features permissions.
Selecting a checkbox in the navigation tree (e.g., Search) will make that feature accessible without authentication (public access). Please use it with care!
Clicking on a feature name opens a table on the right side. This table contains all subjects (users and groups) and their feature permission status. You may grant or deny permissions for individual users or groups using the radio buttons. If permission is not explicitly set (none), it can be inherited from up-level features. Inherited permissions are shown in the first column as effective permissions.
To manage access to entities (datasets and publications) go to Settings > Manage Entity Permissions.
By selecting a dataset (by clicking on the row of the dataset), a new table displays all subjects (users and groups) and their different data permission statuses regarding the selected dataset. Here you can also change permissions for the selected dataset.
Selecting the checkbox in the first column (IsPublic) gives public access to that dataset without any authentication.
In general, BEXIS2 distinguishes different data permission types:
- Read: allows to read & download to primary data and attachments
- Update: enables changes (upload and update) of primary data and metadata
- Delete: allows to delete the whole dataset
- Grant: allows to give permission to other users or groups
Display the list of datasets under Settings > Manage Datasets. In this list, you can see the status of each dataset and do some useful actions to maintain datasets.
There are two ways to delete a dataset (1) delete and (2) purge.
There are two ways to delete a dataset:
Delete tags a data record to exclude it from nearly all features of BEXIS2 (e.g., search). But you are still able to restore the data record – if needed.
Purge deletes a dataset completely. The data record can not be restored.