Users Management Overview
User Management section in the Setup menu allows you to manage users and their permissions associated to your account.
This section contains 3 tabs that allow to manage different aspects of users and permissions.
- Allows to manage Users (creation, modification and deletion) as well as different actions on selected users (password setting, permissions granting, etc.)
- User Groups
- Allows to manage Users Groups, i.e. to create sets of users that shares the same privileges.
- Allows to manage Roles, i.e. named groupings of permissions that can be further used to grant privileges to users and user groups.
The User Management section in the Setup menu allows you to manage the users and their permissions associated to your account.
At CSV option menu you can export to a CSV file a full listing of users and permissions.
Add a new user
Clicking on the Add button you get access to the New User form.
Username field is the unique identifier of a Kiuwan user. The user needs to specify this username whenever accessing Kiuwan. Username must be unique so it’s recommended to use a suffix that identifies all users in your organization.
Email field is the email address of the user so any Kiuwan notification will be sent to that email address. Email does not need to be unique, so there might be users with the same email address.
Name and Lastname fields are descriptive fields to further identify the user.
Enabled check allows to enable/disable the user to access the Kiuwan account.
By checking the Generate password checkbox, Kiuwan will send a new password to the user. New users can not access Kiuwan until they receive their new password.
Set user as owner
In the dropdown menu of each user, you can select Set user as owner to change the account owner.
Any Kiuwan account has a unique “account owner”. The account owner is granted full permissions on account administration, applications and portfolios.
Any user can be set as Account Owner by the current owner, and by assigning this role to a new user the current owner will cease to be the current owner. Once a new user is set as owner, the old owner will be set with default permissions (none).
Confirm this action in the pop-up window that will show up once you have selected the Set as owner option for any user:
Set a new password
In the dropdown menu of each user, you can also select New password for the selected user.
Selecting this option will generate a new password and sent to the user’s email address.
Set administration privileges
Administration privileges can be granted to any users, which enable them to manage applications, users, quality models and/or audits as if they were the account owner.
There exist the following administration privileges:
- Manage Applications
Granting this privilege to a user will allow full access to Application Management module where that user will be able to create and manage Kiuwan apps (to classify the app on portfolios, to assign a quality model and audits, etc).
Please, see Application Management section for further info on this subject.
- Manage Users
Granting this privilege to a user will allow full access to Users Management module where that user will be able to:
- Create and delete account users
- Change the account owner
- Grant Admin privileges to users
- Create User Groups (and assign users to user groups)
- Create Roles
- Setting user permissions on portfolios and apps
Following sections will describe in details these functionalities.
- Manage Models
Granting this privilege to a user will allow full access to Models Management module where the user will be able to create and manage Quality Models.
Please, see Quality Models Management section for further info on this subject.
- Manage Audits
Grant this privilege to a user will allow full access to Audit Management module where that user will be able to create and manage Audits.
Please, see Audits Management section for further info on this subject.
Set permissions on portfolios
The account owner (or any user with “Manage User” privilege) can assign application permissions based on the app classification in portfolio groups.
Permissions can be assigned to portfolio values by selecting a Role (i.e. a defined set of allowed actions) for every portfolio value. Please, see the Role section to fully understand permissions assignment.
As any application can be classified in several portfolio groups, the final permissions set for the app is the union of allowed actions for every role assigned to every portfolio group.
Let see with an example.
You define a user with “ReadOnly” permissions on apps with portfolio value “High” in “Business Value” portfolio. This means that for any application classified as such, that user will have the allowed actions defined in “ReadOnly” role.
Also, you define for the same user “None” as the role for apps with value “South Africa” in “Provider” portfolio group.
What would be the permissions for an app that is “High” (in Business Value) and “South Africa” (in Provider)? As said above, it would be the union set, being in this case equal to ReadOnly role.
You define a Role “Mute defects” with only “Mute defects” action, and role “Create Notes” with only “Create Note” action. You associate “Mute defects” to High and “Create Notes” to “South Africa”. What would be the resulting set for any app classified as such? The user will be able to “Mute defects” AND “Create Notes”.
Important: Permissions based on portfolio values take precedence over app permissions.
In case you want app permissions to take precedence over portfolios permissions, you should check “Override” button in Application Access Permissions.
Set permissions on applications
The account owner (or any user with “Manage User” privilege) is entitled to assign specific application permissions.
By selecting the Override checkbox, the role assigned to that user and application will be prioritized over the role selected on Access permissions to Portfolios.
If you want to set the same option for several users at once, you can do it by selecting those users and, then, choosing the corresponding option on Bulk actions dropdown menu, as showed below:
A User Group is a set of users that shares the same permissions (admin privileges and/or permissions on apps and portfolios).
Whenever you need to assign the same permissions on the same entities (apps and portfolios), you can define a User Group, define the proper set of privileges and assign users to that User Group. Doing this way, with one click you will be able to grant all the users of that group the same permissions instead of granting one by one.
For example, you can divide users in development teams, so the users in the same user group will be able to manage the applications they are working with the same set of privileges.
Any user can be assigned to many user groups. In this case, a union of all permissions will be granted to that user. In case of conflicting permissions on the same entities (apps and portfolios), the most permissive set is applied.
Once a user belong to a User Group it will be not possible to assign individual permissions for that user.
You can override the user group’s permissions for a specific user by checking the “Override User Group” checkbox for that user. Doing this way, individual permissions will be granted instead of user group’s permissions.
Create new User Group
To create a new User Group, click on Add button and drag&drop users from Not Members Users to Group Members.
You can manage the different user roles by clicking on the namesake button in User Management section.
A Role is a grouping of specific set of permissions that will be applied to selected entities (apps and portfolios).
Kiuwan provides the following set of available permissions:
Kiuwan provides 5 preconfigured roles in Kiuwan:
- None: no permissions
- ReadOnly : permissions to view app data (including data on deliveries)
- ReadOnly deliveries: permissions to only view delivery data (not app data)
- Write : full access permissions on selected entities
- Write deliveries: execution access only to app deliveries
Whenever you create a user, by default that user will be assigned the role “None” to all apps and portfolios, i.e. no access.
These preconfigured roles are ready for use and cannot be modified.
In case you need to define different sets of permissions you can do it by creating new Roles.
Create new Role
You can add new roles and select their enabled actions by clicking on “Create New Role” button.
You can manage the actions the different roles can perform by selecting the appropriate checkboxes for each role.