Users and Roles
The Users page allows users with the PlatformAdmin role or Administrator role (roles marked with the Is Admin flag on the AuthServer settings page) to add, remove, and edit users and their associated roles. To open the Users page, click the Users link in the left sidebar. This page is visible and accessible only to users logged in with the PlatformAdmin or Administrator role. The PlatformAdmin is a special role for platform administration, it will not be displayed in the Roles column.
It shows a table of all users, with the following information:
| Field | Details |
|---|---|
| Username | The unique name of the account. Used to login. Maximum length is 50 characters. |
| First Name | The first name of the user. |
| Last Name | The last name of the user. |
| The email address of the user. Must be in a valid email address format. | |
| Roles | The roles of the user. The available roles are determined by the active Sym3 Project. |
Roles let you allow some users access a project or information, while restricting access to other users. See the Roles and Permission documentation for more information.
Depending on the authentication mode, the ‘New User,’ ‘Edit,’ and ‘Reset Password’ buttons on each record may be unavailable.
Basic Authentication Mode
Adding New Users
To add a new user, click the button labelled ‘NEW USER’ to open the add new user page.
Fill in the above details, along with a password in Basic Authentication mode and click ‘SUBMIT’. In Active Directory mode, enter a first or last name to retrieve all matching accounts from the Active Directory server, then select an account from the list. Set the roles and then click ‘SUBMIT’.
If you change your mind, click ‘CANCEL’ to discard any added information and go back to the user list. No new user will be added.
Editing Existing Users
To edit an existing user, click the pencil icon on their row to open the edit user page.
Make the desired changes and click ‘SAVE’. Note that neither the username nor the password can be changed on this screen.
If no changes are required, click the ‘CANCEL’ button to return to the user list without making any changes to the user.
Editing Roles
When creating a new user, or editing an existing user, you can modify the roles they have by clicking on the Roles drop-down.
Roles with a filled checkbox are assigned to the user in question, roles with an empty checkbox are not assigned to that user. The set of roles available to be assigned to the user are determined by the active project. See the Project Files documentation on how to change the active project. See the Roles and Permission documentation on how to edit the roles in a project file.
Platform Admin can assign the PlatformAdmin role to another user. Administrator users can assign the Administator role to another users but not “higher” privilege PlatformAdmin role.
Deleting Users
To delete a user click the trash can icon on their row. A confirmation dialog will be opened.
Click ‘OK’ to delete the user, or ‘CANCEL’ to go back to the user list without deleting the user.
Resetting User Passwords
To change a user’s password click the ‘RESET PASSWORD’ button on their row. The password reset page will open. Only basic authentication accounts support password reset.
Enter a new password in the first field and re-enter it in the second field. (The original password is not required.) The user should change their password to something else as the first thing they do upon logging into their account. (Regular users do not have access to the users list, they can change their own password on their User Profile.)
Hit ‘CANCEL’ to return to the users list without changing their password.
Active Directory Authentication Mode
‘User Active Directory Groups’ Enabled
Administrators cannot add new users in this mode. The Auth Server retrieves user roles from Active Directory (AD) server user groups when users log in with their AD accounts.
User roles are mapped based on AD user groups, and user records are not editable. Passwords cannot be reset through Sym3 Web, as they are managed by the AD server.
User records are generated automatically upon a user’s first successful login. Although records can be removed, they will be recreated the next time the AD user logs in.
‘User Active Directory Groups’ Disabled
Administrators manually configure user records before users start using Sym3 Web.
The ‘Reset Password’ button is unavailable because user passwords are managed by the AD server.
The ‘New User’ button is available; however, the new user window only allows selection from users in the connected AD server.
Azure EntraID Authentication Mode
Administrators cannot add or edit Azure Entra ID users in this mode. User roles are mapped from the Azure Entra ID security group.
User records are generated automatically upon the first successful login. Although records can be removed, they will be recreated when the Azure Entra ID user logs in again.