Tenant Administrator Help

When A New User Registers

When a new person in your email domain registers for ReportMagic, as Tenant Admin, you'll get an email notifying you of this. The new account will not have access until you have approved them. To approve a user:

  1. From the Admin menu, click Users to see the new account and the fact that it is not yet approved.
  2. Either:
    • In the Users table, double-click to select the user, and select the Approved check box
    • Click the link in the email
  3. After this:
    • The account is shown with a green check mark in the Approved column
    • The user is notified by email that their account is approved
    • The user is given the default role as defined in Admin > Access Control > Roles

Using Role-Based Access Control (RBAC)

Role Based Access Control allows you, as a Tenant Admin, to customize the levels of access for your regular users to the different parts of ReportMagic. Tenant Admin users will always have access to all parts of the system./

All regular users on the system, or created in future, are assigned roles designated as Default role(s). There is one Default role out-of-the-box. If you left the permissions for this Default role unchanged, users assigned the role would have unrestricted access to all regular (non-Tenant Admin) menus and features associated with the role:

However, Tenant Admins can modify (or not use) the Default role and can also create multiple new default roles, for example, default Report Writer, default Schedule Creator and so on to restrict or allow access to different functionality.

Tenant Admins can also set up multiple non-default roles with customized permissions and then assign users to these roles.

To view the existing roles, memberships and permissions:

From the Admin menu, click Access Control. The Roles table lists the currently available roles.

Roles are made up of zero to many Role Permissions which are used to grant, manage and/or revoke access to certain aspects of ReportMagic. A user may be associated with zero to many Roles as shown if you scroll down to the Role Memberships table.

Creating a Role

To create a new role:

  1. In the Roles pane, click Create
  2. Add a unique name for the role, a useful description and choose whether it is a default role. All default roles will be assigned to all users created in future

Creating Role Permissions

To create permissions for a role:

  1. Scroll to the Role Permissions pane and click Create
  2. In the bottom box, choose the required role from the dropdown list
  3. Enter a name and description then choose the Type of permission required
    • Area based permission types switch an entire feature on or off (for example, a menu item) and Read and Write do not apply to this.
    • Connection permission types (from v3.10 onwards) allow an Admin to control access to a Connection (i.e. whether the Connection is accessible to specific non-Admin regular users). This also requires Connection Roles and Role Permissions to be created (and put users into those Roles, via Role Memberships) which then limit the Connection(s) concerned. More details can be found in Connection Role Security
    • Folder permission types relate to folders - type a string or search for the relevant folder in Files. Any restrictions here may affect the use of Schedules
      • Read allows viewing of the contents of the folder and its subfolders
      • Write allows writing to the folder and subfolders. Tip: If your user will be executing Schedules manually, they will need write access to the Schedule's output folder.
      • Execute is reserved for the future and currently does nothing for Folders
    • ReportSchedule permission types are Regex-based and match on Schedule names. Access to the Report Schedules area is required in order to see any Schedule. For any Schedule that matches the Regex:
      • Read allows viewing of the Schedule
      • Write allows writing (i.e. editing and saving) to the Schedule
      • Execute allows the running of the Schedule
  4. Choose the Role to which this permission applies then click Save.
  5. Repeat this process for each Area, Folder and Report Schedule permission that you may need. For example you might wish to create roles for Service Management with access to Report Schedules and Files.

Note: Role Permissions are additive. Unless a permission is specified, there is no access. Where permissions are set across multiple roles or permissions, the enabling of access will always override the revocation of it should there be contradictory permissions set.

Changing a user's Role Membership

  1. To change a user's Role Membership:
  2. From the Admin menu, click Access Control
  3. Scroll down to the list of users
  4. Next to the required user, double-click the cross or check mark to change it:

About Role Memberships

  • Only regular users are shown in the Role Memberships table, because Administrators have access to all of ReportMagic
  • A user promoted to Administrator will no longer have any associated roles and no longer appears in the Role Memberships table
  • An Administrator demoted to regular user will be automatically assigned the default role(s) and will appear on the Role Memberships table once approved
  • Users can be associated with zero, one or many Role Memberships
  • A user with no Role Memberships has no access to any ReportMagic features except those available to non-logged in users, for example Help
  • If you unapprove a user, any Role Memberships associated with the user are removed.
  • A new but not yet approved user can have Role Memberships assigned in advance of approval
Home ReportMagic AlertMagic DataMagic NCalc 101 Docs
Feedback
Type
Priority
Summary
Description
Page
Username
Include Screenshot
Search
Search Term
Search Product
An unhandled error has occurred. Reload 🗙