Access control documented
This commit is contained in:
@@ -1 +1,31 @@
|
||||
# Admins
|
||||
Admins are users who are not tied to specific companies and are responsible for administering Sentri.
|
||||
## View admin
|
||||
To view admins, you need the `admin-access-admins` RO permission.
|
||||
|
||||
In the admins list, click the **view** icon to open an admin and see additional details.
|
||||
## Add admin
|
||||
To create a new admin, you need the `admin-access-admins` RW permission.
|
||||
|
||||
Complete the form and click **Add admin**. The admin will be created in a **Pending** state.
|
||||
|
||||
After creation, an invitation email is sent. The recipient must verify their account and set a password. Once completed, the admin becomes **Active**.
|
||||
## Modify admin
|
||||
To manage admins, you need the `admin-access-admins` RW permission.
|
||||
|
||||
You can edit an admin by clicking the **edit** icon in the admin list or by selecting **Edit** while viewing the admin details.
|
||||
### Send password reset email
|
||||
To send a password reset email, you need the `admin-access-admins-resetpassword` RW permission.
|
||||
|
||||
Open the admin details and click **Send password reset email** in the user management section.
|
||||
### Disable two factor authentication
|
||||
To disable two-factor authentication for another admin, you need the `admin-access-admins-mfa` RW permission.
|
||||
|
||||
Open the admin details and click **Disable two-factor authentication** in the user management section.
|
||||
# Admin status
|
||||
An admin can have one of the following statuses:
|
||||
|
||||
- **Active** – The admin is active and can log in.
|
||||
- **Pending** – The admin has been created but has not yet verified their account or set a password via the invitation email.
|
||||
- **Banned** – The admin is blocked due to suspicious or policy-violating behavior and cannot log in.
|
||||
- **Inactive** – The admin account is disabled and cannot log in.
|
||||
@@ -1 +1,17 @@
|
||||
# Permissions
|
||||
# Permissions
|
||||
Many actions in Sentri require specific permissions. These permissions are configured per user group and can be set to one of the following levels:
|
||||
|
||||
- NA (Not Available)
|
||||
- RO (Read Only)
|
||||
- RW (Read Write)
|
||||
|
||||
> [!INFO]
|
||||
> The **superuser** account has RW access to all permissions by default. This behavior is intentional and cannot be changed.
|
||||
## Viewing or modifying permissions
|
||||
To view permissions, you need the `admin-access-control-permissions` RO permission.
|
||||
|
||||
To modify permissions, you need the `admin-access-control-permissions` RW permission.
|
||||
|
||||
Navigate to **Access control** > **Permissions** and click the **view** icon. You will see the permission set assigned to each user group.
|
||||
|
||||
If you want to view or modify all permissions for a specific user group, go to **Access control** > **User groups**, then click the **view icon** next to the user group you want to view or modify. This will display the full list of permissions configured on that group.
|
||||
@@ -1 +1,20 @@
|
||||
# User groups
|
||||
# User groups
|
||||
All users in Sentri are assigned to a user group. There are currently two types of user groups:
|
||||
|
||||
- **Administrator** – Users not tied to specific companies. They are responsible for administering Sentri and are created [[Admins|here]].
|
||||
- **User** – Intended for future use for users linked to specific companies. This group type is not yet active in Sentri.
|
||||
|
||||
## User group weight
|
||||
Each user group has an associated **weight**, which is used to enforce hierarchy and prevent privilege escalation.
|
||||
|
||||
For example, if your current user group has a weight of **10**, you cannot create or assign a user to a group with a lower weight (e.g. **1**) if that would result in higher permissions than your own. This ensures users cannot create accounts with greater access than their own.
|
||||
## Adding a user group
|
||||
To add a user group, you need the `admin-access-control-user-groups` RW permission.
|
||||
|
||||
Navigate to **Access Control** > **User groups** and click **Add user group**. Enter a name and select the group type.
|
||||
|
||||
After creation, you will be able to configure the group’s [[Permissions|permissions]]. To modify permissions, you also need the `admin-access-control-permissions` **RW** permission.
|
||||
## Viewing user groups
|
||||
To view user groups, you need the `admin-access-control-user-groups` RO permission.
|
||||
|
||||
Go to **Access Control** > **User groups** and click the **view icon** next to a user group. This will show detailed information about the group, including all configured [[Permissions|permissions]].
|
||||
@@ -1,14 +1,14 @@
|
||||
# Global
|
||||
# Portal name
|
||||
## Portal name
|
||||
This setting allows you to change the name of the portal.
|
||||
Currently, this setting has limited functionality, but it will be used in future versions to support white-labeling.
|
||||
# Portal provider name
|
||||
## Portal provider name
|
||||
This setting allows you to change the provider name displayed by the portal.
|
||||
Currently, this setting has limited functionality, but it will also be used in future versions to support white-labeling.
|
||||
# Admin authentication methods
|
||||
## Admin authentication methods
|
||||
This setting will later support multiple administrator authentication methods.
|
||||
Currently, the only available option is `database_auth`.
|
||||
# CA certificate URL
|
||||
## CA certificate URL
|
||||
This URL points to the Certificate Authority (CA) certificate used by the auto-provisioning module, which is currently under development.
|
||||
# Autoprovisioning URL
|
||||
## Autoprovisioning URL
|
||||
This URL is used by the auto-provisioning system to retrieve configuration data by the auto-provisioning module, which is currently under development..
|
||||
@@ -6,11 +6,11 @@ Sentri sends emails in the following situations:
|
||||
- When a new user is created, an invitation email is sent to the user.
|
||||
- When a user requests a password reset.
|
||||
- When an administrator sends a password reset email.
|
||||
# From Name
|
||||
## From Name
|
||||
This is the sender name displayed in emails sent by Sentri.
|
||||
# From Address
|
||||
## From Address
|
||||
This is the email address used by Sentri to send emails.
|
||||
# SMTP Server Configuration
|
||||
## SMTP Server Configuration
|
||||
### Host
|
||||
The hostname or IP address of your SMTP server.
|
||||
### Secure
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Modules
|
||||
Sentri allows modules to be enabled or disabled. Each module provides its own functionality, which can be viewed [[../../index|here]].
|
||||
# Enabling and Disabling Modules
|
||||
## Enabling and Disabling Modules
|
||||
To enable or disable modules, navigate to **Settings** > **Modules** and toggle the modules you want to enable or disable.
|
||||
|
||||
> [!Note]
|
||||
|
||||
Reference in New Issue
Block a user