Overview
User Management is a centralized interface from which administrators can configure their site's user groups, the members of these groups, and the permissions associated with these groups. Permissions are used within the software to assign and restrict access to specific actions, features, and data.
This article discusses the following topics related to User Management:
- Access and Permissions
- Restriction and Visibility Options
- Users Overview
- Editing a User
- Creating a User
- Inviting Users
- Groups Overview
- System Groups
- Custom Groups
- Editing a Group
- Creating a Group
- Frequently Asked Questions
To access User Management navigate to Staff > Staff Permissions in the classic administrative menu.
To view the User Management option the admin must have the following permission:
- Staff Permissions (View)
To make changes to existing groups and users, the admin must have the following permission:
- Staff Permissions (Edit)
To create new users, the admin must have the following permission:
- Staff Permissions (Add)
Restriction and Visibility Options
Restriction and visibility options can be assigned to a group or to an individual user as a way to limit access to applications and data within those applications.
A restriction is an option that can be assigned to a group as a way to limit which applications the group's users can access. This means that a restriction impacts the applications that a user is able to see. If a program and applicant parameter are assigned as a restriction for a group, then users in that group will have access to applications for the selected program. They will also have access to applications where applicants have the selected applicant parameter value. This is the same as it has always been with the staff permissions.
The "Users" section of the User Management interface gives admins the ability to create a site user, invite one or more users to a permission group, and manage permissions at the user level.
The "Users" interface is organized as follows:
User Search Tools
- Search for Users: Keyword search field.
- Filters: Choose to search by username, email, first name, or last name.
- Show Staff Members Only Toggle: When enabled, only a list of users who have been assigned at least one permission is displayed. When disabled, all site users are listed. If you search for someone and they do not appear in this listing, then they likely do not yet have a user ID in the site. If a user has been invited and is pending registration, then they will not appear in this listing until after they've completed their registration.
- Pagination: Adjust the number of items listed per page.
Columns
- Username
- First Name
- Last Name
- Actions: Edit or delete user.
Invite Users
- Use this option to add multiple users to one or more groups and notify them of the update. Existing users are notified that they've been added to one or more groups. New site users are prompted to complete their registration and create a password.
- See the "Inviting Users" section of this article for full details.
Create Users
- Use this option to create and add a single user to one or more groups.
Pending Users
- If you've used the "Invite Users" feature to invite users who need to complete their registration, then the "Pending Users" section will allow you to view any pending invitations, their registration link status, and take such actions as resending or deleting invitations as needed.
To modify an existing user, click on the edit pencil for the respective user in the "Actions" column. This action will route you to an edit page with the user's full information:
Edit User
In this section, the information of a user can be modified. After making your changes, click "Save".
Groups
In addition to the options for editing the user's information, a "Groups" section appears from which you can manage the groups to which the user belongs.
To add the user to a group, select the group from the drop-down menu and click on the "+" icon. The group will drop to the table, and the change will be automatically saved.
To remove the user from a group, click on the "Remove Group" icon. This change will be automatically saved.
Show Advanced Settings
To manage individual permissions for the user, click on the "Show Advanced Settings" link. This action will expand an "Access and Permissions" section where permissions, restrictions, and visibility options can be managed on the user level.
Offices are encouraged to manage permissions at the group level.
Important Note: When the user has a restriction assigned at the user level, an alert icon will appear next to the "Show Advanced Settings" link:
To create a user to add to one or more groups, navigate to the "Users" tab and click on the "+" icon.
This action will open a page from which you will be able to populate information about the user, manage the groups to which they belong, and modify any user-level permissions as needed.
Regardless of whether a user is integrated or not, the Invite Users option allows an admin to generate a list of users to add to one or more groups at once. Invitees are notified, and those users who are not already registered in the system will be invited to complete that process and generate a password.
To get started, navigate to the "Users" tab and click on the "Invite User" button at the bottom of the page.
This action will prompt the Invite Users wizard to open.
Follow these steps:
1. User Group(s)
Select one or more groups to which you will add your users. A minimum of one group must be selected.
2. Email Addresses
Enter an email address for each user that you wish to invite to the group(s) selected in step one. Each email address must be comma-separated with no spaces between.
After entering all desired email addresses, click "Validate". This action will prompt a table to display with information about each user in columns as follows:
- Type: Non-Integrated or Integrated
- Email:
- Username
- First Name
- Last Name
- Actions: If a user was selected and you no longer want to include them in the invite process, use the delete option to remove them from your invitation.
Non-integrated users are those whose information is not in the SIS/HR file sent from the institution. These users will use an email address for their username and log into the Terra Dotta site with credentials provided to them. For the invite process, an admin would only enter an email address for a non-integrated user. The first and last names will be entered during the registration process by the user directly.
An integrated user has information being sent from the institution's SIS/HR file, and they must authenticate through the institution's Secure Campus Login (SCL). An integrated user will have a UUUID username needed for authentication. Their information will be fully populated in the validation table as follows:
4. Invite Users
When you've confirmed that your desired user group(s) and users have been selected, then you must click on the "Invite Users" button in step four to complete the invitation process.
This action will prompt an automated email to be sent to all invited users which uses the email template located under Process > Notifications > User Invitation. The default message in the template can be modified.
Important Note:
- All users will receive the same email message with one exception:
- If the invitation is sent to a user who already exists in the Terra Dotta site, then they will see a link that directs them to the site's login page.
- If the invitation is sent to a user who does not already exist in the Terra Dotta site, then the will see a link that directs them to a user registration page.
5. User Registration (For those invited users who have not yet been created in your Terra Dotta site)
An invited user who has not yet been added as a user in the Terra Dotta site will click on the appended login link in their invitation email. This will route them to a user registration page from which they will be prompted to enter the following information:
- First Name
- Last Name
- Mobile Phone (optional)
- Password
- Confirmation of Password
After all required information has been entered, the "Create My Account" button will become accessible. The user will click on this button and be routed to a confirmation page. The text on this page, which cannot be modified, will contain:
- A confirmation of the user's username.
- A reminder that they will need to user their username and password to log into the site.
- A link from which they can access the site.
The "Groups" section of the User Management interface gives admins the ability to create a permission group and manage any restrictions to that group along with members of that permission group. Think of each user group as a unique cohort to which a specific set of permissions have been assigned.
The "Groups" interface is organized as follows:
Group Search Tools
- Search by Group Name: Keyword search field.
-
Filters
- System Group
- Custom Group
- Show All
- Pagination: Adjust the number of items listed per page.
Columns
- Group Name
- Actions: Edit and delete
Create Group
- Use this option to add a group.
System Groups are permissions groups that have been pre-made by the software and carry a label to differentiate them from custom permission groups that an admin might create on their own. System Groups cannot be deleted, nor can their label be modified.
The system groups of Application Managers, Program Managers, System Administrators, and Website Managers are unique in that they are hard-coded and automatically updated by the software. This means that they each respectively contain all permissions needed for a staff member in a role as an application manager, a program administrator, a system administrator, or a website administrator, and these permissions cannot be modified by an admin. A key benefit of using these system groups is that they are automatically updated by the system when new, relevant permissions are added to the software. For example, if a new feature is added that pertains to managing programs, then the Program Managers system group will automatically be assigned that permission so that admins in this system group can access and use the new feature upon its deployment to production sites.
The system groups of Recommenders, and Reviewers act in a slightly different manner in that their assigned permissions can be modified by an admin.These system groups are not automatically updated by the system when new, relevant permissions are added to the software. Because these system groups have been migrated from classic, they may be tied to functionality on your site as offices have used these classic permission groups differently to support their needs.
The system groups consist of the following:
-
Application Managers
- Members of this user group have permissions assigned for Analytics, Applicant Admin, and Profile Admin.
-
Program Managers
- Members of this user group have all Program Admin permissions assigned.
-
Recommenders
- Members of this user group have no assigned permissions.
-
Reviewers
- This system group is the same as the classic Reviewers permission group. If anyone is in this group and you want to transition to using the current Reviewers Managementfunctionality, then you can create a new, custom Reviewers group by copying the users from this classic group to the new one. Your custom Reviewers group should not need any permissions assigned because permissions for reviewers are based on Reviewer Roles in Reviewers Management.
-
System Administrators
- Members of this user group are often considered power users in the system because they work in the software regularly and are proficient in its use.
- This user groups has permissions assigned for Analytics, Applicant Admin, Course Approvals, Department Management, Maintenance, Process Admin, Profile Admin, Program Admin, Staff Admin, System Settings, and Website Admin.
-
Website Managers
- Members of this group have select permissions from System Settings (Image Library and account information) and all Website Admin permissions.
A custom group is one which an office has created on their own, and it does not automatically receive any new permissions added to the system. With a custom group, you can edit the permissions assigned and even delete the group.
Important Note:The Facilitators groups is the one custom group which cannot be deleted. Because offices have traditionally used the Facilitators group in unique ways, this custom group may be tied to various functionality on your site. For this reason, an office may choose to leave the assigned permissions for their Facilitators group as is while also using the System Administrators group going forward.
You can modify a group by clicking on the edit pencil in the "Actions" column for the respective group. This routes you to an interface with four tabs:
- Permissions
- Restrictions
- Visibility
- Users
Permissions
Under the Permissions tab, you can view the assigned permissions for a group.
- A system group's permissions will display in a list format and cannot be edited.
- A custom group's assigned permissions can be modified by adding or removing the desired permissions.
If a site is using multiple products, such as Study Abroad and AlertTraveler, then the option to filter by a specific product line is available.
Restrictions
A restriction is an option that can be assigned to a group as a way to limit which applications the group's users can access. This means that a restriction impacts the applications that a user is able to see. If a program or applicant parameter is assigned as a restriction for a group, then users in that group will only have access to applications for the selected programs and applications where applicants have the selected applicant parameter value.
For full details, see the "Restrictions and Visibility Options" section of this article.
Visibility
Visibility is an option that can be assigned to a group as a way to limit what data a group's users can view within an application. This means that a visibility option functions in the same way as a Data Access Object (DAO) in the classic permissions system as it impacts what a group's users can see in applications.
For full details, see the "Restrictions and Visibility Options" section of this article.
A new group can be created manually or by copying the permissions and users from an existing group. To get started, click the "+" icon.
This navigates you to a page from which you can get started creating a group with these steps:
1. Enter a name for your user group.
2. Select the option which corresponds with how you wish to set up your new group.
- Set Up Manually:Select the specific permissions for your group. Set any desired restrictions and/or visibility options. Add users one by one to the group.
- Copy Settings from Another Group:Save time and select a group from which your new group will receive its assigned permissions, restrictions, and visibility options. It is also possible to copy users from an existing group to your new group.
3. Click "Create" when ready to create your group.
1. What is the difference between the custom Facilitators group and the System Administrators group?
The System Administrators group will be updated automatically by the system to contain any new permissions assigned to that group. For offices who used the Facilitators group, you may choose to leave users in that group - and also add them to the System Administrators group. You may also choose to move everyone who was in the Facilitators group completely out of that group and into the System Administrators group.
Terra Dotta's in-app messages will appear to members of both the Facilitators and System Administrators groups going forward.
2. Are users always notified when they are added to a group?
No, they are not.
In the following scenarios, existing users are not notified when they are added to a group:
- Groups > Edit Group > Users > Add User to Group.
- Groups > Create Group > Search for Existing Users.
- Users > Edit User > Select Group to Add.
In the following scenarios, users are always notified:
- If you use the "Invite User" feature, which adds both existing and new users to a group, then the Invite User email notification will always be sent.
- If you use the "Create User" option, then the User Created email notification will always be sent.
3. If a user is a member of multiple groups, one which might have more restrictive permissions than the other group, then how will this be managed in the site?
Everything is additive in User Management. Therefore, it is not possible to restrict a user to a subset of programs in one user group and then not honor that restriction elsewhere.
4. Have data access objects (DAOs) been replaced in User Management?
The ability to restrict access to specific applications and data within those applications still functions as it did previously in the classic staff permissions system. In User Management, the use of a restriction option is the same as restricting application access to those of a specific program, program group, or applicant parameter value. The use of a visibility option is the same as restricting access to data objects, or information within an application based on the assigned questionnaires and applicant parameters.
5. Is there a limit to the number of users who can be invited at once using the "Invite User" feature?
The limit is based on the character limit of 500 for the email addresses in step two of the invite process.
6. When users are invited as part of the Invite User process, how long does the registration link last before it expires?
The link will expire after 24 hours. An admin can navigate to the "Pending Invitations" section of the "Users" tab and resend an invitation if the link has expired before the user has been able to take action.