The Administrator node is designed for easy management of your Applications' security and workflow. In this guide, we will cover all the functions and options offered by Kepion's Administrator node.
Access the Administrator Node
Access the Administrator tab by selecting Administrator from the navigation bar:
If you want to directly go to a specific Application, hover over Administrator and select the Application from the drop-down menu. Alternatively, click Administrator and select your target Application from the list.
Note: In some versions of Kepion, you may notice two additional sections called Workbook App and Monitor. Workbook Apps are deprecated, as all their functionality can be reproduced in Dashboard Apps. The equivalent to the Monitor section is now a Dashboard App's Progress tab.
User & Group
The User & Group node allows administrators to:
- Create and remove users and user groups
- Edit group memberships, permissions, and restrictions
|User & Group||Create and manage groups and users.|
|Membership||Add multiple users to a group to make permission management easier.|
|Permission||Configure user or group data permissions for both Models and Dimensions (when Dimension security is enabled).|
|Restriction||Restrict what parts of the Administrator Module and the Modeler users or users within groups can access.|
User & Group
In the User & Group section, you can:
|Refresh||Refresh the User & Group page.|
|Add||Add users, groups, or roles, to your Application.|
|Remove||Remove user, groups, or roles from your Application.|
|AD Sync||Sync your users and groups with your Active Directory.|
To add a user/group:
1. Select Add.
2. Select the Type of user you are creating:
User or Group: Users or groups that are authenticated through the Active Directory.
Role: A custom set of users or groups.
Custom: Users that only exist locally in the application, useful for testing permissions and security
For this example, we will create a custom user:
- When creating a regular user, enter the domain\username (e.g., COMPUTER\John Smith) or the UPN (e.g., firstname.lastname@example.org).
- When creating a custom user, simply type in the name of the custom user.
Select OK when you're done configuring the user, role, or group.
To delete a user, group, or role:
Select the checkbox next to the name and click Remove .
The Membership section allows administrators to assign users/groups to roles.
1. Select a user, group, or role from the Configure drop-down.
2. Click the checkbox next to the target party
3. Select OK.
Note: The Configure drop-down menu appears in the Membership, Permission, and Restriction sections. The selected user remains the same as you go through these sections unless you change it yourself.
When a user is selected, all of their assigned groups and roles are displayed. The user Kepion, displayed in the screenshot below, is in the administrator role.
To assign roles/groups:
1. Select Add to Role to assign users roles/groups.
2. Click the checkboxes next to the target roles/group.
3. Select OK.
To remove users from role/group:
1. Click the checkboxes of the target roles/groups.
2. Select Remove.
Note: When you have a role selected, the Add to Role button becomes an Add Member button. You can add multiple members to the same role.
The Permission section enables Administrators to dictate the permissions for Dimensions and Models.
The following actions are found in the Permissions section:
|Dimension||Edit read and write permissions for each Dimension.|
|Model||Edit read and write permissions for each Model.|
When you select Dimension, you will see two tabs: Read and Write. Both tabs have a drop-down menu where you can select the Dimension you want to configure.
The member selection screen here functions the same as those in the Form Editor. If you give the user write access, they will implicitly have read access. Once you have selected all the necessary requirements, select the OK button.
Note: In order to set permissions by Dimensions, you will need to go to the Modeler. Once the All Dimension node is selected, select the Security checkbox for the relevant Dimension. By default this is not selected as it may slow down performance.
Model shows what read/write permissions the selected member has for each Model. Check or uncheck the Read and Write boxes depending on the permissions you want to give to the user.
Tip: For more information, read Manage Data Security.
The Restriction section allows administrators to dictate which parts of the Administrator Module and Modeler certain users, groups, or roles can access.
- View: Give users the option to view all the settings.
- Edit: Give users the option to edit all the settings.
Tip: For more information, refer to the Restrict Modeler and Administrator Access article.
Dashboard App allows administrators to configure users, rules, page and write restrictions, approval, and submissions settings. It does not have any subsections, but can be divided into folders:
After selecting the Dashboard App, you will see all of your Apps:
1. Select Add to create a Dashboard App.
2. Configure the App:
Name: Desired name of the Dashboard App.
Copy From: Select an existing Dashboard App to copy to the new Dashboard App. Default means you are not copying from any existing Dashboard App.
Dashboard: Select the Dashboard with which to create the Dashboard App.
Note: Copy From and Dashboard are mutually exclusive. You cannot select an option from both.
3. Select Save to create the Dashboard App.
Select the checkbox of an App and click Remove to delete the App.
Sort your Dashboard Apps by hovering over one and selecting Edit in the Folder column. Enter the name of the folder, which will contain the App.
Click the Save icon to save all changes.
The new folder Test will appear in the right-side navigation pane.
Dashboard App Configuration
To access the Dashboard App Settings, click your target App.
The following tabs are accessible after selecting a Dashboard App:
|Configuration||Configure the App's name, title, description, start/end dates, and workflow settings.|
|User||Add or remove the App's Contributors, Reviewers, and Approvers.|
|Rule||Associate a SQL rule with a Dashboard Page.|
|Page Restriction||Limit which Pages users or groups can access.|
|Write Restriction||Limit user/group writing permissions for Dimension Members.|
|Approval||Add an approval process (Advanced Workflow).|
|Submission||View the progress of users and their approvals according to the approval chain definition.|
The Configuration tab has two sections: General and Workflow.
In general, the following options are available:
|Name||The system name of the Dashboard App. Changing the name may affect references to Rules.|
|Title||The display name of the Dashboard App.|
|Folder||The folder it appears under in the Administrator and Apps modules.|
|Description||A description of the Dashboard App.|
|Dashboard||The Dashboard that will be used for this App.|
|Start Date||The first date the Dashboard App is available.|
|End Date||The last date the Dashboard App is available.|
The following options are available in the WORKFLOW section:
|Workflow Type||Select whether the workflow will have an approval process (Advanced) or not (Basic).|
|Auto Create||Create a new submission on start.|
|Allow Multiple Submission||Users can start multiple submissions.|
|Lock||Lock this workflow to prevent additional changes to the data model.|
|Notification||Enable email notifications on workflow actions.|
Note: If the Basic Workflow is selected, you will be allowed to add only Contributors to the App.
The User tab is used to dictate what actions users can perform in the Dashboard App:
|Contributor||Add a user or group as a contributor to the Dashboard App.|
|Reviewer||Add a user or group as a reviewer to the Dashboard App.|
|Approver||Add a user or group as an approver to the Dashboard App.|
|Remove||Remove a user or group from the App.|
Tip: For more information, refer to Monitor Workflow Progress.
The Rule tab allows administrators to associate rules with Dashboard Pages. The following options appear in the Rule tab:
|Add||Associate a Rule with a Form in a Dashboard Page.|
|Remove||Remove an associated Rule.|
|Move Up||Move the priority of the Rule up.|
|Move Down||Move the priority of the Rule down.|
Note: The Rule order matters because the rules run from top to bottom.
Tip: For more information, refer to the Configure SQL Rule article.
The Page Restriction tab allows administrators to limit users' access to Pages.
Administrators have the following options:
- Add: Set restrictions on what Apps a user, group, or role can access.
- Remove: Remove a Dashboard Page from being accessible to a particular user, group, or role.
Note: By default, users have access to all pages in a Dashboard App. Granting them explicit access to any number of pages will remove this implicit access.
To set up Page permissions:
1. Click Add .
2. Select the target user, group, or role from the Configure drop-down.
3. Check the boxes next to the Pages you to make accessible to the target party.
To remove a restriction:
1. Select the Page's checkbox.
2. Select Remove .
Write restrictions allows administrators to constrain users to only write to designated Dimension Members within the App. This constraint differ from Dimension Security as the restriction only applies to this particular App, not the entire Application.
The process of adding and removing write restrictions is the same as for Page Restrictions.
Tip: For more information, refer to Manage Data Security.
The Approval tab allows administrators to manage approval workflow processes.
To set up an approval chain:
1. Click Add.
2. Select the target user or group from the Apply To drop-down.
3. Drag and drop approvers to build an approval chain.
Tip: To learn more about adding an approval chain, read Monitor Workflow Progress.
The Submission tab allows administrators to understand how far along each submission is in the workflow process. The following options appear on the Submission tab:
|Refresh||Refresh the page.|
|Remove||Remove selected submissions.|
|Update Forms||Update changes to the Form in a submission.|
|Reset Workflow||Reset the approval process.|
|Configure emails to be sent at different points in the approval process.|
|Sort||Sort the submissions by columns such as Status, Owner, Submission, etc.|
|Approver||Show the available workflow depending on which approver is selected.|
Tip: For more information, refer to Monitor Workflow Progress.
The Notification section allows administrators to configure the email notifications for Submit, Approve, Recall, and Reject functions.
To begin editing:
Click the Edit button.
The section has the following options:
|Revert||Exit Editing mode without saving any edits.|
|Save||Save all changes made.|
|Message Template||Choose the language that all emails are written in or customize each message with using HTML formatting.|
The section has the following tabs:
|Submit||Configure email notifications for every submission.|
|Approve||Configure email notifications for every approval.|
|Recall||Configure email notifications for every recall.|
|Reject||Configure email notification for every rejection.|
Tip: For more information, refer to Configure Email Notifications.