go to SiT | Control Panel | Users | Manage Users
From here you can:
- Add users
- Edit role permissions
- Edit the selected users profile
- Manage skills
- Manage substitutes for a user
- Edit user based permissions
- Reset a users password
Editing the selected user, will give you the same view as adding a user, but you can edit this users profile details.
The user based permissions will only give the ability to grant a user additional permissions above those of the chosen role. If there is a permission, e.g. edit/add templates, you don't want a specific user to have, but be a manager. You need to give the user the lowest role, default:user, but then edit the permissions on the chosen user and add all the rest of the permissions.
Usernames must be unique and cannot contain spaces. Each user must have an email address.
There are three available roles
Each role has different permissions, and you can alter the permissions assigned to roles should you require.
After adding a user you are presented with the user permissions page where you can grant additional permissions should the user have needs beyond that provided by the nearest role.
Note that permissions are additive and you cannot take permissions away from a user that are granted by the role except by changing the users role or altering the permissions on the role itself.
To maintain data integrity there isn't a way to delete user records from SiT!, however user accounts can be disabled which will prevent further logins and stop the users name from showing up in selection boxes etc.
To disable a users account go to Control Panel | Users and select Edit next to the user you would like to disable. Then select 'DISABLED ACCOUNT' from the Status drop down box and click Save.
For security passwords within SiT! are stored using the MD5 hash of the password, thus a password of "sitracker" would be stored as "
33b6c98cab25a503bc909a787a4c0953" within the users table.
Should you wish to create users by hand (or part of a bulk process) with blank passwords then you need to use the MD5 of an empty string ("") which is "
d41d8cd98f00b204e9800998ecf8427e" (this can also be used to audit users passwords for security). Usage of a blank password is discouraged for obvious security reasons, a preferable option would be to use a known string for new accounts passwords such as their surname, date of birth etc.
Resetting the users password, will send an email to the selected user, giving the procedure as if the user herself asked for a reset password.