DOCUMENTATION
  • Welcome
  • Releases
    • 2025
      • Release v6.20.2 (2025-05-07)
      • Release v6.20.1 (2025-05-06)
      • Release v6.20.0 (2025-04-30)
      • Release v6.19.2 (2025-04-11)
      • Release v6.19.1 (2025-03-31)
      • Release v6.19.0 (2025-03-27)
      • Release v6.18.2 (2025-03-11)
      • Release v6.18.1 (2025-03-07)
      • Release v6.18.0 (2025-02-26)
      • Release v6.17.3 (2025-02-14)
      • Release v6.17.2 (2025-02-07)
      • Release v6.17.1 (2025-02-06)
      • Release v6.17.0 (2025-01-30)
    • 2024
      • Release v6.16.0 (2024-12-12)
      • Release v6.15.0 (2024-11-27)
      • Release v6.14.2 (2024-11-05)
      • Release v6.14.1 (2024-11-01)
      • Release v6.14.0 (2024-10-31)
      • Release v6.13.3 (2024-10-16)
      • Release v6.13.2 (2024-10-10)
      • Release v6.13.1 (2024-10-02)
      • Release v6.13.0 (2024-09-25)
      • Release v6.12.2 (2024-09-18)
      • Release v6.12.1 (2024-08-01)
      • Release v6.12.0 (2024-07-25)
      • Release v6.11.5 (2024-07-09)
      • Release v6.11.4 (2024-07-05)
      • Release v6.11.3 (2024-07-03)
      • Release v6.11.2 (2024-06-21)
      • Release v6.11.1 (2024-06-14)
      • Release v6.11.0 (2024-06-05)
      • Release v6.10.2 (2024-05-15)
      • Release v6.10.1 (2024-05-08)
      • Release v6.10.0 (2024-04-30)
      • Release v6.9.3 (2024-03-19)
      • Release v6.9.2 (2024-03-15)
      • Release v6.9.1 (2024-03-06)
      • Release v6.9.0 (2024-02-28)
      • Release v6.8.5 (2024-02-02)
      • Release v6.8.4 (2024-02-01)
      • Release v6.8.3 (2024-01-12)
      • Release v6.8.2 (2024-01-05)
    • 2023
      • Release v6.8.1 (2023-12-22)
      • Release v6.8.0 (2023-12-14)
      • Release v6.7.4 (2023-11-15)
      • Release v6.7.3 (2023-11-14)
      • Release v6.7.2 (2023-11-03)
      • Release v6.7.1 (2023-10-17)
      • Release v6.7.0 (2023-10-13)
      • Release v6.6.4 (2023-09-29)
      • Release v6.6.3 (2023-09-28)
      • Release 6.6.2 (2023-09-14)
      • Release v6.6.1 (2023-08-10)
      • Release v6.6.0 (2023-08-03)
      • Release v6.5.1 (2023-06-23)
      • Release v6.5.0 (2023-06-22)
      • Release v6.4.0 (2023-05-31)
      • Release v6.3.1 (2023-04-28)
      • Release v6.3.0 (2023-04-05)
      • Release v6.2.5 (2023-03-16)
      • Release v6.2.4 (2023-02-01)
      • Release v6.2.3 (2023-01-12)
      • Release v6.2.2 (2023-01-12)
      • Release v6.2.1 (2023-01-05)
    • 2022
      • fylr first Production Ready Release 🎉 (2022-12-22)
  • License
  • Help
    • FAQs
    • Tutorials
      • For Users
      • For Administrators
        • Exporting & Importing Hierarchical Lists
        • Regenerating preview images
        • Search Text in images or office files
      • For System Administrators
        • How to setup and use IIIF
        • External access: Sharing collections with anonymous users
    • Glossary
  • FOR USERS
    • Getting Started
    • Asset / Records Management
      • Creating Records
      • Editing Records
        • Input Fields
        • Group Editor
      • Deleting Records
    • Quick Access
      • Collections (& Presentations)
      • Saved Searches (& Lists)
    • Lists
    • Plugins
      • Plugin Overview
  • FOR ADMINISTRATORS
    • Permissions
      • User
      • Groups
      • Object Types
      • Pools
      • Tags & Workflows
      • Presets
    • Tools
      • CSV Importer
        • General Information
        • Options
        • Examples
          • All Data Types
          • Lists
          • Hierarchies
          • Files
      • JSON Importer
        • Step-by-Step Tutorial
          • Write Import Manifest
          • Create Basetype Payloads
          • Create Object Payloads
          • Collection Payloads
          • Optional: Update links between Objects
          • Start Import
      • Permissions Download & Upload
    • Base Configuration
      • General
      • Access
      • User Management
      • Languages
      • Email
      • Export & Deep Links
      • Workflow Webhooks
      • Publications
      • File Worker
        • Preview Configuration
        • Location Defaults
        • Custom .icc Color Profiles
      • Objectstore
      • Services
      • License Management
      • Development
      • Plugins
    • Plugin Manager
    • Location Manager
    • Messages
    • Events
    • Backup Manager
    • Additional Features
      • IIIF
      • Connector
      • Wordpress
      • Zooniverse
      • Protocols
        • OAI/PMH
  • FOR SYSTEM ADMINISTRATORS
    • Installation
      • Linux
        • multiple fylrs in one Linux
        • proxy and fylr
      • Windows
      • Kubernetes
    • Configuration
      • fylr.example.yml
      • fylr.default.yml
      • performance tuning
      • pre-load frontend config
      • Load Custom Plugins
      • HTTP and HTTPS
      • DNS Domains
    • Backups & Restore
    • Migration Tool
      • Create payloads (fylr backup)
      • Insert payloads (fylr restore)
      • Best Practice
      • Using the fylr inspect page
    • Integration
      • Authentication
      • Hotfolder
    • Symptom & Solution
      • Log messages that can be ignored
      • too many clients are connected
      • too many nested clauses
      • context canceled
      • ContainerConfig error
      • Purge objects
    • PostgreSQL versions
  • Tutorials
    • Project Workflow
    • Hotfolder & File System Connect
      • Preparations Before Usage
      • Setting Up An Upload Collection
      • Importing Files
    • PDF Creator
    • Extracting File Metadata Later On
    • Overlay Resource
    • Authentication
      • LDAP
      • SAML
    • Data Model Sync
    • Purge a fylr instance
    • typo3 plugin
    • Use fylr in Google docs via CI HUB
  • FOR DEVELOPERS
    • API
      • OAuth2
      • Endpoints
        • /api/collection
        • /api/config
        • /api/db_info
        • /api/db
        • /api/eas
        • /api/event
        • /api/export
        • /api/group
        • /api/l10n
        • /api/mask
        • /api/message
        • /api/oaipmh
        • /api/objects
        • /api/objecttype
        • /api/plugin
        • /api/pool
        • /api/publish
        • /api/right
        • /api/schema
        • /api/search
        • /api/settings
        • /api/suggest
        • /api/system
        • /api/tags
        • /api/transitions
        • /api/user
        • /api/webdav
        • /api/xmlmapping
        • /api/task
    • System Data Types
      • pool
      • file
      • user
      • group
      • pool
      • collection
      • message
      • publish
      • event
    • User Data Types
      • text, text_oneline
      • string
      • text_l10n, text_l10n_oneline
      • boolean
      • number
      • integer.2
      • double
      • date, datetime
      • daterange
      • geojson
    • Custom Data
    • Emails
    • Export
    • Exec server
    • File versions
    • WebDAV
    • Plugin
    • Collection Pin Code
    • easydb 5
    • Localization
    • Access private Repositories
Powered by GitBook
On this page
  • Working with Groups
  • System Groups
  • Group Settings
  • General
  • System Rights
  • Permissions
  • Pseudonymization
  • Authentication Services
  • User
  1. FOR ADMINISTRATORS
  2. Permissions

Groups

User groups can be used to structure users and assign permissions. You can create your own groups or use predefined system groups. They can be assigned to users manually or automatically.

PreviousUserNextObject Types

Last updated 2 months ago

Working with Groups

Each FYLR installation comes with some predefined that cannot be deleted but can be used to assign system rights and permissions to. You can add your own groups by clicking on the plus button on the lower left. To delete a group, select it and click the minus button. You can copy a group by selecting it and click on "Copy" on the lower right of the group settings. Use the search filter to search for the name, internal name, internal comment and reference of groups. You can also filter for the group types "easydb" and "system".

Typical groups are:

  • Administrators

  • Editors / Power User

  • Reader / Staff

As users can be assigned to multiple groups, you can also have a group called "Authorized to download" for example that only grants the users the permission to download files. User can then be added to the group "Reader" (which gives them access to records without being able to download them) and the group "Authorized to download" (which additionally gives them download permissions).

If you are working with different departments / projects that should only work in their own pools, you should create the editor and reader group for each department / project.

System Groups

Each FYLR installation comes with the following predefined system groups, that will be automatically assigned to users:

GROUP
DESCRIPTION

All Users

This group includes all users. Even system user, anonymous user, LDAP & SSO user and local users.

All Users Except System Users

This group includes all users except system users like "root", "deep_link" and "oai_pmh".

Anonymous Users

Anonymous Collection Users (formerly "Pseudo users to see single collections")

Fallback Group

This group does not include any users. When a group is deleted that is the owner of records, this fallback group is set as the owner instead.

LDAP Users

This group includes all users that sign in via LDAP.

Local Users

This group includes all users that were created locally in FYLR.

Self-Registered Users

SSO Users

This group includes all users that sign in via SSO.

Users Accessing Via External Connection

Users Accessing Via Internal Connection

Users Invited by Email

Group Settings

Group settings can be extended with custom plugins.

General

FIELD
DESCRIPTION

ID

Group identifier. Will be assigned automatically.

Type

Type of the group. Local groups will be of type "easydb". Groups of type "system" cannot be deleted.

Owner

Name of the user who created the group.

Name

Name of the group.

Internal Comment

Internal comment for the group. Will not be shown anywhere else.

Internal Name

Internal name for the group. Will not be shown anywhere else.

Reference

Reference of the group. Has to be unique.

IP Subnet Filter

Preferences for New Users

Shows the default frontend preferences for new users of this group. If none are set, the system defaults are used. Includes: - search result settings - pools for the search - object types for the search - data languages - search languages - filter on/off If a user is in several groups with preferences, they will receive the preferences of the first group.

Use Preferences of User

Choose an existing user which frontend preferences should be used as a default for new users of this group.

Created

Date and time the group was created.

Last Updated

Date and time of the last update of the group.

System Rights

Permissions

Pseudonymization

Define which data of a user of this group should be kept, deleted or pseudonymized when archiving it.

OPTION
DESCRIPTION
AVAILABLE FOR FIELD

Keep

When the user is archived, the content of the field is kept.

  • Login

  • First Name

  • Last Name

  • Department

  • Email

Randomize

When the user is archived, the content of the field is replaced by a random string.

  • Login

  • First Name

  • Last Name

  • Department

Clear

When the user is archived, the content of the field is deleted.

  • Login

  • First Name

  • Last Name

  • Department

  • Email

Authentication Services

If you're using a third party user management like LDAP or SSO, you can define a group mapping here and automatically map groups used in SSO or LDAP to groups in FYLR whenever a user signs in.

METHOD
DESCRIPTION

Group Name (eq)

Group name from LDAP/SSO needs to match this string exactly.

Regular Expression (regexp)

User

View all users that are in this group.

This group includes all users that access the system without a user account. External access needs to be enabled in the .

This group includes all users that were created when to external users that don't require a log in.

This group includes all users that signed up. This possibility needs to be enabled in the .

This group includes all users that were created when or an export to an email address.

Add IP subnet filter if the user should only be assigned to this group if they log in from specific IP subnets. CIDR notation is accepted, example: 192.168.0.0/16, 2001:db8::/32. For more see the documentation

Define which parts the users of the user group should be allowed to access and which features they should be allowed to use. Please refer to the general overview of for more details.

Define which other users or user groups should be able to access (read, write, delete) this group and/or the users of this group. Please refer to the general overview of the for more details.

Group names from LDAP/SSO need to match with the regular expression. Example: students.* will match the LDAP/SSO group students and the group students-alumni but not a group named student. For more see the documentation

system rights
permissions
system groups
https://pkg.go.dev/net#ParseCIDR
https://pkg.go.dev/regexp#Match
base configuration
base configuration
sharing a collection
sharing a collection