Groups
User groups can be used to structure users and assign permissions. You can create your own groups or use predefined system groups. They can be assigned to users manually or automatically.
Working with Groups
Each FYLR installation comes with some predefined system groups that cannot be deleted but can be used to assign system rights and permissions to. You can add your own groups by clicking on the plus button on the lower left. To delete a group, select it and click the minus button. You can copy a group by selecting it and click on "Copy" on the lower right of the group settings. Use the search filter to search for the name, internal name, internal comment and reference of groups. You can also filter for the group types "easydb" and "system".
Typical groups are:
Administrators
Editors / Power User
Reader / Staff
As users can be assigned to multiple groups, you can also have a group called "Authorized to download" for example that only grants the users the permission to download files. User can then be added to the group "Reader" (which gives them access to records without being able to download them) and the group "Authorized to download" (which additionally gives them download permissions).
If you are working with different departments / projects that should only work in their own pools, you should create the editor and reader group for each department / project.
System Groups
Each FYLR installation comes with the following predefined system groups, that will be automatically assigned to users:
All Users
This group includes all users. Even system user, anonymous user, LDAP & SSO user and local users.
All Users Except System Users
This group includes all users except system users like "root", "deep_link" and "oai_pmh".
Anonymous Users
This group includes all users that access the system without a user account. External access needs to be enabled in the base configuration.
Anonymous Collection Users
This group includes all users that were created when sharing a collection to external users that don't require a log in.
Fallback Group
This group does not include any users. When a group is deleted that is the owner of records, this fallback group is set as the owner instead.
LDAP Users
This group includes all users that sign in via LDAP.
Local Users
This group includes all users that were created locally in FYLR.
Self-Registered Users
This group includes all users that signed up. This possibility needs to be enabled in the base configuration.
SSO Users
This group includes all users that sign in via SSO.
Users Accessing Via External Connection
Users Accessing Via Internal Connection
Users Invited by Email
This group includes all users that were created when sharing a collection or an export to an email address.
Group Settings
Group settings can be extended with custom plugins.
General
ID
Group identifier. Will be assigned automatically.
Type
Type of the group. Local groups will be of type "easydb". Groups of type "system" cannot be deleted.
Owner
Name of the user who created the group.
Name
Name of the group.
Internal Comment
Internal comment for the group. Will not be shown anywhere else.
Internal Name
Internal name for the group. Will not be shown anywhere else.
Reference
Reference of the group. Has to be unique.
IP Subnet Filter
Add IP subnet filter if the user should only be assigned to this group if they log in from specific IP subnets. CIDR notation is accepted, example: 192.168.0.0/16, 2001:db8::/32. For more see the documentation https://pkg.go.dev/net#ParseCIDR
Preferences for New Users
Shows the default frontend preferences for new users of this group. If none are set, the system defaults are used. Includes: - search result settings - pools for the search - object types for the search - data languages - search languages - filter on/off If a user is in several groups with preferences, they will receive the preferences of the first group.
Use Preferences of User
Choose an existing user which frontend preferences should be used as a default for new users of this group.
Created
Date and time the group was created.
Last Updated
Date and time of the last update of the group.
System Rights
Define which parts the users of the user group should be allowed to access and which features they should be allowed to use. Please refer to the general overview of system rights for more details.
Permissions
Define which other users or user groups should be able to access (read, write, delete) this group and/or the users of this group. Please refer to the general overview of the permissions for more details.
Pseudonymization
Define which data of a user of this group should be kept, deleted or pseudonymized when archiving it.
Keep
When the user is archived, the content of the field is kept.
Login
First Name
Last Name
Department
Email
Randomize
When the user is archived, the content of the field is replaced by a random string.
Login
First Name
Last Name
Department
Clear
When the user is archived, the content of the field is deleted.
Login
First Name
Last Name
Department
Email
Authentication Services
If you're using a third party user management like LDAP or SSO, you can define a group mapping here and automatically map groups used in SSO or LDAP to groups in FYLR whenever a user signs in.
Group Name (eq)
Group name from LDAP/SSO needs to match this string exactly.
Regular Expression (regexp)
Group names from LDAP/SSO need to match with the regular expression. Example: students.* will match the LDAP/SSO group students and the group students-alumni but not a group named student. For more see the documentation https://pkg.go.dev/regexp#Match
User
View all users that are in this group.
Last updated