User Management and Roles
User Management and Roles
User Creation and Management
The first time Sync is launched, the application will prompt for creating the first application user (username and password). The first user defaults to the Admin role, as defined below.
To create and manage further users, navigate to the Settings page and then the Users tab. This tab includes a table of users and includes information about the users’ roles, Sync API access tokens, and more.
Users can be created, deleted, and modified via this page. Only Admin users have permission to manage other users.
User Creation on External Java Servlets
When the Java edition of Sync is deployed to an external servlet (i.e. not using the embedded server included in the Java edition download), additional JAAS configuration is required to allow Sync to dynamically create users within the application. More information on JAAS configuration for specific Java servlets can be found in the Java Edition documentation page.
CData Sync supports three different types of users (roles):
The following subsections describe each role, and the next section contains a comparison table.
The Admin role provides full control over the application. An admin can create new Jobs and Connections, change Application settings, and perform every other operation supported by the console.
Additionally, only admins can view the Audit Log, which records changes made within the application (by any user).
The Standard role allows for the creation, editing, and deletion of Jobs and Connections, but does not allow for changing application-wide settings like those exposed in the Settings tab.
The Operator role is a read-only role; these users cannot create new Jobs, delete Jobs, or change application settings. Operator users can start and stop Jobs, View Job History and download Job Logs.
User Roles Comparison Table
- View Connections/Jobs/Transormations All roles (Admin, Standard, Operator)
- View Application and Job Execution Logs All roles (Admin, Standard, Operator)
- Execute Jobs/Transformations All roles (Admin, Standard, Operator)
- Manage Connections Admin, Standard
- Manage Jobs/Transformations Admin, Standard
- Install new Connectors Admin, Standard
- Manage Users Admin
- Change Application Settings Admin
- View Audit Logs Admin
Sync API Access
Each user can be granted an Auth Token that can be used to access the Sync API. For more information on authenticating against the Sync API, please see the Sync API Documentation.
The specific actions that a user can perform via the Sync API mirrors the actions that the same user could perform via the UI. For example, a user that cannot delete connections via the UI cannot use the Sync API to delete connections. To perform any arbitrary action via the Sync API, use an auth token from an Admin user when invoking the API.
In the event that an administrator is locked out of Sync, the embedded web servers in each edition provide the ability to reset an administrator’s password in order to regain access to the application. For example, in the Java edition:
java -jar sync.jar -ResetPassword -User <user> -Password <password> -AppDirectory <AppDirectory>
and in the Windows edition:
CData.Sync.exe -ResetPassword -User <user> -Password <password> -AppDirectory <AppDirectory>