User Management and Roles
User Management and Roles
CData Sync supports three types of users (roles):
The first time that you launch Sync, the application prompts you to create the first application user (with username and password credentials).
Note: The first user that you create defaults to the Admin role because this roll has full control over the application.
The section describes each of the three user roles and provides a list of which actions each role can perform.
The Admin role provides full control over the application. As mentioned earlier, the first user that you create in Sync defaults to this role.
An Admin user can create new jobs and connections, change application settings, and perform every other operation supported by the console. In addition, only admins can view the Audit log, which records changes that are made within the application (by any user).
The Standard role allows for the creation, editing, and deletion of jobs and connections, but it does not allow for changing application-wide settings like those that appear on the Settings tab.
The Operator role is a Read-only role. These users cannot create new jobs, delete jobs, or change application settings. Operator users can start and stop jobs, view job history, and download job logs.
User Roles Comparison
The following list shows which actions each user role can perform:
View connections, jobs, and transformations: All roles (Admin, Standard, Operator)
View application and job-execution logs: All roles (Admin, Standard, Operator)
Execute jobs and transformations: All roles (Admin, Standard, Operator)
Manage connections: Admin, Standard
Manage jobs and transformations: Admin, Standard
Install new connectors: Admin, Standard
Manage users: Admin
Change application settings: Admin
View Audit logs: Admin
User Creation and Management
To create and manage further users, navigate to Settings > Users. The Users tab includes a table of users that are defined and includes information about the users’ roles, Sync API access tokens, and more.
Only Admin users have permission to manage other users. Admin users can create, delete, and modify users.
User Creation on External Java Servlets
When the Java Edition of Sync is deployed to an external servlet (that is, Sync is not using the embedded server that is included in the Java Edition download), additional Java Authentication and Authorization Service (JAAS) configuration is required to enable Sync to create users dynamically within the application. For more information about JAAS configuration for specific Java servlets, see Java Edition.
CData Sync API Access
Each user can be granted an Auth token that enables access to the Sync API. For more information about authenticating against the Sync API, see Sync API.
The specific actions that a user can perform via the Sync API mirrors the actions that the same user can perform via the UI. For example, a user that cannot delete connections via the UI cannot use the Sync API to delete connections. To perform any arbitrary action via the Sync API, use an Auth token from an Admin user when you invoke the API.
In the event that an administrator is locked out of Sync, the embedded web servers in each edition provide the ability to reset an administrator’s password to regain access to the application.
To reset the password in the Java Edition, submit the following command:
java -jar sync.jar -ResetPassword -User <user> -Password <password> -AppDirectory <AppDirectory>
To reset the password in the Microsoft Windows Edition, submit the following command:
CData.Sync.exe -ResetPassword -User <user> -Password <password> -AppDirectory <AppDirectory>