User Management and Roles
Version 23.4.8843
Version 23.4.8843
User Management and Roles
CData Sync supports four types of users (roles):
-
Admin
-
Standard
-
Job Creator
-
Job Operator
The first time that you launch Sync, the application prompts you to create the first application user (with username and password credentials).
Note: The first user that you create defaults to the Admin role because this role has full control over the application.
User Roles
The section describes each of the three user roles and provides a list of which actions each role can perform.
Admin Role
The Admin role provides full control over the application. As mentioned earlier, the first user that you create in Sync defaults to this role.
An Admin user can create new jobs and connections, change application settings, and perform every other operation supported by the console. In addition, only admin users can view the Audit log, which records changes that are made within the application (by any user).
Standard Role
The Standard role allows users to create, edit, and delete jobs and connections, but it does not allow for changing application-wide settings like those that appear on the Settings tab.
Job Creator Role
The Job Creator role allows users to create, edit, and delete jobs and transformations, but it does not allow access to connections and does not allow for changing application-wide settings.
Job Operator Role
The Job Operator role is a Read-only role that enables users to start and stop jobs, view job history, and download job logs. However, these users cannot create new jobs, delete jobs, or change application settings.
User Roles Comparison
The following list shows which actions each user role can perform:
-
View connections, jobs, and transformations: All roles (Admin, Standard, Job Creator, Job Operator)
-
View application and job-execution logs: All roles (Admin, Standard, Job Creator, Job Operator)
-
Execute jobs and transformations: All roles (Admin, Standard, Job Creator, Job Operator)
-
Manage jobs and transformations: Admin, Standard, Job Creator
-
Manage connections: Admin, Standard
-
Install new connectors: Admin, Standard
-
Manage users: Admin
-
Change application settings: Admin
-
View Audit logs: Admin
User Creation and Management
To create and manage further users, navigate to Settings > Users. The Users tab includes a table of users that are defined and includes information about the users’ roles, Sync API access tokens, and more.
Only Admin users have permission to manage other users. Admin users can create, delete, and modify users.
User Creation on External Java Servlets
When the Cross-Platform Edition of Sync is deployed to an external servlet (that is, Sync is not using the embedded server that is included in the Cross-Platform Edition download), additional Java Authentication and Authorization Service (JAAS) configuration is required to enable Sync to create users dynamically within the application. For more information about JAAS configuration for specific Java servlets, see Cross-Platform Edition.
CData Sync API Access
Each user can be granted an Auth token that enables access to the Sync API. For more information about authenticating against the Sync API, see Sync API.
The specific actions that a user can perform via the Sync API mirrors the actions that the same user can perform via the UI. For example, a user that cannot delete connections via the UI cannot use the Sync API to delete connections. To perform any arbitrary action via the Sync API, use an Auth token from an Admin user when you invoke the API.
Password Resets
In the event that an administrator is locked out of Sync, the embedded web servers in each edition provide the ability to reset an administrator’s password to regain access to the application.
To reset the password in the Cross-Platform Edition, submit the following command:
java -jar sync.jar -ResetPassword -User <user> -Password <password> -AppDirectory <AppDirectory>
To reset the password in the.NET Edition, submit the following command:
CData.Sync.exe -ResetPassword -User <user> -Password <password> -AppDirectory <AppDirectory>