Actions

Manage users: Difference between revisions

From LimeSurvey Manual

No edit summary
m updated instructions for create user form
 
(142 intermediate revisions by 13 users not shown)
Line 5: Line 5:


= User management= <!--T:2-->
= User management= <!--T:2-->
<!--T:76-->
The user management tool allows you to add additional administration users to LimeSurvey. We refer to them as  'users'.  Do not confuse them with [[Survey participants|survey participants]] (respondents).


==Create users== <!--T:3-->
==Create users== <!--T:3-->


<!--T:4-->
<!--T:4-->
To create a new user open the user management ("Configuration" -> "Manage survey administrators")ː
To create a new user, open the user management dialog by clicking on '''Configuration''' (located on the main LimeSurvey toolbar) -> '''User management'''.
 
 
<!--T:61-->
<center>[[File:LimeSurveyMenuUserManagement.png]]</center>


[[File:LimeSurveyBenuzerVerwaltung.jpg]]
 
<!--T:77-->
Then, click '''Add user''' located in the upper right area of '''User control''' table. A window will be displayed asking you to:


<!--T:5-->
<!--T:5-->
[[File:LimeSurveyAddUser.jpg]]
* Enter the desired username into the '''Username''' field.
* Enter the desired username into the textfield '''Username'''.
* Enter the email address into the '''Email''' field. Please note that:
* Enter the email address into the textfield  '''Email'''. Please note
** LimeSurvey sends out a confirmation email to the address entered into the '''Email''' field. This email address will be used as the standard contact email address for surveys created by the respective user.
** If you don't want the user to receive the confirmation email with a link to the LimeSurvey installation, username and password you can use your own email address to send the confirmation email to you. After that you can change the email address to the address of the user.
** If you do not want the user to receive the confirmation email with a link to the LimeSurvey application, username, and password, you can use your own email address to send the confirmation email to you. After that, you can change the email address to the address of the user.
** LimeSurvey sends out a confirmation email to the address enterd into '''Email'''. This email address will be used as standard contact email address for surveys created by this user.
* Enter user's full name into the '''Full name''' field. Please note that the full name entered here will be used as the standard contact person name for surveys created by the respective user.
* Enter the users full name into the textfield '''Full name''' . Please note
* You can optionally use '''Expiry date/time''' if you want to set expiry date for newly created user. After that date/time the user will not be able to log in any more.
** The full name entered here will be used as standard contact person name for surveys created by this user.
* You can also optionally set user's starting password, but please advise them to change it after their initial log in.
* Click '''Add user'''
* Click '''Save''' to create the new user.
 
<!--T:98-->
Note that password complexity is enforced and validated by the PasswordRequirement plugin.
 
<!--T:78-->
<center>[[File:Add_user_6x.png|500px]]</center>
 


<!--T:6-->
<!--T:6-->
So you created a new user. You will find out more about setting user permissions if you continue reading further.
You have now created your first user. To find out more about [[Manage users#Set global permissions for a user|setting user permissions]], please read on.
 
 
<!--T:79-->
<center>[[File:LimeSurveyBleistiftSymbol.jpg]]</center>
 
 
<!--T:80-->
Below you can see four options under the '''Action''' column that allow you to:
 
 
<!--T:93-->
<center>[[File:Edit users.png]]</center>
 


==Edit users== <!--T:7-->
<!--T:81-->
*edit the general aspects of a user - by clicking the pen symbol.
*delete the user from the survey administrators database - by clicking the trash button.
*set global permissions for a user - by clicking the lock symbol.
*set theme permissions for a user - by clicking the pen-and-lock symbol.
 
==Edit user== <!--T:7-->


<!--T:8-->
<!--T:8-->
You can use the pen symbol to edit a userː
Click the pen icon to edit user information.


[[File:LimeSurveyBleistiftSymbol.jpg]]


<!--T:9-->
<!--T:9-->
You can set a new email address, full name and even change the password. If you have finished what you want to do click '''Save'''.
You can enter a new email address, name, and change their password. Click '''Save''' to confirm changes.


==Delete users== <!--T:10-->
==Delete user== <!--T:82-->  


<!--T:11-->
<!--T:11-->
To delete a user account simply click the delete button [[File:LimeSurveyBenutzerLoeschen.jpg]] in the line with the user account that should be deleted and hit '''OK'''.
To delete a user account, click the corresponding trash icon (located on the same line as the user account you want to delete) and click '''OK'''.


=Global permissions= <!--T:12-->
==Set global permissions for a user== <!--T:14-->


<!--T:13-->
<!--T:83-->
Global permissions apply to the whole LimeSurvey installation. If you want to set permissions only for a specific survey you can use the Survey permissions settings.
{{Alert|Global permissions apply to the whole LimeSurvey application. If you want to set permissions only for a specific survey, you can use the [[Manage users#Setting permissions for a single survey|survey permissions settings]].}}


==Setting global permissions for a user== <!--T:14-->
<!--T:15-->
To set global permissions for a user, click the lock symbol.


<!--T:15-->
To set global permissions for a user just click the key symbol [[File:LimeSurveySchluesselSymbol.jpg]].


<!--T:16-->
<!--T:16-->
[[File:User_global_permission.png]]
<center>[[File:User_global_permission.png]]</center>


[[File:User_global_permission_complete.png]]


{{FeatureChange|2.05}}
<!--T:65-->
The CRUD (create, read, update, and delete) system is employed (as it is in the [[Manage users#Setting permissions for a single survey|survey permission settings]]). For more user permission options, we recommend extending the matrix using the double-right arrowhead, which is located in its upper right corner. If you check the first box, all the CRUD permissions in that row are automatically checked.  


The system use CRUD (Create, read, update and delete) like the Survey right setttings. Check the first input check all the line, you can give less or more right for each system.
<!--T:63-->
<center>[[File:User_global_permission_complete.png]]</center>


<!--T:17-->
<!--T:17-->
You can now add or remove the following rights.
You can now add or remove the following permissions:


* '''SuperAdministrator''': This right can only be added or removed by the user called '''admin''' and grants full rights to the whole LimeSurvey installation. '''Please note:''' This right is very powerful and you should be very carfefully with granting this right.
<!--T:73-->
* '''Participant panel''': For more details, continue reading about the [[Central Participant Database|central participant database here]].


* '''Surveys''': This give the access to all survey. To allow a user to create and manage his survey, you need only to let the user to create survey. The creator of a survey is the owner of this survey : this give him all access to this survey. Remind each survey can have specific permission, the global permission is read before survey specific permission.
<!--T:72-->
* '''Label sets''': Permission to create, view, update, delete, export, and import label sets. The label sets do not have specific permissions (unlike themes).


* '''Settings & Plugins''': With this right a user can check data integrity, save the SQL database to an sql file and view the php info in the global settings. This allow too to manage all plugins.
<!--T:68-->
* '''Settings & Plugins''': With this permission a user can check data integrity, save the SQL database to an .sql file, manage global settings, view the PHP info in the global settings, and manage all plugins.


* '''Users''': Having this right a user can create new users and delete users created with this account. The newly created users cannot have higher permissions than the parent. If this has to be done a '''SuperAdministrator''' has to grant the rights.
<!--T:97-->
* '''Survey groups'''{{NewIn|v=4.4.0}}: Give access to all surveys' group. To allow user to manage their own surveys' group, give the user the 'create' permission. A creator of a surveys' group are (by default) the owner of this surveys' group.  
{{Note|Permission on a surveys group does not give all permissions on surveys, but a user can give permissions on all surveys in surveys' group}}


* '''User groups'''
<!--T:67-->
* '''Surveys''': Gives access to all surveys. To allow a user to only create and manage their own survey, give the user the 'create' permission. A creator of a survey is the owner of the survey and will always be able to manage it. Remember that each survey can grant different permissions .
{{Note|'''The global permission is applied before the survey-specific permission!'''}}


* '''Templates''': It allows the user to use all design templates and edit all non standard templates. A person with this right should have sufficient knowledge in terms of  HTML/php, Javascript and CSS. If a user not familar with this things should use a specific design template it would be better to give him only acccess to read permission. Each template can have specific permission.
<!--T:71-->
* '''Themes''': Allows the user to use all the available design themes and edit all non-standard themes. A person with this permission should have sufficient knowledge in terms of HTML, Javascript, and CSS. If a user is not familiar with these things and is supposed to use a specific design themes, it would be better to only give them 'read' permission. Each theme can have specific permissions.


* '''Label sets''': This right grants rights regarding label sets (create, update , use (view/read) and delete). The label sets don't have specific righth.
<!--T:70-->
* '''User groups''': Allows a user to create/view/update/delete user groups.


* '''Participant panel''': see [[Central participants database]]
<!--T:69-->
* '''Users''': A user can create, modify, and delete their own administration users with this permission. The newly created users cannot have higher permissions than the parent user. You will also not be able to edit users owned by other administration users. If this has to be done, then a Superadministrator permission must be granted.


==Setting template permissions for a user== <!--T:19-->
<!--T:66-->
* '''Superadministrator''': Can only be added by other Superadministrator with this setting as update and grants full permission to the whole LimeSurvey application, including installing plugins and using any kind of content (including JavaScript) in survey content. (see also [[Global_settings#Security|global security settings]])
 
<!--T:84-->
*'''Use internal database authentication''': Allows users to access LimeSurvey's panel via the authentication page (e.g. ''http://domain/admin/authentication/sa/login''). If it is unchecked and the respective user tries to connect to LimeSuvey's panel, they will get the following error: 'Internal database authentication method is not allowed for this user'.
 
<!--T:95-->
{{Note|All the permissions mentioned above that belong to the [[Optional_settings#Security|forced super administrator]] cannot be removed via the GUI.}}
 
 
==Import and export users== <!--T:99-->
 
<!--T:100-->
You can import and export users in CSV and JSON format by using these buttons on User Management page.
<center>[[File:ImportExportButtons.png]]</center>
 
<!--T:101-->
When you are importing users, a modal opens that shows you which fields should be present. You can choose to overwrite existing users by selecting this checkbox.
<center>[[File:ImportUsersModal.png]]</center>
 
<!--T:102-->
Example of the JSON structure:
 
<!--T:104-->
<syntaxhighlight lang="json">
[
{
"uid": 1,
"users_name": "admin2",
"full_name": "Administrator",
"email": "your-email@example.net",
"lang": "en",
"password": ""
},
{
"uid": 2,
"users_name": "ben2",
"full_name": "Ben Alister",
"email": "ben@test.ing",
"lang": "auto",
"password": "test!123"
}
]
</syntaxhighlight>
 
<!--T:103-->
Example of the CSV structure:
 
<!--T:105-->
<syntaxhighlight>
uid;users_name;full_name;email;lang;password
1;admin;Administrator;your-email@example.net;en;
2;ben;"Ben Alister";ben@test.ing;auto;test!123
</syntaxhighlight>
 
 
==Set theme permissions for a user== <!--T:19-->


<!--T:20-->
<!--T:20-->
With template permissions you can set which design templates a user can select when creating or editing a survey. It might be a good idea to restrict the design templates a user can select in order to prevent unwanted use of design templates not suitable for a user/survey.
With theme permissions, you can decide which design themes a user can select when creating or editing a survey.  


<!--T:21-->
<!--T:21-->
'''Please note:''' If you have a specific design template for a group of users or customers you might want to restrict the access for them to use only the template created for their purpose.
If you have specific design themes for a group of users or customers, you can restrict their access to other themes to ensure that they use only themes created for them.


<!--T:22-->
<!--T:22-->
To set/edit the template permissions for a user simply click the key symbol for design templates [[File:LimeSurveySchluesselSymbolTemplates.jpg]].
To set or edit the themes permissions for a user, click the pen-and-lock symbol for design themes.
 


<!--T:23-->
<!--T:23-->
[[File:LimeSurveySetDesignTemplatesLS.jpg]]
<center>[[File:LimeSurveySetDesignTemplatesLS.jpg]]</center>
 


<!--T:24-->
<!--T:24-->
You can now select the design templates this user can select. After you finished your selection/deselection just hit '''Save settings''' .
Select the design themes to which the respective user or user groups should have access. After you finished your selection or deselection, do not forget to click '''Save''': [[File:Save.png|0.75px]].


<!--T:25-->
<!--T:25-->
The most important use cases for granting user rights are collected at the '''use cases''' part of this article.
To better understand this function, view [[Manage users#Examples|the examples provided below]].


=Setting permissions for a single survey= <!--T:26-->
==Activate and deactivate users== <!--T:106-->
 
<!--T:107-->
{{FeatureStarting|6.4.0}}
It's possible to mark a user as activated or deactivated.
 
<!--T:108-->
A deactivated user is not able to log in to the admin interface.
 
=Use one-time passwords= <!--T:51-->
 
<!--T:52-->
A user can call the LimeSurvey login at /limesurvey/admin and enter a username and a one-time password (which was previously written into the users table - ''column one_time_pw'' - by an external application).
 
<!--T:53-->
To enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>'use_one_time_passwords' => true;</code>]] has to be added to config.php (it is 'false' by default) .
 
<!--T:54-->
The URL has to contain the following variables:
* '''user:''' The username normally used to login into LimeSurvey. This username has to exist in the 'users' table of the database.
* '''onepass:''' The plain text password which is then compared to the password in the 'users' table
 
<!--T:55-->
A valid URL to login using a one-time password will look like this:
 
<!--T:59-->
<div class="simplebox">http://www.yourdomain.org/limesurvey/index.php/admin/authentication/login?user=myusername&onepass=secretpassword</div>
 
<!--T:94-->
<div class='simplebox'> [[File:help.png]] The 'secretpassword' field is plain text, not a SHA 256 hash.</div>
 
<!--T:60-->
'''Things to watch out for:'''
* To enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>'use_one_time_passwords' => true</code>]] has to be added in config.php (it is 'false' by default).
* The passed username has to exist in the LimeSurvey ''users table''.
* The one-time password (which can be set via an external application) has to be stored as [https://secure.php.net/manual/en/function.md5.php MD5 hash] in the column ''one_time_pw'' of table ''users''.
* The passed plain text password will be hashed using the sha256 function and will then compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match.
* After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in with that respective password a second time.
 
=Set permissions for a single survey= <!--T:26-->


<!--T:27-->
<!--T:27-->
These permissions only apply for a single survey. If you want to set permissions for the whole system you can use the global permissions.
These permissions only apply for a single survey. If you want to set permissions for the whole system, you can use [[Manage users#Set global permissions for a user|global permissions]].
These permissions can be offered either to a single user or to a user group.
 


<!--T:28-->
<!--T:28-->
'''Please note:''' An existing user account is required to set permissions for a single survey. If the account doesn't exist you have to create it first and then change the survey permissions. You don't have to apply any global rights to the user, it is just necessary that the user account itself exists.
{{Alert|title=Attention|text=An existing user account is required to set permissions for a single survey. If the account doesn't exist, you have to create it first and then change the survey permissions. The same applies to offering survey permissions to a user group. Besides the necessity to have one created, you also need to add at least one user to that group in order to be able to select it and grant it survey permissions.}}
 
 
<!--T:96-->
{{Note| By default, an user (non-admin) cannot grant survey permissions to users that are not part of the same group as the survey administrator. This is a security option enabled by '''default''' in LimeSurvey. To change this, you need to deactivate option [[Global_settings#Security|Group member can only see own group]], located in the '''Global settings''', under the '''Security tab'''. However, if you feel unsure about disabling this option, you can create groups containing those users that can be seen and be granted survey permissions by a survey creator.}}


==Setting user permissions for a single survey== <!--T:29-->


<!--T:30-->
<!--T:30-->
To change the survey permissions you have to select '''Survey permissions''' from the '''Survey properties''' menu.
To change the survey permissions, click the '''Settings''' tab. Then, click '''Survey permissions''' and choose to whom would you like to offer permissions. The permissions can be offered either separately to specific users or to a user group.
 


<!--T:31-->
<!--T:31-->
[[File:LimeSurveySurveyPermissions.jpg]]
<center>[[File:LimeSurveySurveyPermissions.jpg]]</center>
 
 
<!--T:85-->
<center>[[File:LimeSurveySurveyPermissionsRights.png]]</center>
 
 
==Grant survey permissions to a user== <!--T:29-->


<!--T:32-->
<!--T:32-->
In the next step you select the user you want to change the survey rights and click '''Add user'''.
In the next step, select the user that will receive survey permissions and click '''Add user'''.
 


<!--T:33-->
<!--T:33-->
[[File:LimeSurveyAddSurveyPermission.jpg]]
<center>[[File:LimeSurveyAddSurveyPermission.jpg]]</center>
 


<!--T:34-->
<!--T:34-->
After you click '''Set survey permissions''' the survey permissions matrix for the survey and user will be shown.
After you click '''Set survey permissions''', the user's survey permissions matrix will be shown.


<!--T:35-->
<!--T:35-->
[[File:LimeSurveyUserPermissionMatrix.jpg]]
<center>[[File:LimeSurveyUserPermissionMatrix.jpg]]</center>
 


<!--T:36-->
<!--T:36-->
In this matrix you can set the rights for the different features and parts. You simply click  a checkbox if you want to add or remove this right. If you click a checkbox in the first column all rights for this line will be selected/removed.
You can set in this matrix the user's survey permissions. Checking a box grants survey permissions to the respective user. If you click a checkbox from the first column, all the permissions of the corresponding line will be selected/removed.  


<!--T:37-->
<!--T:37-->
In the other columns you can choose whether a user can do a single actions from this feature/part.
Click the double-right arrowhead to access the extended version of the matrix to choose specifically the actions that can be performed by a user.
 
After you finished editing the survey permissions, click '''Save''', which is located in the upper right corner of the screen.
<!--T:38-->
After you finished editing the survey permissions click '''Save now'''.


<!--T:39-->
<!--T:39-->
The most important use cases for granting user rights are collected at the '''use cases''' part of this article.
Some examples are provided [[Manage_users#Examples|below]] in order to help you get a better understanding of Limesurvey's survey permissions system.


=Use cases= <!--T:40-->
==Grant survey permissions to a user group== <!--T:86-->


<!--T:41-->
<!--T:87-->
In this part of the article we'll provide a few ideas which use cases may exist and how and which rights would be a good choice.
Click '''add a user group''' and select the user group to which you would like to add the permission permissions.


==A new person in charge for administrating LimeSurvey will be added== <!--T:42-->
<!--T:88-->
* login as '''admin'''
<center>[[File:LimeSurveyPermissionpermissionsUserGroup.png]]</center>
* Create a new user account
* Set global permissions for user to '''SuperAdministrator'''
* not necessary: Setting the template permissions ('''SuperAdministrator''' has all permissions for all templates)
* not necessary: Setting the survey permissions ('''SuperAdministrator''' has all permissions for all surveys)


==A new user wants to create own surveys== <!--T:43-->
<!--T:89-->
* login as '''admin''' or user with '''SuperAdministrator''' permission.
In the next step,  select  the permissions that you will allocate to the members of that user group. Do not forget to click the double right arrowhead to get an extended view of the permissions matrix.
* Create a new user account
* Set global permissions for user to '''Create survey'''
* Set template permissions for user to the template/s that should be used by the user/user-group
* not necessary: Setting the survey permissions (The creator of a survey has all permissions for his/her surveys)


==The creator of a survey needs another person to edit his/her survey== <!--T:44-->
* login as '''admin''' or user with '''SuperAdministrator''' permission.
* Create a new user account
* Set '''no global permissions''' for user
* Set '''no template permissions''' for user
* Set the survey permissions the way you want. It depends on what the new user should do and how much permissions he/she needs. If he/she should have all permissions for the survey you can select the first checkboxes in the first column with checkboxes (the one with the '''<<''' or '''>>''' button as header).


==A person responsible for the survey wants to see the results of the survey and export them== <!--T:45-->
<!--T:90-->
* login as '''admin''' or user with '''SuperAdministrator''' permission.
<center>[[File:UserGroupSurveyPermissions.png]]</center>
* Create a new user account
* Set '''no global permissions''' for user
* Set '''no template permissions''' for user
* Set survey permissions to: '''Responses''': '''View/read''' and '''export''' , '''Statistics''': '''View/read'''


<!--T:46-->
[[File:LimeSurveyCusomerOwnStatistics.jpg]]


<!--T:47-->
<!--T:38-->
----
After you have finished editing the survey permissions, click '''Save''', which is located in the upper right part of the screen.


<!--T:48-->
<!--T:91-->
To be moved somewhere else once better defined:
Some examples are provided [[Manage_users#Examples|below]] to help you get a better understanding of the Limesurvey's survey permissions system.


<!--T:49-->
<!--T:92-->
There are several classes of possible people who access a LimeSurvey installation.  But only one set of people is actually termed a '''user''' in the code and documentation.  So lets understand what these classes of people are so we can better understand the terminology of the program.
{{Note|[[Manage user groups|The user group function]] is still experimental. Use our [https://bugs.limesurvey.org/ bugs tracker] to describe any kind of inconsistencies.}}


<!--T:50-->
=Examples= <!--T:40-->
{|
|Class||Description
|-
|Installation Administrator || Those people who create login user accounts to allow others to create, edit, activate and/or view surveys and their results.  Often can be given access to edit the templates, labelsets and other key features independent of any particular survey stored.
|-
|Survey Administrator || A person with a login account that is given some management access to a particular survey.  Each survey can have its own set of users with specific rights to manipulate the survey.  These rights can be as broad as to activate a survey and possibly edit its question base.  They can be as minimum as simply able to review the results to date.
|-
|Participant || Those people who simply respond or participate in taking a survey.  They may or may not have token access.  They do not need a login account to the administrative interface and thus are not termed users.
|-
|Installer || A special class of person who has access to the MySQL (or similar) database server and possibly the command line interface of the computers operating system in order to install and configure the survey software.  This person is asked to setup the initial SuperAdmin user account from which other user login accounts can be created.
|-
|Developer || An very special class of person who has access to the source code and can manipulate it to change the programs behavior.  Generally only done with versions of the survey that are not available for live, active surveys.
|}


=Use one-time passwords= <!--T:51-->
<!--T:41-->
Different scenarios are presented below. They provide some advice about which permissions are necessary for some specific tasks and how they can be granted to the users.


<!--T:52-->
Since version 1.81 a user can call the limesurvey login at /limesurvey/admin and pass username and a one time password which was previously written into the users table (column one_time_pw) by an external application.


<!--T:53-->
==Add new LimeSurvey administrator== <!--T:42-->
To enable this login method [[Optional settings#Use_one_time_passwords |a setting has to be turned on]] ($use_one_time_passwords = true;) in config.php.
* Log in as '''admin'''.
* Create a new user account.
* Grant that user the '''Superadministrator''' permission.
* ''Not necessary'' : Setting the theme permissions ('''Superadministrator''' has all permissions for all themes).
* ''Not necessary'' : Setting the survey permissions ('''Superadministrator''' has all permissions for all surveys).


<!--T:54-->
==A new user wants to create their own surveys== <!--T:43-->
The URL has to contain the following variables:
* Log in as '''admin''' (or as a user that has the '''Superadministrator''' permission).
* '''user:''' The username normally used to login into LimeSurvey. This username has to exist in the 'users' table of the database.
* Create a new user account.
* '''onepass:''' The plain text password which is then compared to the password in the 'users' table
* Set global permissions for that user to '''Create survey'''.
* ''Optional'' : Set theme permissions - select which theme(s) should be used by the user/user group.


<!--T:55-->
==The creator of a survey needs to give another person permission to edit their survey== <!--T:44-->
A valid URL to login using a one-time password will look like this...
* Log in as '''admin''' (or as a user that has the '''Superadministrator''' permission).
* Create a new user account.
* Set '''no global permissions''' for user.
* Set '''no theme permissions''' for user.
* Set the survey permissions the way you want. If he/she should receive all the survey permissions, you can check the first box from each row. Otherwise, click on the double-right arrowhead to see the expanded matrix (upper right corner) and select only those permissions you believe the respective user should have.


<!--T:56-->
==A person responsible for the survey wants to view and export survey results== <!--T:45-->
... for 1.81 to 1.92:
* Log in as '''admin''' (or as a user that has the '''Superadministrator''' permission).
* Create a new user account.
* Set '''no global permissions''' for user.
* Set '''no theme permissions''' for user.
* Set survey permissions to: '''Responses''' -> '''View/read''' and '''export''', and '''Statistics''': '''View/read'''.


<!--T:57-->
<div class="simplebox">http://www.yourdomain.org/limesurvey/admin/admin.php?user=myusername&onepass;=secretpassword</div>


<!--T:58-->
<!--T:46-->
...for 2.0 or later:
<center>[[File:LimeSurveyCusomerOwnStatistics.jpg]]</center>


<!--T:59-->
==Granting permission for help with translation of a survey== <!--T:47-->
<div class="simplebox">http://www.yourdomain.org/limesurvey/index.php/admin/authentication/login?user=myusername&onepass;=secretpassword</div>
* Log in as ''admin'' (or as a user that has the ''Superadministrator'' permission).
* Create ''n'' user accounts (where n is the number of translators).
* Create a user group called ''Translators'' and add the ''n'' accounts to this group.
* Go to the '''Survey permissions''' and click on '''Add a user group'''.
* If they only do translations, then offer them the '''Quick translation''' permission.


<!--T:60-->
<!--T:49-->
'''Things to watch out for:'''
{{Note|Check our [[LimeSurvey Users|wiki section on users]] and their classification as it can be found in the code and documentation.}}
* One time passwords have to be enabled by setting "$use_one_time_passwords = true;" (for 1.92), respective "use_one_time_passwords => true" (for 2.0 in config section) in config.php.
* The passed username has to exist in LimeSurvey's ''users'' table
* The one time password, which can be set by an external application, has to be stored as [http://www.php.net/md5 MD5 hash] in column ''one_time_pw'' of table ''users''
* The passed plain text password will be hashed using md5() function and will then be compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match.
* After the first login with the one time password this password is deleted from the database. The user won't be able to login with this password a second time.
</translate>
</translate>

Latest revision as of 17:46, 13 September 2024

User management

The user management tool allows you to add additional administration users to LimeSurvey. We refer to them as 'users'. Do not confuse them with survey participants (respondents).


Create users

To create a new user, open the user management dialog by clicking on Configuration (located on the main LimeSurvey toolbar) -> User management.



Then, click Add user located in the upper right area of User control table. A window will be displayed asking you to:

  • Enter the desired username into the Username field.
  • Enter the email address into the Email field. Please note that:
    • LimeSurvey sends out a confirmation email to the address entered into the Email field. This email address will be used as the standard contact email address for surveys created by the respective user.
    • If you do not want the user to receive the confirmation email with a link to the LimeSurvey application, username, and password, you can use your own email address to send the confirmation email to you. After that, you can change the email address to the address of the user.
  • Enter user's full name into the Full name field. Please note that the full name entered here will be used as the standard contact person name for surveys created by the respective user.
  • You can optionally use Expiry date/time if you want to set expiry date for newly created user. After that date/time the user will not be able to log in any more.
  • You can also optionally set user's starting password, but please advise them to change it after their initial log in.
  • Click Save to create the new user.

Note that password complexity is enforced and validated by the PasswordRequirement plugin.


You have now created your first user. To find out more about setting user permissions, please read on.



Below you can see four options under the Action column that allow you to:



  • edit the general aspects of a user - by clicking the pen symbol.
  • delete the user from the survey administrators database - by clicking the trash button.
  • set global permissions for a user - by clicking the lock symbol.
  • set theme permissions for a user - by clicking the pen-and-lock symbol.

Edit user

Click the pen icon to edit user information.


You can enter a new email address, name, and change their password. Click Save to confirm changes.

Delete user

To delete a user account, click the corresponding trash icon (located on the same line as the user account you want to delete) and click OK.

Set global permissions for a user

  Global permissions apply to the whole LimeSurvey application. If you want to set permissions only for a specific survey, you can use the survey permissions settings.


To set global permissions for a user, click the lock symbol.



The CRUD (create, read, update, and delete) system is employed (as it is in the survey permission settings). For more user permission options, we recommend extending the matrix using the double-right arrowhead, which is located in its upper right corner. If you check the first box, all the CRUD permissions in that row are automatically checked.

You can now add or remove the following permissions:

  • Label sets: Permission to create, view, update, delete, export, and import label sets. The label sets do not have specific permissions (unlike themes).
  • Settings & Plugins: With this permission a user can check data integrity, save the SQL database to an .sql file, manage global settings, view the PHP info in the global settings, and manage all plugins.
  • Survey groups (New in 4.4.0 ): Give access to all surveys' group. To allow user to manage their own surveys' group, give the user the 'create' permission. A creator of a surveys' group are (by default) the owner of this surveys' group.
Permission on a surveys group does not give all permissions on surveys, but a user can give permissions on all surveys in surveys' group
  • Surveys: Gives access to all surveys. To allow a user to only create and manage their own survey, give the user the 'create' permission. A creator of a survey is the owner of the survey and will always be able to manage it. Remember that each survey can grant different permissions .
The global permission is applied before the survey-specific permission!
  • Themes: Allows the user to use all the available design themes and edit all non-standard themes. A person with this permission should have sufficient knowledge in terms of HTML, Javascript, and CSS. If a user is not familiar with these things and is supposed to use a specific design themes, it would be better to only give them 'read' permission. Each theme can have specific permissions.
  • User groups: Allows a user to create/view/update/delete user groups.
  • Users: A user can create, modify, and delete their own administration users with this permission. The newly created users cannot have higher permissions than the parent user. You will also not be able to edit users owned by other administration users. If this has to be done, then a Superadministrator permission must be granted.
  • Superadministrator: Can only be added by other Superadministrator with this setting as update and grants full permission to the whole LimeSurvey application, including installing plugins and using any kind of content (including JavaScript) in survey content. (see also global security settings)
  • Use internal database authentication: Allows users to access LimeSurvey's panel via the authentication page (e.g. http://domain/admin/authentication/sa/login). If it is unchecked and the respective user tries to connect to LimeSuvey's panel, they will get the following error: 'Internal database authentication method is not allowed for this user'.
All the permissions mentioned above that belong to the forced super administrator cannot be removed via the GUI.


Import and export users

You can import and export users in CSV and JSON format by using these buttons on User Management page.

When you are importing users, a modal opens that shows you which fields should be present. You can choose to overwrite existing users by selecting this checkbox.

Example of the JSON structure:

[
	{
		"uid": 1,
		"users_name": "admin2",
		"full_name": "Administrator",
		"email": "your-email@example.net",
		"lang": "en",
		"password": ""
	},
	{
		"uid": 2,
		"users_name": "ben2",
		"full_name": "Ben Alister",
		"email": "ben@test.ing",
		"lang": "auto",
		"password": "test!123"
	}
]

Example of the CSV structure:

uid;users_name;full_name;email;lang;password
1;admin;Administrator;your-email@example.net;en;
2;ben;"Ben Alister";ben@test.ing;auto;test!123


Set theme permissions for a user

With theme permissions, you can decide which design themes a user can select when creating or editing a survey.

If you have specific design themes for a group of users or customers, you can restrict their access to other themes to ensure that they use only themes created for them.

To set or edit the themes permissions for a user, click the pen-and-lock symbol for design themes.



Select the design themes to which the respective user or user groups should have access. After you finished your selection or deselection, do not forget to click Save: 0.75px.

To better understand this function, view the examples provided below.

Activate and deactivate users

 Hint: This features is available starting in version 6.4.0

It's possible to mark a user as activated or deactivated.

A deactivated user is not able to log in to the admin interface.

Use one-time passwords

A user can call the LimeSurvey login at /limesurvey/admin and enter a username and a one-time password (which was previously written into the users table - column one_time_pw - by an external application).

To enable this login method, the line 'use_one_time_passwords' => true; has to be added to config.php (it is 'false' by default) .

The URL has to contain the following variables:

  • user: The username normally used to login into LimeSurvey. This username has to exist in the 'users' table of the database.
  • onepass: The plain text password which is then compared to the password in the 'users' table

A valid URL to login using a one-time password will look like this:

The 'secretpassword' field is plain text, not a SHA 256 hash.

Things to watch out for:

  • To enable this login method, the line 'use_one_time_passwords' => true has to be added in config.php (it is 'false' by default).
  • The passed username has to exist in the LimeSurvey users table.
  • The one-time password (which can be set via an external application) has to be stored as MD5 hash in the column one_time_pw of table users.
  • The passed plain text password will be hashed using the sha256 function and will then compared to the stored hash in column one_time_pw of table users. Both passwords have to match.
  • After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in with that respective password a second time.

Set permissions for a single survey

These permissions only apply for a single survey. If you want to set permissions for the whole system, you can use global permissions. These permissions can be offered either to a single user or to a user group.


  Attention : An existing user account is required to set permissions for a single survey. If the account doesn't exist, you have to create it first and then change the survey permissions. The same applies to offering survey permissions to a user group. Besides the necessity to have one created, you also need to add at least one user to that group in order to be able to select it and grant it survey permissions.



By default, an user (non-admin) cannot grant survey permissions to users that are not part of the same group as the survey administrator. This is a security option enabled by default in LimeSurvey. To change this, you need to deactivate option Group member can only see own group, located in the Global settings, under the Security tab. However, if you feel unsure about disabling this option, you can create groups containing those users that can be seen and be granted survey permissions by a survey creator.


To change the survey permissions, click the Settings tab. Then, click Survey permissions and choose to whom would you like to offer permissions. The permissions can be offered either separately to specific users or to a user group.




Grant survey permissions to a user

In the next step, select the user that will receive survey permissions and click Add user.



After you click Set survey permissions, the user's survey permissions matrix will be shown.


You can set in this matrix the user's survey permissions. Checking a box grants survey permissions to the respective user. If you click a checkbox from the first column, all the permissions of the corresponding line will be selected/removed.

Click the double-right arrowhead to access the extended version of the matrix to choose specifically the actions that can be performed by a user. After you finished editing the survey permissions, click Save, which is located in the upper right corner of the screen.

Some examples are provided below in order to help you get a better understanding of Limesurvey's survey permissions system.

Grant survey permissions to a user group

Click add a user group and select the user group to which you would like to add the permission permissions.

File:LimeSurveyPermissionpermissionsUserGroup.png

In the next step, select the permissions that you will allocate to the members of that user group. Do not forget to click the double right arrowhead to get an extended view of the permissions matrix.



After you have finished editing the survey permissions, click Save, which is located in the upper right part of the screen.

Some examples are provided below to help you get a better understanding of the Limesurvey's survey permissions system.

The user group function is still experimental. Use our bugs tracker to describe any kind of inconsistencies.

Examples

Different scenarios are presented below. They provide some advice about which permissions are necessary for some specific tasks and how they can be granted to the users.


Add new LimeSurvey administrator

  • Log in as admin.
  • Create a new user account.
  • Grant that user the Superadministrator permission.
  • Not necessary : Setting the theme permissions (Superadministrator has all permissions for all themes).
  • Not necessary : Setting the survey permissions (Superadministrator has all permissions for all surveys).

A new user wants to create their own surveys

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set global permissions for that user to Create survey.
  • Optional : Set theme permissions - select which theme(s) should be used by the user/user group.

The creator of a survey needs to give another person permission to edit their survey

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set no global permissions for user.
  • Set no theme permissions for user.
  • Set the survey permissions the way you want. If he/she should receive all the survey permissions, you can check the first box from each row. Otherwise, click on the double-right arrowhead to see the expanded matrix (upper right corner) and select only those permissions you believe the respective user should have.

A person responsible for the survey wants to view and export survey results

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create a new user account.
  • Set no global permissions for user.
  • Set no theme permissions for user.
  • Set survey permissions to: Responses -> View/read and export, and Statistics: View/read.


Granting permission for help with translation of a survey

  • Log in as admin (or as a user that has the Superadministrator permission).
  • Create n user accounts (where n is the number of translators).
  • Create a user group called Translators and add the n accounts to this group.
  • Go to the Survey permissions and click on Add a user group.
  • If they only do translations, then offer them the Quick translation permission.
Check our wiki section on users and their classification as it can be found in the code and documentation.