Crypt-o documentation - User management

User management

Index  Previous  Next


Crypt-o allows to define user accounts and assign needed permissions to them. User and group accounts from a Windows domain can be used as well. In that case, user credentials will be checked using Windows domain authentication.

To manage user accounts, choose Tools > Administrative tools from the menu. Then click on the User management link in the Administrative tools panel.

NOTE: Only users with the System administrator permission can manage user accounts.

The User management window

The User management window

To add a new user account choose Action > New user... from the menu.

To add a new group account choose Action > New group... from the menu.

To add a new account for a backup server choose Action > New backup server account... from the menu.

To edit a user or group account select it in the list and choose Action > Properties... from the menu.

To delete a user or group account select it in the list and choose Action > Delete from the menu.

 

When you use external user accounts (Windows domain, LDAP) in Crypt-o, it may happen that some user accounts have been deleted in Active Directory or LDAP directory with time.

To find out which user accounts have become invalid, choose Action > View > Invalid accounts in the menu.

 

User properties :: General page

General page

General page

Name - a name of the user account.
Account type - a type of the user account. Possible values:
Internal - internal Crypt-o user account. You need to specify a password for the user account or use key file authentication.
Windows domain - Windows domain authentication will be used to check the user account password. Enter a user account name of Windows domain in the UserName@Domain form. To select a user account from the list, click the ... button at the right of the Name input field.
LDAP - LDAP directory authentication will be used to check the user account password. Enter a distinguished name of the LDAP user account or click click the ... button at the right of the Name input field to browse LDAP directory. You need to configure available LDAP servers in the System options on the LDAP page.
Use key file authentication - if selected, the user will be authenticated using a key file. You will be prompted to to save a key file for this user, when this option is turned on. You need to pass this key file to the user. Only Crypt-o user accounts can use the key file authentication. You can create a new key file for a user by choosing Action > Create new key file... from the menu in the users list window.

NOTE: By default, a user must store a key file on a removable device, in order to be able to log on using the key file. You can control this behavior in the Crypt-o system options.

WARNING: Store key files on removable devices, such as USB flash drives, for security reasons. Unplug the device with your key file, when you finished working with Crypt-o.

Password - the user account password.
Retype password - verification of the password.
Request password change at the next user logon - if selected, the user will be prompted to enter a new password at the next logon.
Full name - optional full name of the user.
Description - optional description of the user.
Create home database - if selected, a home database will be automatically created for the user. The user will be the owner of his home database, but the database can not be deleted by the user. By default other users have no access to the home database, even administrators. The user may allow access to his home database for other users if necessary.
If the Create home database option is enabled for a group, home databases will be created for all members of the group.

NOTE: By default, Web access is disabled for new home databases. You can enable it in the Crypt-o system options.

Disable user account - the user account is disabled and the user logon will fail.

User properties :: Permissions page

On that page you can assign permissions for a user account. Set a mark on the Allow column for a permission to enable this permissions for the user. Set a mark on the Deny column for a permission to disable this permissions for the user. Deny permission takes precedence over Allow permission.

Permissions page

Permissions page

The following system permissions are available:

 

Permission

Description

System administrator

A user can do everything.

System audit

A user can view the System audit log.

Create databases

A user can create new databases.

 

The following object permissions are available:

 

Permission

Description

Owner

A user can do everything with an object.

Web access

This permission applies to databases only. A user can access a database via Web interface.

Portable mode

This permission applies to databases only. A user can create a portable/offline version of a database.

Audit

This permission applies to databases only. A user can view a database audit log.

Manage images

This permission applies to databases only. A user can add/modify/delete images, which are used as icons for folders and records.

Owner for new records

This permission applies to databases only. When a user creates a new record, the user becomes an owner of this record.

Insert data

A user can create new records and new sub-folders.

Modify data

A user can edit records and edit folders.

Delete data

A user can delete records and delete folders.

Manage attachments

A user can add or remove file attachments.

Extract attachments

A user can execute or extract file attachments.

View protected fields

A user can view data in protected fields. If a user does not have this permission, he is not able to view data in protected fields. But if the user has the Form filling permission, he is allowed to fill out forms with data of the protected fields.

Print and export

A user can print and export data.

Form filling

A user can use the form filling feature.

User properties :: Member of page

On that page you can specify group membership for a user account.

Member of page

Member of page

Specialized user account for backup servers

When you set up a backup server, you need to create a specialized user account on the primary server. This user account is used by a backup server to connect to the primary server. It is needed to allow transfer of the primary server's private data (TLS certificates and keys, licenses) to perform proper initialization of a backup server. The initialization is made only once during setup of a backup server.

To add a new account for a backup server choose Action > New backup server account... from the menu.

 

Adding a user account for a backup server

Adding a user account for a backup server

Name - a name of the user account.
Allow transfer of server private data - when this option is selected, backup servers will be able to obtain private data of the main server, such as TLS certificates and keys, registration data, etc.

WARNING: This option is needed only for initialization of a backup server. Turn off this option immediately after initialization of a backup server.

NOTE: For security reasons, this option is turned off automatically after 15 minutes.

Password - the user account password.
Retype password - verification of the password.
Full name - optional full name of the user.
Description - optional description of the user.
Disable user account - the user account is disabled and the user logon will fail.