Located in System Tables
— Accesses
— Users
, Roles
:
Roles — specified in tables and fields and determine the access level. Roles Table
Users — have logins
and passwords
for authorization. Roles
are assigned to a User
, which determine their access level. Users Table
Has
id=1
. All created tables are automatically added to it for modification. Sees hidden fields and the system settings layer.
Role-based access to a table is edited in the table settings:
Table Parameter Roles for Modification
Access for modification
overrides access for reading
. If you set access for modification
, reading
does not need to be specified.
Table Parameter Roles for Reading
If there are buttons in the table, it is often necessary to block modifications in the table but allow actions via buttons. For this, reading access is combined with the button field parameter action available on view.
Table Parameter Roles "hide in tree"
Used to hide a technical table from the user in the tree. If the user does not have access to this table for reading
or modification
, it is not applied as tables without access are hidden automatically.
Addition — whether it is possible to change the field value in the addition row and panel during addition. Applicable only to the row part.
Modification — whether it is possible to change the field value in a previously added row.
Visibility — determines whether the field is transmitted to the user's browser.
Log Access — determines whether the user can open the log for the field if logging is enabled for the field. The logging parameter is enabled.
API Access — parameters for user access with the API attribute. Does not apply to web users.
If a user is assigned multiple roles that define access to the same tables differently,
modification and display
will take priority overreading and hiding
.
Click here to quickly disable the system settings layer and fields visible only to the Creator:
The cycle table has a mandatory technical field User Access (creator_id)
upon creation. By default, the user who created the cycle is recorded there.
Based on this field, the creator (owner) of the cycle is determined. It can be changed manually or by codes, and multiple owners can be selected in it.
Further access to cycles will be carried out according to the table setting type of access to cycles.
When it is necessary to create a hierarchical access structure, the fields Supervisor (boss_id)
and Access to User Cycles (add_users)
are used.
The Supervisor
gets the creator's access to their subordinates' cycles. Similarly, a user gets access as the cycle creator to the cycles of users selected in add_users
.
Rarely used special mode of operation that allows the user to create only one record in the cycles table.
If it does not exist, then when the table with one cycle is first opened, this record will be created automatically.
To prevent access to other users' cycles, it is mandatory to set the Cycle Access Type to
No one can see except the creator
.
In action codes, formatting, or selects, you can process the current user's role
and user id
:
$#nr
— list of user role id
s.
$#nu
— id
of the user in the Users table.
f1=: setFormat(condition: $#nr = 3; block: true)
admin
— default user with the role creator
.
cron
— technical user from whom scheduled tasks are executed.
service
— technical user from whom user password recovery and changes are performed.
anonym
— user from whom access to anonymous tables is performed.
Several settings related to users are moved to the System Tables
— Main
— Settings and Cron
— Settings
table:
Lock Time — the time within which a login-password must be entered incorrectly to lock this login for the same time.
Number of Attempts — the number of incorrect attempts within the lock time
period.
If you need to urgently unlock a locked user — this can be done from the server console with the command
bin/totum schema-user-unblock username -s=schema_name
(replaceschema_name
with your schema name, default istotum
).API users who connect to the system frequently clutter the authorization log table, slowing down subsequent authorizations as it increases verification time. For such users, there is a mechanism to disable logging of authorizations in the DB and blocking on incorrect password entry. The
ttm__off_auth_log
field in the users table.
true
, users will be able to request password recovery via email.Password recovery will only be possible if the user has an
noreply@host
. SMTP settings described in emailSend are also required.
Disabling a user blocks their authorization in the system and closes all existing sessions upon the next change in the open table or its update.
A user assigned this parameter in the Users table gains access to tables related to user management and can also change access for users not related to technical and Creators.
A user with this access cannot assign the Creator role to another user or themselves.
They also cannot assign a sudo-user to themselves or another user.
Allows switching between users, except for users with the creator
role, and performing actions on their behalf in the system.
An action performed in sudo mode is indistinguishable in logs from an action performed by the user themselves.
Users can assign themselves favorite tables, which will be displayed in the tree when navigating to the main page by clicking on the schema icon. Favorite tables can also be selected for a role — they will then be automatically assigned to the user upon creation with that role.
Favorite tables for a specific user are assigned and changed in the System Tables
— Access
— Users
table.
In the System Tables
— Access
— Roles
table, you can assign a temporary table for a role, which will be displayed on the main page.
Multiple tables can be selected — they will be displayed in tabs in the order of their sort
.
In the roles table, in the redirect_table_in_roles
field, you can select a table to which an automatic transition will be made upon login to the system.
If a user has multiple roles with different redirect tables — the one with the highest sort priority will be chosen.
You cannot select tables within a cycle!