Page tree
Skip to end of metadata
Go to start of metadata

FileCloud enables you to create admin roles that have a set of administrator permissions that you assign them. Users that are promoted as admin users may be assigned to any of the admin roles that you have created.

Main Admin. The Admin account that is created when FileCloud is installed. There is only one Main Admin account in FileCloud.

Admin User. User accounts that can access the FileCloud admin interface.

Admin Role. Role that defines the set of admin privileges for an admin user. If admin users have multiple admin roles, they have the combined admin privileges of all of the roles.

Operations. Areas of actions that admin accounts have permission to perform.

To create admin roles

  1. Click Admins in the navigation panel.
  2. In the Manage Admin Roles screen, click Add New Role.
    Add New Role button

    The Add New Roles dialog box opens.
  3. In Role Name, enter a name for the role.
    By default, Enable is checked, and the role will be enabled when it is created.
  4. To configure the role to be disabled when it is created, click the Enable slider so that it appears unhighlighted.
    There are several pages of permissions that you can assign to the role. Depending on the permission, Read, Create, Update, and Delete access are available. Unavailable permissions are grayed out.
  5. For each permission, check the permission levels that reflect the access you want to give to the role:
    Create Admin Role dialog box
  6. Click Create Role.
    The role is listed on the page.
    Manage Admin Role dialog box

In order to create or manage an admin user, you must log in as the main admin or be an admin user with the Manage Administrator permission Create enabled. 

You can configure a user as an admin user either by editing the user or by adding the user in the Manage Admin Roles screen. Then, you must assign the user to an admin role in order to give the user admin privileges.

To configure a user as an admin user by editing it:

  1. Click Users in the navigation panel.
    The Manage Users screen opens.
  2. Click the user's Edit button. 
    Manage Users, Edit a User
    The User Details dialog box opens.
  3. In the bottom portion of the dialog box, scroll down and check the Admin User checkbox.
    User Details dialog box
  4. Click Save.

To configure a user as an admin user from the Manage Admin Roles screen

  1. Click Admins in the navigation panel.
  2. In the Manage Admin Roles screen, click Add admin.
    Manage Admin Roles screen, Add Admin button

    The Add Administrator dialog box opens.
  3. Select one or more users in the Available Users column and click the arrow to move them to the Administrators column. To select multiple users, use CTRL + click.
    Add Administrator to Role

After you have configured a user as an admin user, you can add them to one or more admin roles to give them privileges.

To assign an admin user to a an admin role:

  1. Click Admins in the navigation panel.
  2. In the Manage Admin Roles screen, click the edit button for the role.
    Manage Admin Roles screen, Edit a role

    The Manage Admin Role dialog box opens.
  3. Click the Users tab.
  4. Select the user in the Available Users column and click the arrow to move the user to the Users in Role column.
    Manage Admin Role Screen, choose users for role
  5. Click Close.

If you assign a group to an admin role, the members of the group who are admin users are given the role's privileges.

To assign a group to an admin role:

  1. Click Admins in the navigation panel.
  2. In the Manage Admin Roles screen, click the edit button for the role.
    Manage Admin Roles Screen, Edit a role

    The Manage Admin Role dialog box opens.
  3. Click the Groups tab.
    All groups appear in the Available Groups column.
  4. Select a group in the Available Groups column and click the arrow to move it to the Groups in Role column.
    Manage Admin Role Screen showing available groups
  5. Click Close.

The following operations represent functions that admin users may be permitted to perform.

OperationDescription
AlertAlert item on the admin interface is visible. Authorization to view and clear alerts in admin interface.
AuditAudit item on the admin interface is visible. Authorization to view, delete and export Audit Records.
ComplianceCompliance Dashboard on the admin interface is visible. Authorization to view and update compliance settings.
CustomizationCustomization item on the admin interface is visible. Authorization to customize the FileCloud interface.
Device ManagementDevices item on the admin interface is visible. Authorization to view, create, delete and update Devices.
EncryptionAuthorization to manage all Encryption at Rest settings.
Federated SearchSupport to perform federated search through the admin interface.
FilesManage Files. Authorization to view, dreate, modify, download, and delete user files.
Folder PermissionsManage Folder Level Permissions. Authorization to view and manage Folder Permissions.
GroupsGroups menu item on the admin interface is visible. Authorization to view, create, modify and delete Groups. Manage group members. Import group members from Active Directory.
LocksView , create, and delete Locks on Files and Folders in FileCloud.
Manage AdministratorsAllows promoted admin users to manage the permissions of other promoted admin users.
MetadataView, create, update and delete metadata set definitions, attributes and permissions.
Network ShareNetwork Folders item on the admin interface is visible. Authorization to view, create, modify and delete Network Folders. Manage User and Group Access to Network Folders.
NotificationsNotifications menu item on the admin interface is available. Add, edit, update, and delete notification rules.
ReportsReports menu item on the admin interface is available. Add, execute, edit and delete reports.
RetentionRetention menu item on the admin interface is available. Add, edit, and delete retention policies.
Rich DashboardView rich dashboard view including tables and graphs on the admin UI dashboard.
SettingsSettings item on the admin interface is visible. Authorization to view and modify FileCloud Settings.
Smart ClassificationSmart Classification menu item on the admin interface is available. Add, update, run, and delete content classification rules.
Smart DLPSmart DLP menu item on the admin interface is available. Add, edit, and delete DLP rules.
SystemSystem item on the admin interface is visible. Authorization to run system checks, install check, generate logs and UPGRADE FileCloud to new version.
Team FoldersSet up Team Folders, add, edit, delete and manage team folder and corresponding permissions. Note: The corresponding Folder Permission must be enabled to be able to perform a Team Folder operation.
User ShareUser Shares item on the admin interface is visible. Authorization to view, create, modify and delete User Shares.
UsersUsers menu item on the admin interface is visible.  Authorization to view, create, modify and delete Users. Import New Users. Reset Password for Users.
WorkflowWorkflow menu item on the admin interface is visible. Add, edit and delete workflows on FileCloud.

Admin users can log in to the admin portal using either their username or email id. 

If an admin user has one role, the user has the permissions assigned to that role, but if an admin user has multiple roles, the user has the combined permissions of all of its roles. 

To check all of a user's permissions:

  1. At the top of the page, click Check User Permissions.
    The User Effective Permissions dialog box opens.
    Initial User Effective Permissions dialog box
  2. In User, enter the name of the user.
    The dialog box displays the user's combined permissions with checks next to them.
    User Effective Permissions dialog box showing a user's permissions

When you remove an admin role, you permanently delete it. To recreate it, you must create it, assign all permissions, and add users and groups again.

To remove an admin role:

  1. Click Admins in the navigation panel.
  2. Either
    • In the Manage Admin Roles screen, click the Delete button for the role.
      Deleting a role in Manage Admin Roles screen
    • Click Remove when you are prompted to confirm removal.

      Or:


    • In the Manage Admin Roles screen, click the Edit button for the role.
      Editing a role in Manage Admin Roles screen
      The Manage Admin Role dialog box opens.
    • Click Remove Role at the bottom of the dialog box.
      Removing a role
  3. Click Remove when you are prompted to confirm removal.

2FA Settings for Promoted Admins

When a user is configured as an admin user, if 2FA is enabled for admins, by default, the 2FA delivery mode set for the user account (in the user's policy) is used for the Admin account. If the setting TONIDOCLOUD_2FA_ADMIN_FLOW_FOR_PROMOTED_ADMINS is enabled, the 2FA method set for administrators is used for the admin account.

To use the 2FA method set for administrators:

  1. Open the configuration file:
    Windows: XAMPP DIRECTORY/htdocs/config/cloudconfig.php
    Linux: /var/www/config/cloudconfig.php
  2. To use the 2FA method set for administrators, add the line:

    define("TONIDOCLOUD_2FA_ADMIN_FLOW_FOR_PROMOTED_ADMINS", true);

AD Admin User Email Login Restriction

If an AD promoted Admin user has the same email as the default Admin, the promoted Admin user cannot log in to the Admin portal using their email and can only log in using their AD username. 

This behavior is expected since the system cannot know that the user is trying to log in to the Admin portal as a promoted Admin and not as the Default admin. The system expects the Admin password to be provided and since a different password is entered, authentication fails. 




  • No labels