• Activate the creation of user entities
• Creating user entities
• Entity administration rules
  • User visibility
  • Modifying, creating and deleting a user
  • Modifying a user's entity
  • Importing and restoring users 

Managing users by entity enables users to be segmented, for example, according to organisational structure (subsidiaries, departments or services). The administration of user "groups" can then be delegated to an entity administrator, who can manage only those users whose entity has an identical or partially identical value, depending on the case. For example, the administrator of the Logistics entity will only be able to see the users to whom this entity has been assigned.

An administrator can manage one or more entities and a user can be assigned one or more entities.
Administrators with an empty entity can manage all users.

The following sections describe the steps involved in activating, creating and assigning entities, as well as the visibility and administration rules for users.

Activate the creation of user entities

The functionality must first be activated:

1. Stop the server.
2. Choose a common attribute not used in your LDAP (for example, departmentNumber).

3. Edit the usersettings.xml file located in the appdata/EnterpriseServer/ddenterpriseapi/config/ directory.
4. In the User group, add the following line and save.

4. Start the server.
5. From the home page, go to Configuration -> Server settings -> Servers -> LDAP server.
6. In the User Entity Attribute field, enter the name of the LDAP attribute chosen previously (for example, departmentNumber) and click Save.

➡ The feature is enabled and a new User Entity field is then displayed in User Edit.

Creating user entities

To create user entities:

1. If it does not exist, create the"Entity Administrator" user: see Create a user for more information.
   Here, for example, we create the Logistics Administrator.
2. Fill in the User Entity field with the chosen entity name. It is possible to define several values separated by the "|" sign.
   Here, for example, we define the LOG entity for the Logistics group and SUPPLY for the Supply chain group.
   ​​​​​​​
3. Edit the users you wish to add to this group and define the entity to which they belong in the same way.
   For users in the Logistics group, the value LOG is defined here and for users in the Supply chain group, the value SUPPLY in the User entity field.
   For users belonging to both the Logistics and Supply chain groups, the 2 values can be defined as LOG|SUPPLY.
   The LOG admin can manage all users with the LOG entity and view users with the LOG or LOG|SUPPLY entity.
   The LOG|SUPPLY admin can manage and view all users with the LOG, SUPPLY or LOG|SUPPLY entity.

4. Proceed in the same way for other entities.

Entity administration rules

To illustrate the use of user entities, we consider here 3 different user entities and several users:

• Users with no entity (super admin)
• Users with entity A
• Users with entity B
• Users with entity C
• Users with A|B entities
• Users with entities A|B|C

A user with no entity is considered to be a "Super admin" and can see all users regardless of their entities.

User visibility

The following table details the visibility rights granted to each type of administrator: the super-admin (admin with empty entity) can see all users, while admins associated with one or more entities can only see users belonging to their own entities or combinations of these.

Modifying, creating and deleting a user

The following table details the rules for managing administration rights for modifying, creating and deleting users, depending on the type of administrator.

Modifying a user's entity

The following table summarises the possible actions when modifying a user's entities for each type of administrator.

Importing and restoring users

For security reasons, when importing users or restoring a backup, the entity administrator cannot import users with an entity that he or she does not own.