Managing users and groups
Default user
Upon installation a default user with name admin and password admin is created. It is recommended to log in with these credentials directly after the installation has completed and to change the default password.
User session
After the authentication process, a user session is created. This session will be closed automatically at some point by the server for security reasons. The default session timeout is set to 35 min (see User session timeout configuration for details).
When there is no activity in the browser and the session is about to expire, a warning is displayed next to the user details 3 minutes before the timeout takes place:
One (1) minute before the timeout, another message is displayed:
When the session seems to have been destroyed by the catalog, a message recommends to refresh the page and sign in again if needed:
Users, Groups and Roles
The catalog uses the concept of Users, Groups and User Profiles.
- A User can be part of one or more Groups.
- A User has a Role in a Group.
- The Administrator Role is not related to a Group.
The combination of Role and Group defines what tasks the User can perform on the system or on specific metadata records.
Users can have different roles in different groups. A role defines what tasks the user can perform.
Roles are hierarchical and based on inheritance. This means that a user with an Editor profile can create and modify new metadata records, but can also use all functions a Registered user can use.
Rights associated with the roles are illustrated in detail in the list below:
-
Administrator Profile
The Administrator has special privileges that give access to all available functions.
These include:
- Full rights for creating new groups and new users.
- Rights to change users/groups profiles.
- Full rights for creating/editing/deleting new/old metadata.
- Perform system administration and configuration tasks.
-
User Administrator Profile
The user administrator is the administrator of his/her own group(s) with the following privileges:
- Full rights on creating new users within their own groups.
- Rights to change users profiles within their own groups.
-
Content Reviewer Profile
The content reviewer is the only person allowed to give final clearance on the metadata publication on the Intranet and/or on the Internet:
- Rights on reviewing metadata content within their own groups and authorising its approval and publication.
-
Editor Profile
The editor works on metadata with following privileges:
- Full rights on creating/editing/ deleting new/old data within their own groups.
-
Registered User Profile
The Registered User has more access privileges than non-authenticated Guest users:
- Right to download protected data.
Role and feature Matrix
The tables below show a comprehensive overview of Roles and Features, it explains in detail what role can do what in GeoNetwork.
| Code | Description |
|---|---|
| UI | Feature visible in the UI, but not usable by the user profile |
| EDIT | The user can edit the metadata imported by the user |
| DEL | The user can delete the metadata imported by the user |
| Anonymous user | Registered User | Editor | Reviewer | User Admin | Admini- strator | |
|---|---|---|---|---|---|---|
| Metadata selection / Export (ZIP) | ||||||
| Metadata selection / Export (PDF) | ||||||
| Metadata selection / Export (CSV) | ||||||
| Metadata selection / Selection only | ||||||
| Metadata selection / Update privileges | ||||||
| Metadata selection / Publish | ||||||
| Metadata selection / Unpublish | ||||||
| Metadata selection / Approve | ||||||
| Metadata selection / Transfer Ownership | ||||||
| Metadata selection / Validate | ||||||
| Metadata selection / Validate records links | ||||||
| Metadata selection / Updates categories | ||||||
| Metadata selection / Delete | ||||||
| Metadata selection / Index records | ||||||
| Preferred Records | ||||||
| Watch list | ||||||
| "Sorted by relevancy, modified, title..." |
| Anonymous user | Registered User | Editor | Reviewer | User Admin | Admini- strator | |
|---|---|---|---|---|---|---|
| Edit | EDIT | |||||
| Delete | DEL | |||||
| Cancel working copy | ||||||
| Manage Record / Privileges | ||||||
| Manage Record / Transfer Ownership | ||||||
| Manage Record / Unpublish | ||||||
| Manage Record / Publish | ||||||
| Manage Record / Work flow / submit for review | ||||||
| Manage Record / Work flow / directly approve metadata | ||||||
| Manage Record / Work flow / approve metadata | ||||||
| Manage Record / Work flow / reject approval submision | ||||||
| Manage Record / Work flow / cancel approval submission | ||||||
| Manage Record / DOI Creation request | UI | |||||
| Manage Record / Duplicate | UI | |||||
| Download record / Permalink | ||||||
| Download record / Export (ZIP) | ||||||
| Download record / Export (PDF) | ||||||
| Download record / Export (XML) | ||||||
| Download record / EXport (RDF) |
| Anonymous user | Registered User | Editor | Reviewer | User Admin | Admini- strator | |
|---|---|---|---|---|---|---|
| Editor board | ||||||
| Add new record | UI | |||||
| Import new records | ||||||
| Manage directory | UI | |||||
| Batch editing | EDIT | |||||
| Access rights | ||||||
| Editor board / Export (ZIP) | ||||||
| Editor board / EXport (PDF) | ||||||
| Editor board / Export (CSV) | ||||||
| Editor board / Selection only | ||||||
| Editor board / Updates privileges | ||||||
| Editor board / Publish | ||||||
| Editor board / Unpublish | ||||||
| Editor board / Approve | ||||||
| Editor board / Transfer Ownership | ||||||
| Editor board / Validate | ||||||
| Editor board / Validate record links | ||||||
| Editor board / Updates categories | ||||||
| Editor board / Delete | ||||||
| Editor board / Index records |
| Anonymous user | Registered User | Editor | Reviewer | User Admin | Admini- strator | |
|---|---|---|---|---|---|---|
| Summary | ||||||
| Metadata and Templates | ||||||
| Metadata and Templates / Standards | ||||||
| Metadata and Templates / Formatter | ||||||
| Metadata and Templates / Validation | ||||||
| Metadata and Templates / Metadata Identifier templates | ||||||
| Users and groups / Manage groups | ||||||
| Users and groups / Manage users | ||||||
| Harvesting / Catalogo harvesters | ||||||
| Harvesting / Catalogo harvesters report | ||||||
| Harvesting / Feature harvesters | ||||||
| Statistics and status / Status | ||||||
| Statistics and status / Record links analysis | ||||||
| Statistics and status / Information | ||||||
| Statistics and status / Versioning | ||||||
| Statistics and status / Content statistics | ||||||
| Reports / Update matadata | ||||||
| Reports / Internal metadata | ||||||
| Reports / Metadata file uploads | ||||||
| Reports / Metadata file dowloads | ||||||
| Reports / Users access | ||||||
| Classification systems / Theaurus | ||||||
| Classification systems / Category | ||||||
| Settings / Settings | ||||||
| Settings / User interface | ||||||
| Settings / CSS and Style | ||||||
| Settings / Logo | ||||||
| Settings / Sources | ||||||
| Settings / CSW | ||||||
| Settings / CSW test | ||||||
| Settings / Map servers | ||||||
| Settings / Static pages | ||||||
| Tools / Catalogue admin tools | ||||||
| Tools / Batch process | ||||||
| Tools / Transfer ownership |