User Admin Console

Modify or delete user profiles in the UBCMS authoring environment.

These procedures are still being developed. Only a select few have access to use these tools.

On this page:

Getting Started

Find a link to the User Admin console on the CQ welcome page, or as a 'people' icon at the top of the Websites console.

Adding a New User

Use the LDAP Importer tool to add new users to the UBCMS. This will keep our accounts in synch with UB's account control system.  Do NOT use the 'Create User' tool on the User Admin console. It will create standalone and incomplete accounts, which can cause conflicts in the UBCMS.

Editing a User Profile

To edit a UBCMS user, search for them and then modify their profile.

  1. Search for the user by name (e.g. "smith") or UBITName (e.g. "jsmith") in the User Admin console's search box.
    • NEVER SEARCH FOR "-" OR ANY STRING THAT BEGINS WITH "-" (e.g. "-users").
  2. Once the user appears, double-click their name. Their profile should load in the right pane.
  3. Make your changes in the right pane.
  4. When you have finished your changes, click 'Save.'

Note: ALWAYS add a user's full name and buffalo.edu address after importing them using the LDAP Importer.

Editing a user profile; e.g. Jeff Smith (jeff@buffalo.edu).

Editing a user profile; e.g. Jeff Smith (jeff@buffalo.edu).

Changing a User's Permission Groups

Before You Begin

To avoid user permission conflicts, we ask new User Admins to consult with the DCT Help Desk to establish what groups have been created for their sites.

Permissions are most frequently assigned at the user level. To change a user's permissions, add or remove groups from their profile.

  1. Search for the user by name (e.g. "smith") or UBITName (e.g. "jsmith") in the User Admin console's search box.
    • NEVER SEARCH FOR "-" OR ANY STRING THAT BEGINS WITH "-" (e.g. "-users").
  2. Once the user appears, double-click their name. Their profile should load in the right pane.
  3. Click the Groups tab in their profile to reveal which memberships they already have.
  4. To remove an existing group, select the group in their Groups tab, and then click Remove.
  5. To add a new group, search for the group using a unique part of the site's name (e.g. 'president' for the President's Site). Then click and drag the group onto the user's Groups tab.  
  6. When you have finished your changes, click Save.

Shortcut: You can search for a user profile AND one or more groups at the same time. Enter "user || group || group" in the search.

Changing a Permission Group's Users

Before You Begin

To avoid user permission conflicts, we ask new User Admins to consult with the DCT Help Desk to establish what groups have been created for their sites.

Permissions can also be managed at the group level.

To change the users who belong to a permissions group, add or remove users from a group's profile.

  1. Search for the group by name (e.g. "sphhp") or name (e.g. "public health") in the User Admin console's search box.
    • NEVER SEARCH FOR "-" OR ANY STRING THAT BEGINS WITH "-" (e.g. "-users").
  2. Once the group appears, double-click its name. Its profile should load in the right pane.
  3. Click the Members tab in its profile to reveal which users have been assigned.
  4. To remove an existing user, select the user's name and then click Remove.
  5. To add a new user, search for them by name (e.g. "smith") or UBITName (e.g. "jsmith") in the User Admin console's search box.
  6. Then click and drag the user onto the group's Members tab.  
  7. When you have finished your changes, click Save.

Shortcut: You can search for a user profile AND one or more groups at the same time. Enter "user || group || group" in the search.

Permission Group Naming Syntax

By convention, a group has the form <role>-<parent>-<site>.

e.g.  author-www-ubcares
[role = author, parent = www, site = ubcares]

e.g. specialist-sphhp-exercise-and-nutrition-sciences
[role = specialist, parent = sphhp, site = exercise-and-nutrition-sciences]

  • <role>  There are four basic roles (others are listed here).
    • viewer -- read-only
    • author -- read + modify  (i.e. also a viewer)
    • specialist – read + modify, plus extra sidekick options  (i.e. also an author and viewer)
    • publisher – can activate pages to be viewed by the outside world
  • <parent>  Equals the highest level of our website.  Normally this is one word, for example:
    • www -- most general service and administrative sites, including the home page, UBit, President and Provost
    • ap -- School of Architecture and Planning *
    • cas -- College of Arts and Sciences *
    • gse -- Graduate School of Education *
    • law - School of Law *
    • management -- School of Management *
    • medicine -- Jacobs School of Medicine and Biomedical Sciences *
    • nursing -- School of Nursing *
    • pharmacy -- School of Pharmacy and Pharmaceutical Sciences *
    • seas -- School of Engineering and Applied Sciences *
    • socialwork -- School of Social Work *
    • sphhp -- School of Public Health and Health Professions *
      (* includes all their departments and centers)
  • <site>   Can be a single word (e.g. ubcares) or a long hyphenation, (e.g. exercise-and-nutrition-sciences).
The groups in a user profile.

In this example, the un-named user has three existing groups, All-SPHHP Specialists, All-SPHHP-Publishers, and SPHHP Workflow Approvers. A fourth group, Buffalo Center for Social research Specialists, has been selected from a search for "social research" and then dragged onto their Groups tab.

Some sites have requested one or more 'all' groups (e.g. for an entire school) as well as a group for each of their secondary sites (e.g. for each academic department).  Be sure to pick the right groups as you adjust their permissions. 

To ease user/group management, some owners who manage multiple or nested sites have requested groups of groups, so user access can be granted to these master groups rather than one or more of their individual sites. If yiou are modifying access for one of your sites, be sure that they should not actually be added to the master groups instead.

Other rules are outlined in the Restrictions section below.

Examples of 'All' Groups

Jacobs School of Medicine and Biomedical Sciences

<role>-medicine-all

e.g. publisher-medicine-all

School of Public Health and Health Professions

<role>-sphhp-all

e.g. specialist-sphhp-all

Deleting an Unwanted User Profile

  1. Search for the user by name (e.g. "smith") or UBITName (e.g. "jsmith") in the User Admin console's search box.
  2. Once the user appears, click their name once to select their profile.
  3. Then click the Edit dropdown and select Delete.
Deleting an unwanted user profile ("zzzz").

Deleting an unwanted user profile ("zzzz").

Restrictions

  1. Never search for "-" or any string that begins with "-" (e.g. "-users").
  2. Within one greater site (e.g. a school), provide access to individual department sites OR the entire site ('all').
  3. For a given site, choose viewer OR author OR specialist.

Was This Page Helpful?

(Required)
(Required)
(so we can thank you or request more details)
(Required)
(buffalo.edu addresses only please)