Managing User Accounts
Restricted user accounts
A user account can be set as restricted, which means the user holding such an account is restricted from changing its properties:
password, except the cases when the password is:
- initially assigned by a user creating the account, or
- subsequently reset by a different user or via the support tool;
two-factor authentification settings;
token authentication settings;
January 30, 2024
Survey Solutions Server Administrator
Every Survey Solutions server has an administrator. This is the first user account created after Survey Solutions is installed, typically by the same person who performed the installation.
Administrator is a privileged account and can do important actions which may result in damage to data. Assign a responsible and informed person as an administrator! We recommend that the administrator has attended a comprehensive Survey Solutions training.
An administrator can do (almost) everything an HQ user can do plus some exclusive actions:
May 17, 2023Workspaces
Workspaces allow partitioning of a single server into multiple compartments that have limited impact on each other.
The following are the rules guiding the use and functioning of the workspaces:
- An administrator has access to all workspaces.
- A user with an HQ and observer accounts may belong to one, some, or all workspaces, as designated by the administrator.
- Each interviewer and supervisor account may log in to a single workspace.
- User names are unique across all workspaces.
- Questionnaires are imported into workspaces. Same questionnaire may be imported into different workspaces if necessary and their version numbering is independent.
- Workspaces may be created, disabled, and deleted.
- Disabling a workspace locks all activity in the workspace (stops web interviews, does not allow any user to log in). Users attempting to access a disabled workspace will receive a “Workspace Disabled” error page and must contact their survey coordinator for further instructions.
- A workspace may be deleted only if it doesn’t have any surveys/questionnaires.
- Deleting a workspace actually deletes (not archives) all the user accounts (interviewer/ supervisor) and all the maps that were part of that workspace.
- Deletion of a workspace is irreversible.
- Administrator configures each workspace settings separately (logo, global message, export password, email providers, etc).
- The troubleshooting tools available for administrator (audit log, device logs, tablet information packages, etc) are separated by workspaces.
- Users having access to multiple workspaces may switch between them using a workspace selector without the need to log in to each workspace separately.
- Reports are built based on the content of a single workspace.
- A special workspace named ‘primary’ is always defined and can not be disabled or deleted. Any server updated from earlier Survey Solutions versions will place all the earlier entered data (including survey data, user accounts, maps, etc) into the primary workspace.
- An observer may observe only in the workspaces in which he is permitted by the administrator, even if impersonating users that have access to other workspaces.
- Each workspace is assigned an identifier
name
and a text labeldisplay name
. The text label is shown to the users when they switch between the workspaces, while the identifier is used for forming the URLs in API calls. See more in the Workspace attributes section below.
To manage workspaces, the menu item server administration
(available for administrators only) now leads to the list of the workspaces defined on the server. The settings and troubleshooting tools collected in the context menu were previously relevant for the whole server, but now are attributable to a particular workspace. For each enabled workspace the following actions are provided in the workspace context menu:
Token-based authentication
Survey Solutions supports two methods of authentication for API queries: Basic (a combination of the login and password) and Bearer (using a system-generated token) also known as JSON Web Token (JWT).
Activation of the token-based authentication for the server
By default token-based authentication is switched off. To activate it, the server configuration file must be modified to include the following section:
[JwtBearer]
Enabled=true
SecretKey=[..............]
For the SecretKey
specify any alphanumeric key of at least 16 digits/characters long. Save the settings file and restart the server.
CAPTCHA
A brute-force attack (aka BF-attack) is an attack on the system by probing of all possible combinations of inputs to the login forms (user names, passwords, and any other information there).
If a system is able to tell humans from computers apart, it can defend itself from mechanical guesses.
A CAPTCHA is a challenge that humans can solve easily, while computers have difficulties with. Thus a CAPTCHA serves as an effective, (though not completely bullet-proof) mechanism for protecting a system from brute-force attacks.
June 29, 2021Autolock
To protect the safety of the data and prevent disruptions to the operations due to hacker attacks, the system responds to attempts to guess a user’s password.
In the normal state, the user needs to enter just the login name and password to access the system. If, however, she makes multiple attempts to log in with an incorrect password, the system raises to the elevated state.
June 23, 2021Batch User Upload
Up to 10,000 user accounts can be created from a single tab-delimited file, which must include the login, password, and role of the user, and may include additional attributes, like email or phone.
Batch creation of user accounts comes handy when:
- the same accounts need to be replicated on a different server;
- migrating from a different CAPI system with established accounts;
- the survey is so huge that manual creation of accounts via a web interface would take a significant amount of time.
Creating user accounts in batch mode is available to both the administrator and the headquarter users. For new supervisor accounts the role must be specified as Supervisor (case-sensitive). For interviewer accounts the role must be specified as Interviewer (case-sensitive), and in addition the login of the supervisor must be specified, which determines the team where the interviewer account will be added. Interviewers may be added to existing supervisors, or to new supervisors mentioned anywhere in the users list.
April 29, 2021Survey Solutions Account Types
Survey Solutions Data Server provides the following account types:
- administrator - manages the server, creates workspaces, user accounts.
- headquarters - starts surveys, creates assignments, conducts top-level quality review of interviews, exports data
- supervisor - manages teams if interviewers, distributes work between interviewers, quality check of interviews;
- interviewer - conducts interviews;
- observer - observes operations on the server;
- API user - user account for user-written extensions accessing the server.
The Survey Solutions Designer site account may not be used to log in to the data server.
March 30, 2021Adding Users to Workspaces
Some users (Headquarters, API users) may be granted access to more than 1
workspace. This access is granted by the server administrator at the Server Administration
–> User Management
page.
To give access to a certain workspace, the administrator selects the user
account(s) from the list of all user accounts on the server, then selects
Add to Workspaces
.
In the dialog window that appear, administrator should select the names of the workspaces that the user should be granted access to, and confirm the changes. As a result, the selected users are granted access to the workspaces, which are selected in the dialog. Any other workspaces that they had access to previously will be still accessible.
March 1, 2021Creating User Accounts
Management of the user accounts is performed from the Users
page, which
is accessible for Headquarters or Administrator users by clicking the
Cog-wheel icon in the menu bar (Administration
) and then selecting Users
.
Creating accounts
To add a supervisor, we click the ADD USER
button. We then need to fill out
the following form (the full name, contact email and phone number fields are optional):