Managing User Accounts

Restricted user accounts

A user account can be set as restricted, which means the user holding such an account is restricted from changing its properties:

Survey Solutions Server Administrator

Every Survey Solutions server has an administrator. This is the first user account created after Survey Solutions is installed, typically by the same person who performed the installation.


Administrator is a privileged account and can do important actions which may result in damage to data. Assign a responsible and informed person as an administrator! We recommend that the administrator has attended a comprehensive Survey Solutions training.

An administrator can do (almost) everything an HQ user can do plus some exclusive actions:

May 17, 2023

Workspaces

Workspaces allow partitioning of a single server into multiple compartments that have limited impact on each other.

The following are the rules guiding the use and functioning of the workspaces:

  1. An administrator has access to all workspaces.
  2. A user with an HQ and observer accounts may belong to one, some, or all workspaces, as designated by the administrator.
  3. Each interviewer and supervisor account may log in to a single workspace.
  4. User names are unique across all workspaces.
  5. Questionnaires are imported into workspaces. Same questionnaire may be imported into different workspaces if necessary and their version numbering is independent.
  6. Workspaces may be created, disabled, and deleted.
  7. Disabling a workspace locks all activity in the workspace (stops web interviews, does not allow any user to log in). Users attempting to access a disabled workspace will receive a “Workspace Disabled” error page and must contact their survey coordinator for further instructions.
  8. A workspace may be deleted only if it doesn’t have any surveys/questionnaires.
  9. Deleting a workspace actually deletes (not archives) all the user accounts (interviewer/ supervisor) and all the maps that were part of that workspace.
  10. Deletion of a workspace is irreversible.
  11. Administrator configures each workspace settings separately (logo, global message, export password, email providers, etc).
  12. The troubleshooting tools available for administrator (audit log, device logs, tablet information packages, etc) are separated by workspaces.
  13. Users having access to multiple workspaces may switch between them using a workspace selector without the need to log in to each workspace separately.
  14. Reports are built based on the content of a single workspace.
  15. A special workspace named ‘primary’ is always defined and can not be disabled or deleted. Any server updated from earlier Survey Solutions versions will place all the earlier entered data (including survey data, user accounts, maps, etc) into the primary workspace.
  16. An observer may observe only in the workspaces in which he is permitted by the administrator, even if impersonating users that have access to other workspaces.
  17. Each workspace is assigned an identifier name and a text label display name. The text label is shown to the users when they switch between the workspaces, while the identifier is used for forming the URLs in API calls. See more in the Workspace attributes section below.

To manage workspaces, the menu item server administration (available for administrators only) now leads to the list of the workspaces defined on the server. The settings and troubleshooting tools collected in the context menu were previously relevant for the whole server, but now are attributable to a particular workspace. For each enabled workspace the following actions are provided in the workspace context menu:

May 10, 2022

Token-based authentication

Survey Solutions supports two methods of authentication for API queries: Basic (a combination of the login and password) and Bearer (using a system-generated token) also known as JSON Web Token (JWT).

Activation of the token-based authentication for the server

By default token-based authentication is switched off. To activate it, the server configuration file must be modified to include the following section:

[JwtBearer]
Enabled=true
SecretKey=[..............]

For the SecretKey specify any alphanumeric key of at least 16 digits/characters long. Save the settings file and restart the server.

February 9, 2022

CAPTCHA

A brute-force attack (aka BF-attack) is an attack on the system by probing of all possible combinations of inputs to the login forms (user names, passwords, and any other information there).

If a system is able to tell humans from computers apart, it can defend itself from mechanical guesses.

A CAPTCHA is a challenge that humans can solve easily, while computers have difficulties with. Thus a CAPTCHA serves as an effective, (though not completely bullet-proof) mechanism for protecting a system from brute-force attacks.

June 29, 2021

Autolock

To protect the safety of the data and prevent disruptions to the operations due to hacker attacks, the system responds to attempts to guess a user’s password.

In the normal state, the user needs to enter just the login name and password to access the system. If, however, she makes multiple attempts to log in with an incorrect password, the system raises to the elevated state.

June 23, 2021

Batch User Upload

Up to 10,000 user accounts can be created from a single tab-delimited file, which must include the login, password, and role of the user, and may include additional attributes, like email or phone.

Batch creation of user accounts comes handy when:

  • the same accounts need to be replicated on a different server;
  • migrating from a different CAPI system with established accounts;
  • the survey is so huge that manual creation of accounts via a web interface would take a significant amount of time.

Creating user accounts in batch mode is available to both the administrator and the headquarter users. For new supervisor accounts the role must be specified as Supervisor (case-sensitive). For interviewer accounts the role must be specified as Interviewer (case-sensitive), and in addition the login of the supervisor must be specified, which determines the team where the interviewer account will be added. Interviewers may be added to existing supervisors, or to new supervisors mentioned anywhere in the users list.

April 29, 2021

Survey Solutions Account Types

Survey Solutions Data Server provides the following account types:

  • administrator - manages the server, creates workspaces, user accounts.
  • headquarters - starts surveys, creates assignments, conducts top-level quality review of interviews, exports data
  • supervisor - manages teams if interviewers, distributes work between interviewers, quality check of interviews;
  • interviewer - conducts interviews;
  • observer - observes operations on the server;
  • API user - user account for user-written extensions accessing the server.

The Survey Solutions Designer site account may not be used to log in to the data server.

March 30, 2021

Adding Users to Workspaces

Some users (Headquarters, API users) may be granted access to more than 1 workspace. This access is granted by the server administrator at the Server Administration –> User Management page.

To give access to a certain workspace, the administrator selects the user account(s) from the list of all user accounts on the server, then selects Add to Workspaces.

In the dialog window that appear, administrator should select the names of the workspaces that the user should be granted access to, and confirm the changes. As a result, the selected users are granted access to the workspaces, which are selected in the dialog. Any other workspaces that they had access to previously will be still accessible.

March 1, 2021

Creating User Accounts

Management of the user accounts is performed from the Users page, which is accessible for Headquarters or Administrator users by clicking the Cog-wheel icon in the menu bar (Administration) and then selecting Users.

Creating accounts

To add a supervisor, we click the ADD USER button. We then need to fill out the following form (the full name, contact email and phone number fields are optional):

July 28, 2020