The fine-grained rights system of xentral makes it possible to restrict access to data for each employee according to their tasks in the company. This makes xentral suitable for use by all hierarchical levels and departments, without allowing sensitive information to be viewed by unauthorized persons.
This module is relevant for everyone.
The assignment of rights is done via user templates (corresponding user groups) and users. A separate user (account) should be created for each employee who uses xentral.
Depending on the organizational structure, it may make sense to assign rights not directly to users, but via user templates. For example, a user template with correspondingly set rights could be created for each department. The users (accounts) of the department members can then be assigned to this user template. This saves the tedious and error-prone setting or changing of rights for each individual user.
When assigning user templates, it should be noted that additional rights can still be assigned individually for the user - rights that the user receives through the user template cannot, however, be withdrawn individually! The assignment of a user template is described below in the section 'Setting up users'.
User templates can be set up under Administration → Settings → System → User Template.
Before the rights of the user template can be set under the 'Rights' tab, the newly created template must be saved. The rights assigned here will be inherited by the respective user when the user template is assigned.
Note
Rights highlighted in gray are not granted, rights highlighted in blue are granted.
Templates can be duplicated under the 'Copy templates' tab. This function reduces the effort if a template is to be created that is very similar to an existing one in terms of rights. If changes are subsequently made to a user template, click on the 'Match rights' tab in the template list after saving to apply the change to those users who are linked to a user template.
You can create users under Administration → System → Users. Note that the employee for whom a new user (account) is to be created must be created under Master data → Addresses.
A new user can be created using the "+NEW" button. You will first land in the Users tab.
User
User is active → Selection that the user is actively used.
User name → Unique user name, e.g. employee's last name + first two letters of first name
Password/password wdh. → Password for login in xentral
Address from master data → reference to corresponding record in 'Master data → Addresses'
Account type → User ('Administrator' only for system administrator)
Login method
Selection → selection of login method
HW Key → is required when logging in via USB stick or hardware
HW Counter → required when logging in via USB stick or hardware
HW Datablock → is needed when logging in by USB stick or by hardware
Copy rights from user
Copy rights from user → If the new user to be created is to have the same rights as another user created previously, this can be selected here. The user that is created will then have exactly the same rights as the other user.
Upload rights file
Select file → Upload a file that contains the rights of the user.
RFID tag
Identifier → Entry of the identifier from the RFID mobile device so that it can be identified via RFID chip when logging in.
User settings
Internal description → Description of the user
Custom calendar color → Select the color with which the user's appointments should be displayed in the calendar
Allow remote access → Only if required (e.g. for field staff) or if xentral has been installed on an external server
Start page → Selection of the start page for the user
Failed logins → Number of failed logins that lead to the user being locked out
User template → Optional: user template to be used, the user inherits all rights of the template
Only after you have saved the new user, the Rights tab will appear. In the Rights tab you can configure the rights for the new user.
After successful setup of the user, he can log in to xentral. Menu items and functions for which he has no rights are not visible to him in the user interface.
The assigned right always refers to the entirety of the module used. For example, if a user has the edit right in the Address rights block, he can make changes in any area of the address. It is not possible to block individual fields for certain users, e.g. to protect only the Distribution field.
Note
Since there were more and more problems with mOTP, xentral decided to switch to TOTP.
Below is still the old entry for MOTP:
To use mOTP as 2-factor authentication, different apps are required depending on the mobile device (iOS/Android). iOS: Use the mOTP - mobile OneTimePasswords app.
Generate mOTP Secret - Open the app and generate a mOTP Secret.
The generated secret is now to be deposited with the respective user (you can also have the secret sent to you by e-mail).
The self-selected pin is to be entered and a one-time password is to be generated.
The user data and the generated password can now be used to log in securely.
Android: Using the DroidOTP app
Create profile in the app
Select as OTP type : 4-digit PIN
Generate mOTP Secret, there are 3 different options available here.
Secret and store the desired PIN in the user.
Enter 4-digit pin and store the generated password in the login screen at xentral.
The entire workflow for a user (create address+create and link user) is located here