Managing usernames and user data

Each KeyLight user is identified based on their personal unique username.

Creating new users

On the Admin site, go to the Users row in the Authentication and authorization group and click Add

1. Complete the Username and Password fields.
2. Define an Expiration date if you want to limit the validity of the username.
3. Click Save.
4. On the displayed form, enter the first and last name of the user.
5. If the user is authorised to export objects to external file formats such as AutoCAD, enter an Email address.
6. Configure the access rights for the user as instructed in the Configuring and modifying access rights for usernames chapter starting from step 2.

Configuring and modifying access rights for usernames

1. Select a user ID from the Authentication and Authorizations > Users list.
2. On the Available groups list, select the user groups to which the user belongs.
3. Click the arrow button displayed between the lists to add groups to the Chosen groups list.
4. You can configure user-specific permissions in a similar manner.
5. Save changes.

User groups available in KeyLight

The following user groups have been configured as default groups in KeyLight:

• KEYLIGHT_USER is a user authorized to add, modify, and delete KeyLight objects.
• KEYLIGHT_VIEWER is a user authorized to view KeyLight objects.
• KEYSMS is a user authorized to send text messages.
• MAIN_ACCESS is a user authorized to use the main application only. KEYCORE_IGNORE_MAIN_VIEW_ACCESS_GROUPS must not be in an active state in the application.
• VIEWER_ACCESS is a user only authorised to use KeyMobile. KEYCORE_IGNORE_MAIN_VIEW_ACCESS_GROUPS must not be in an active state in the application.
• GDPR_NORMAL_ACCESS is a user authorized to view customer data.
• GDPR_EXTENDED_ACCESS is a user who may view, in addition to normal customer information, restricted customer data (KeyLight does not contain customer data that is restricted from normal customer data).
• DATA_EXPORT_USERS is a user authorized to export data to another data format by using the export function.
• REFERENCE_MAP_USER is a user authorized to import files to the map by using the spatial upload function.
• MASS_DELETE is a user authorized to delete several objects at once. The mass deletion function of the application must be activated for this.
• POWER_USERS is a group that will be removed. Use the KEYLIGHT_USER group instead.
• READONLY_USERS_PLUS_AREA is a user with viewing rights and the right to create areas.
• ACCOUNTING is a user authorized to access the login data of users.
• DIARY_VIEW is a user authorized to view Diary feature related functionalities.
• DIARY_EDIT is a user authorized to view, create and edit Diary feature related functionalities.
• DIARY_FULL is a user authorized to view, create, edit and delete Diary feature related functionalities

Configuring two-factor authentication for a user (optional)

If two-factor authentication has been ordered as an additional service, the view for editing user data includes a section for User profiles for two-factor authentication.

1. Select a user ID from the Authentication and Authorizations > Users list.
2. Enter the phone number of the user to which the confirmation code will be sent.
3. Select Enable two phased authentication.
4. Save changes.

Deleting usernames

To delete an existing user ID, select the username on the Authentication and Authorizations > Users list and click Delete on the form that appears.

Changing user passwords

Users can change their own passwords through the link in the application’s main view. Admins can change the passwords of any user on the Change user form by clicking the this form link.

For security reasons, passwords are stored in the system database with strong encryption, and not even admin users can view the passwords of users through the admin interface.