Groups

Groups

Each CollectionPro installation comes with some predefined system groups that cannot be removed but can be used to assign system rights and permissions. You can add your own groups by clicking the plus button in the bottom left corner. To delete a group, select it and click the minus button. To copy a group, select it and click on “Copy” in the bottom right corner of the group settings. Use the search filter to search for the name, internal name, internal comment, or reference of groups. You can also filter for the group types “easydb” and “system”.

Manage groups

Typical groups include:

  • Administrators
  • Content Editors / Power Users
  • Readers / Staff

For example, because users can be associated with multiple groups, you can create a “Reader” group (which gives them access to records without download permissions) and a “Authorized to download” group (which additionally gives them download permissions).

If you are working with different departments / projects that should only work on in their own pools, you should create a separate group of editors and readers for each department / project.

System groups

Each CollectionPro installation has the following predefined system groups that are automatically assigned to users:

GroupDescription
All usersThis group includes all users. Also system users, anonymous users, LDAP and SSO users, and local users.
All but system usersThis group includes all users except system users, such as “deep_link” and “oai_pmh”.
Anonymous usersThis group includes all users who use the system without a user account.
Note! External access must be enabled in the base configuration.
Anonymous Collection Users (formerly “Pseudo users to see single collections”)This group includes all users that were created when a collection was shared with external users who don’t need to sign in.
Fallback GroupThis group does not include any users. When the group that is the owner of the records is deleted, this “Fallback Group” is set as the owner instead.
LDAP usersThis group includes all users who log in via LDAP.
Normal usersThis group includes all users created locally in CollectionPro.
Self-registered usersThis group includes all users who have registered.
Note! Registration must be enabled in the base configuration.
SSO usersThis group includes all users who sign in via SSO.
Users invited by e-mailThis group includes all users who were created when a collection or export was shared to an e-mail address.

Group settings

It is possible to extend the group settings with custom plugins.

General

The general settings of a group
FieldDescription
IDThe group identifier. Given automatically.
OwnerThe name of the user who created the group.
TypeThe type of group. Local groups are of the “easydb” type. Groups of type “system” cannot be deleted.
NameName of the group.
Internal NameThe internal name of the group. Not shown anywhere else.
CommentInternal comment of the group. Not shown anywhere else.
ReferenceGroup reference. Must be unique.
IP Subnet FilterAdd an IP subnet filter if the user should only belong to this group if they log in from specific IP subnets. CIDR notation is accepted, example: 192.168.0.0/16, 2001:db8::/32 . For more information, see the documentation https://pkg.go.dev/net#ParseCIDR
Invert IP Subnet FilterYes / No
Displays the default settings for new users in this group. If nothing is set, the default system settings will be used.
Includes:
– search result settings
– pools for the search
– object types for the search
– data languages
– search languages
– filter on/off

If a user belongs to multiple groups that have preferences, they will receive the preferences of the first group.
CreatedThe date and time the group was created.
Last UpdatedThe date and time the group was last updated

System rights

Define which sections users in the user group should have access to and which features they are allowed to use.

Permissions

Define which other users or user groups should be able to access (read, write, delete) this group and/or the users in this group.

Group permissions

Pseudonymization

Define which data of a user in this group is retained, deleted, or pseudonymized when archiving.

Pseudonymization settings
OptionDescriptionAvailable for field
KeepWhen a user is archived, the contents of the field are preserved.– Login
– First name
– Last name
– Display name
– Department
– Email
RandomizeWhen a user is archived, the contents of the field are replaced with a random string.– Login
– First name
– Last name
– Display name
– Department
ClearWhen a user is archived, the contents of the field are deleted.– Login
– First name
– Last name
– Display name
– Department
– Email

Authentication Services

If you are using a third-party user management such as LDAP or SSO, you can define a group mapping here and automatically map groups used in SSO or LDAP to groups in CollectionPro whenever a user logs in.

Group authentication services
MethodDescription
Group name (eq)The group name from LDAP/SSO must match this string exactly.
Regular expression (regexp)Group names from LDAP/SSO must match a regular expression. Example: students.* corresponds to the LDAP/SSO group students and the group students-alumni, but not to the group named student. For more information, see the documentation https://pkg.go.dev/regexp#Match.

Users

Displays all users who belong to this group.

Users in a group
Was this article helpful?

Related Articles

Need Support?

Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support