.Stat Suite documentation

Manage user access

Table of Content

Version history:
Filters are alphabetically ordered since April 4, 2024 Release .Stat Suite JS zoo
Allow to manage permissions on specific external spaces since December 20, 2023 Release .Stat Suite JS yay
Create of new Group since December 20, 2023 Release .Stat Suite JS yay
Introduced in December 5, 2022 Release .Stat Suite JS spin


Manage permissions overview

The Data Lifecycle Manager provides a user-friendly graphical interface to manage user access rights to the content of the .Stat Suite data spaces. The related ‘Manage permissions’ page is accessible from the DLM main menu. Behind the scenes, the DLM communicates with the AuthorisationManagement web service, which allows retrieving, inserting, updating and deleted user permissions. For more information about the usage and parameters of this API, see here.

The DLM ‘Manage permissions’ menu item is shown only when the authenticated user has any “Manage permissions” rights for at least one internal data space. It is also possible to allow managing permission for a specific externally defined data space: see how to configure the option.

The ‘Manage permissions’ page shows a list of user or group permissions that the authenticated user is allowed to view and/or manage.

DLM permissions overview

Permissions are listed with the following information in columns:

  • ID: the permission ID as generated by the Authorization Management service
  • Group/User: the user email address or group name preceded by a user or group icon
  • Dataspace: any internal dataspace
  • Type: any SDMX artefact type
  • Agency: any SDMX structure maintenance agency ID
  • Artefact: any SDMX structure ID
  • Version: any SDMX structure version number
  • Permission: the name of the corresponding granular permission or standard role; otherwise it displays “Special permissions”
  • Actions: icons for “Edit” and “Delete” a permission

If one permission listed applies to all values of the corresponding parameters (Group/User, Dataspace, Type, Agency, Artefact, or Version), then it is mentioned as ’*’ (ANY).

The multi-selection filters on the left side of the list are generated depending on the content of the list, with its content alphabetically ordered by the localised names, and it allows to filter by:

  • space
  • group/user
  • agency
  • permission type

Note also that all single values are filterable except for all (’*’ (ANY)).
Whenever a filter has so many items that a scroll bar is shown, then a spotlight search feature is added on top of the filter area.

DLM permissions spotlight

The list of permissions is paginated, and a feature at the top of the list allows navigating from page to page, or jumping to the next, previous, first or last page.


View details of a permission

When clicking on the row of a permission, it is highlighted in orange and a window with details about the permission opens. All content is greyed and non-editable. The top area contains the information of the permission as listed in the overview, and the area below contains 2 tabs:

  • Standard roles
  • Granular permissions

See more about standard roles and granular permissions in the Add new permission section.

Clicking on “Cancel” at the footer of the window closes it.

DLM permissions view


Add a new permission

The button “Add new permission” on the top right corner of the permission page allows creating a new permission. Clicking on it will open the “Add new permission” window, similarly to the “View permission” window with empty fields.
The window shows the following editable fields:

  • Group/User: a radio button to select whether the new permission is for a single user or a group. By default, it is set to ‘Group’. Next to it is a text field for user email address or group name
  • Dataspace: dropdown list of internal dataspaces for which the user has “Manage permission” rights
  • Type: dropdown list of SDMX artefact types
  • Agency: text field for any SDMX structure maintenance agency ID
  • Artefact: text field for any SDMX structure ID
  • Version: text field for any SDMX structure version number
  • Standard roles: contains a list of roles that are defined by the organisation or by default as combined granular permissions in the default DLM configuration, each listed with a name and a definition. The last row contains the option for “Special permissions” which is always greyed and non-editable since auto-managed by the DLM. It is auto-ticked in case the user has selected granular permission(s) that do not correspond to any pre-defined standard role. Otherwise, if the user has selected granular permissions in the “Granular permissions” tab that correspond to a specific set of roles, then those roles are automatically pre-selected.
  • Granular permissions: contains a list of granular permissions. Each granular permission is listed with a name and a definition. If standard roles were selected then the related granual permissions are automatically pre-selected.

DLM permissions add new

Clicking on “Cancel” closes the popup without saving any new user permission.
Clicking on “Save” closes the popup after saving the new permission (through the Authorisation Management web service). Once the permission is saved, it appears in the main view list together with a green “Successful addition of new permission” indication in the top of the list.

DLM permissions add new success

Note that the “Add new permission” popup will be prefilled with the same settings previously saved in the current user session.

Example

If I want to add a “full control” role to a user on a dedicated data space, but restricted only to one maintenance agency:

DLM permissions add new example

If I then want to create some additional permissions for the same user on a second maintenance agency but with a restricted role of ‘Managing data’, then I will need to add an extra new permission with the following:

DLM permissions add new example


Edit a permission

When clicking on the “Edit” pencil icon on the right side of a permission, the row is highlighted in orange and the popup “Edit permission #ID”, similar to the “Add new permission”, will open. All top fields are greyed and non-editable because it is not possible to change the “scope” of an existing permission, only the role(s)/permissions.

Clicking on “Cancel” closes the popup without saving any modification.
Clicking on “Save” closes the popup after saving the modification(s) made on the permission.


Delete a permission

When clicking on the “Delete” trash bin icon on the right side of a permission, the row is highlighted in orange and a dialog popup appears. A message with the permission ID requests the user to confirm the deletion of the permission.
Clicking on “Cancel” closes the popup without deleting the permission.
Clicking on “Delete” closes the popup after deleting the permission and removing it from the list.

DLM permissions delete