This article outlines the user management process in the Diri application, from creation to deletion. User management is a core aspect of how the Diri application is configured and operates, reflecting the organizational structure. In Diri, a user is associated with one or more organizational units. Within these units, users are assigned specific roles. Each role encompasses a set of privileges that define what the user can see and do within the application. This system might seem complex, but it is designed to be intuitive and straightforward.
Users: In the Diri app, a "user" typically represents an individual who has access to the application. Each user has a unique identifier and associated profile details, which might include their name, contact information, and organizational affiliations.
Roles: Roles are used to group users based on their responsibilities and the tasks they are allowed to perform within the application. Each role is equipped with specific privileges that enable users to access certain features of the Diri app. For example, a "Manager" role might have privileges to view reports, edit settings, and approve tasks, whereas a "Technician" role might only have privileges to view and complete specific tasks.
Privileges: Privileges are specific rights or permissions granted to roles that define what actions users can take within the app. These can include access to view certain data, execute specific functions, or modify resources. Privileges ensure that users can only perform actions that are pertinent to their role, thereby safeguarding the system from unauthorized access or unintended modifications.
This structured approach to user management helps maintain security and efficiency, ensuring that each user has access to the necessary tools and information to perform their duties effectively while protecting sensitive data and features from unauthorized access.
In the above example, the superadmin is located in the organisation top level, with two sub organisational levels. Each level has one user each. User 1 belongs to Organisation “Sub level 1” and has the role “User risk." User 2 belongs to the Organisation “Sub level 2” and has the role “Admin.” The superadmin manages the setup and can see everything, while User 1 and User 2 does not see the superadmin or each other, they are confined to the privileges assigned in their organisation.
There are several ways of creating new users in Diri. Navigate to the “Users & Access” option in the main menu. This action will open the Users menu, where there are three primary ways of adding users highligted in the below picture:
Clicking the "+ New user" icon in the top right corner will open a form for creating a new user, this form is identical to the one that opens to edit an existing user as well.
The form is a fairly straight forward registration of a new user and ends with the user receiving an email invitation to the app and to reset the password. Notable fields are:
Clicking save will send the invitation email to the user.
Clicking the invite user button next to the Add new user, will open an invitation form. This form has a predetermined organisation, corresponding to your user's active organisation (top left corner), and asks for the user's email and what access role he should get when signing in. This action will send an email invitation to the user.
Clicking the List+ icon above the User listing will create an empty row as illustrated in the first picture in this article. The registration requires email, organisation, and role. The registered user receives an email invitation after being successfully registered.
Diri utilizes Role-Based Access Control (RBAC) to customize system access based on defined user roles, thereby enhancing the management of permissions across the platform. RBAC is an essential strategy that restricts system access to authorized users through a framework centered on roles and privileges. This framework simplifies permission management by aligning access strictly with the necessary functions users need to perform their duties.
RBAC is particularly effective in large organizations that manage hundreds of users and thousands of permissions, facilitating streamlined administration of security. It supports a variety of roles tailored to specific operational needs, such as read-only roles for auditors and managerial roles, which help improve both the integrity and confidentiality of data within Diri.
The system is designed with clear role definitions, including Super Admin (top level), Local Admin (branch admins), and Standard User roles (User Risk / User Privacy), each with distinct responsibilities and access levels. This precision ensures that access rights are appropriately assigned and controlled:
Additionally, RBAC enhances security by safeguarding against unauthorized changes and ensuring that privileges are granted through proper channels. Predefined roles like Admin, User Risk, and User Privacy are established to match specific job functions and responsibilities, ensuring users have access to necessary resources without compromising security.
Overall, RBAC in Diri ensures a secure, organized, and efficient way to manage access rights, aligning with the organization's need for security and operational efficiency.
Super Admin The Super Admin has complete control over the entire Diri platform. This role is assigned in cooperation with Diri staff during onboarding. Super Admin privileges include:
Local Admin The Local Admin is responsible for a specific organization and any sub-organizations:
Standard User Standard Users (User Risk and User Privacy) have limited access:
To improve structure and role distribution, we have introduced a set of predefined roles that cannot be altered or deleted:
The settings for these roles are found via the “Users & Access” menu, and “Access control” tab as illustrated below:
To prevent unauthorized access and modifications, additional security mechanisms have been implemented:
Roles and rights are assigned under "Users and Access" with three key columns/options:
This setup ensures users have the necessary rights to efficiently work within their designated areas in Diri while maintaining strict control over access and role assignments.
In the application, the user gets assigned a second organisation and a role in this organisation:
The user now has multiple roles and switch between organisations with different priviledges using the “Active organisation” option up left corner, and will change the user's organisational belonging and priviledges.