Corteza Admin

Corteza Admin Panel is a platform designed for system resource management such as users, roles permissions and application.

To access Corteza Admin Panel, click on a new tab and select it from the list of available applications. Alternatively you can navigate to the appropriate URL.

You must have Administrator rights to access and edit this part of Corteza system.

If you do not have permissions to access the admin panel, contact your system administrator.

Dashboard

The dashboard section can be accessed by clicking on the "Dashboard" navigation item on the left navigation drawer.

The dashboard provides a quick overview over the system. It provides an overview of system resource statistics, such as the number of users, number of active roles and applications.

Action Log

The action log interface can be accessed by clicking on the "Action log" navigation item on the left navigation drawer under the system item group.

The interface provides an insight into the actions registered by a system, such as accessing users, fetching records, creating modules and much more.

The action log comes in handy when debugging the system as it provides a rich insight into the system without the need of low-level system understanding.

The interface allows you to:

List registered actions (see Listing actions),
see action’s details (see Inspecting actions).

Listing actions

Registered actions are displayed in a table in the middle of the interface. The table provides a brief overview of the action:

The timestamp of when the action was registered,
the user that caused the action to be registered,
what part of the exposed system caused the action to be registered (eg. api/rest),
what resource was involved when registering the action,
what action was being performed,
some additional description to help understand the action,
the status of the action:
- info: an informative log that something happened successfully,
- warning: a warning that something did not go as expected but was not fatal, such as an invalid login attempt,
- error: there was an error either in the internal system or in one of the extensions.

Inspecting actions

To inspect an action, click on the action (table row). This expands the row and provides more insight into the action.

Users

The users interface can be accessed by clicking on the "Users" navigation item on the left navigation drawer under the system item group.

A user is someone who can log in to the Corteza system.

Each user has Email, Full name and Nickname (handle). Additionally, each user has a username (=email) and password to enable them to log in to the system (referred as credentials).

The interface allows you to:

Edit permissions regarding the user resource (see Managing permissions),
add new users (see Adding users),
list system users (see Listing users),
edit users (see Editing users).

Managing permissions

To manage permissions related to the user resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any user: Determines if the given role is allowed to access information of any user,
Update any user: Determines if the given role is allowed to update the information of any user,
Delete any user: Determines if the given role is allowed to delete any user,
Suspend any user: Determines if the given role is allowed to suspend any user,
Unsuspend any user: Determines if the given role is allowed to unsuspend any user,
Show email details for any user: Determines if the given role is allowed to see the email corresponding to any user,
Show name details for any user: Determines if the given role is allowed to see the name corresponding to any user,

The ability to manage the visibility of emails and names was introduced with the user masking privacy feature. It allows a specific role to know about other users but they can’t necessarily know of their private information.

Adding users

To add a new user, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the user.

Email address,
full name,
handle (sort of like a nickname).

After saving the user, a new interface is provided where you can edit the newly created user.

The user edit interface provides the following sections:

Basic information: This section allows you to edit basic information regarding the user, such as their email and username, It also provides the options of deleting the user or temporary suspending the user.
Password: This section allows you to define a new password for the user,
Role membership: This section allows you to manage the roles of the given user.

Every user is a member of the dynamic role "Everyone".

The user edit interface also allows you to define permissions specific to the given user. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(user name)": Determines if the given role is allowed to access information of the given user,
Update "(user name)": Determines if the given role is allowed to update the information of the given user,
Delete "(user name)": Determines if the given role is allowed to delete the given user,
Suspend "(user name)": Determines if the given role is allowed to suspend the given user,
Unsuspend "(user name)": Determines if the given role is allowed to unsuspend the given user,
Show email details for "(user name)": Determines if the given role is allowed to see the email corresponding to the given user,
Show name details for "(user name)": Determines if the given role is allowed to see the name corresponding to the given user,

Listing users

Users can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only non-suspended users and so on. It also supports pagination and sorting.

Editing users

Users can be edited by pressing on the edit icon next to each row in the user list, that opens up a new interface.

The user edit interface provides the following sections:

Basic information: This section allows you to edit basic information regarding the user, such as their email and username, It also provides the options of deleting the user or temporary suspending the user.
Password: This section allows you to define a new password for the user,
Role membership: This section allows you to manage the roles of the given user.

Every user is a member of the dynamic role "Everyone".

The user edit interface also allows you to define permissions specific to the given user. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(user name)": Determines if the given role is allowed to access information of the given user,
Update "(user name)": Determines if the given role is allowed to update the information of the given user,
Delete "(user name)": Determines if the given role is allowed to delete the given user,
Suspend "(user name)": Determines if the given role is allowed to suspend the given user,
Unsuspend "(user name)": Determines if the given role is allowed to unsuspend the given user,
Show email details for "(user name)": Determines if the given role is allowed to see the email corresponding to the given user,
Show name details for "(user name)": Determines if the given role is allowed to see the name corresponding to the given user,

Roles

The roles interface can be accessed by clicking on the "Roles" navigation item on the left navigation drawer under the system item group.

A role defines a user group with a specific set of permissions on the resources. A role is a key part of Corteza Role-Based Access Control (RBAC).

Each role has a name, a system handle and a set of permissions on resources.

The interface allows you to:

Edit permissions regarding the permissions (see Managing permissions),
add new role (see Adding roles),
list roles (see Listing roles),
edit roles (see Editing roles).

Managing permissions

To manage permissions related to the role resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any role: Determines if the given role is allowed to access information of any role,
Update any role: Determines if the given role is allowed to update the information of any role,
Delete any role: Determines if the given role is allowed to delete any role,
Manage members for any role: Determines if the given role is allowed to add or remove members to any role.

Adding roles

To add a new role, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the role.

Name,
handle.

After saving the role, a new interface is provided where you can edit the newly created role.

The role edit interface provides the following sections:

Basic information: This section allows you to edit basic information regarding the role, such as the name and it’s handle,
Role members: This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)": Determines if the given role is allowed to access information of the given role,
Update "(role name)": Determines if the given role is allowed to update the information of the given role,
Delete "(role name)": Determines if the given role is allowed to delete the given role,
Manage members for "(role name)": Determines if the given role is allowed to add or remove members to the given role.

Listing roles

Roles can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only active roles and so on. It also supports pagination and sorting.

Editing roles

Roles can be edited by pressing on the edit icon next to each row in the role list, that opens up a new interface,

The role edit interface provides the following sections:

Basic information: This section allows you to edit basic information regarding the role, such as the name and it’s handle,
Role members: This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)": Determines if the given role is allowed to access information of the given role,
Update "(role name)": Determines if the given role is allowed to update the information of the given role,
Delete "(role name)": Determines if the given role is allowed to delete the given role,
Manage members for "(role name)": Determines if the given role is allowed to add or remove members to the given role.

Applications

The applications interface can be accessed by clicking on the "Applications" navigation item on the left navigation drawer under the system item group.

The interface allows you to:

Edit permissions regarding the applications (see Managing permissions),
add new applications (see Adding applications),
list applications (see Listing applications),
edit applications (see Editing applications).

Managing permissions

To manage permissions related to the application resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any application: Determines if the given role is allowed to access any application,
Update any application: Determines if the given role is allowed to update any application,
Delete any application: Determines if the given role is allowed to delete any application,

Adding applications

To add a new application, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the application.

Name,
if active.

After saving the application, a new interface is provided where you can edit the newly created application.

The application edit interface provides the following sections:

Basic information: This section allows you to edit basic information regarding the role, such as the name and it’s handle,
Role members: This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)": Determines if the given role is allowed to access information of the given role,
Update "(role name)": Determines if the given role is allowed to update the information of the given role,
Delete "(role name)": Determines if the given role is allowed to delete the given role,
Manage members for "(role name)": Determines if the given role is allowed to add or remove members to the given role.

Listing applications

Applications can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only active applications and so on. It also supports pagination and sorting. Out of the box, these applications are already configured:

Messaging,
Low Code,
CRM,
Jitsi Video,
Corteza Admin Area,
Google Maps.

Editing applications

Applications can be edited by pressing on the edit icon next to each row in the role list, that opens up a new interface,

The application edit interface provides the following sections:

Basic information: This section allows you to edit basic information regarding the role, such as the name and it’s handle,
Role members: This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)": Determines if the given role is allowed to access information of the given role,
Update "(role name)": Determines if the given role is allowed to update the information of the given role,
Delete "(role name)": Determines if the given role is allowed to delete the given role,
Manage members for "(role name)": Determines if the given role is allowed to add or remove members to the given role.

Settings

The settings interfaces can be accessed by clicking on the "Settings" navigation item on the left navigation drawer in each one of the available Corteza systems

System settings

Authentication: This section allows you to customize authentication related settings such configuring email, requiring email confirmation or disabling internal authentication all together,
Email: This section allows you to customize the email template that will be used when sending emails from the internal system (password reset, registration confirmation, …),
External authentication: This section allows you to configure external authentication providers, such as Google and Facebook. See Configuring external providers for configuration details.

The ability to disable internal login can be useful when wanting to force the users to either use external authentication providers or using a different system for their authentication.

Configuring external providers

Google

To enable Google authentication you need to create a client ID:

Go to Google Sign-in Guide and click on "Configure a project" button
Select and existing project or create a new one
Set a product name (i.e. Corteza)
On "Configure your OAuth client" screen select "Web browser" and paste the URL where your Corteza system is running (inlcuding https://)
Copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit

Facebook

To enable Facebook authentication you need to create Facebook app to receive Client key and Secret:

Go to Facebook for developers website, click on "Add a new app" and choose a name of the app (i.e. Corteza) or select and existing app
In the list of available products search for "Facebook Login" and click on "Set Up" button
Select "Web" platform and paste the URL where your Corteza system is running
Go to "Settings" and then "Basic" in the left sidebar
Copy and paste "App ID" to "Client key" inside Corteza Admin panel
Copy and paste "App Secret" to "Secret" inside Corteza Admin panel and hit Submit

Github

To enable Github authentication you need to register Github application to get unique Client ID and Client Secret:

Go to this link and create a new OAuth application
Copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit.

To enable LinkedIn authentication you need crete a LinkedIn application:

Go to this form, fill out the form and click on "Create app"
Go to Auth section and copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit.

Low Code

Basic: This section allows you to define some basic user interface and system options, such as attachment limitations and some minor user interface tweaks.

Messaging

Basic: This section allows you to define some basic user interface and system options, such as attachment limitations and some minor user interface tweaks.

One

Logo: This section allows you to customize the interface by interpolating your own logo instead of our own,
Panels: This section allows you to configure the default layout, such as open panels and the open tabs.

Permissions

The permissions interfaces can be accessed by clicking on the "Permissions" navigation item on the left navigation drawer in each one of the available Corteza systems.

This interface allows you to define some of the more general permissions such as the actual access to a specific service. Refer to … for a more fine-grained overview over all the possibilities.

Corteza system

System service permissions

Allow access to administration: Determines if the role is allowed to access the administration panel (the web application being defined here),
Grant permission on system service: Determines if the role is allowed to grant permissions on system service,
Access all settings: Determines if the role is allowed to access any setting defined under the system,
Manage all settings: Determines if the role is allowed to manage and edit any setting defined under the system,
Create new organization: Determines if the role is allowed to create a new organization,
Create new role: Determines if the role is allowed to create a new role,
Create new user: Determines if the role is allowed to create a new user,
Create new application: Determines if the role is allowed to create a new application,
Allow reminder assignment: Determines if the role is allowed to assign reminders to other users.

When denying access to system settings, this also prevents their usage from inside automation scripts or any other operation that might read these settings.

Organizations

Access to all organizations: Determines if the role is allowed to access any organization.

Applications

Access any application: Determines if the role is allowed to access any application,
Update any application: Determines if the role is allowed to update any application,
Delete any application: Determines if the role is allowed to delete any application.

Users

Read any user: Determines if the role is allowed to access any user,
Update any user: Determines if the role is allowed to update any user,
Delete any user: Determines if the role is allowed to delete any user,
Suspend any user: Determines if the role is allowed to suspend any user,
Unsuspend any user: Determines if the role is allowed to unsuspend any user,
Show email details: Determines if the role is allowed to see the email address of any user,
Show name details: Determines if the role is allowed to see the name of any user.

The ability to show/hide email address/name can be useful when defining a community instance and we wish to keep some privacy.

Roles

Read any role: Determines if the role is allowed to see any role,
Update any role: Determines if the role is allowed to update any role,
Delete any role: Determines if the role is allowed to delete any role,
Manage members for any role: Determines if the role is allowed to add/remove members from any role.

Corteza Low Code

Service permissions

Access to compose: Determines if the role is allowed to access Corteza Low Code,
Create namespaces: Determines if the role is allowed to create namespaces for Corteza Low Code,
Grant permissions on compose service: Determines if the role is allowed to manage permissions for Corteza Low Code,
Access all settings: Determines if the role is allowed to read any setting for Corteza Low Code,
Manage all settings: Determines if the role is allowed to manage any setting for Corteza Low Code.

If a role doesn’t have access to the Corteza Low Code, they will also not be able to access any application defined as a Corteza Low Code namespace.

Namespaces permissions

Access any namespace: Determines if the role is allowed to access any Corteza Low Code namespace,
Update any namespace: Determines if the role is allowed to update any Corteza Low Code namespace,
Delete any namespace: Determines if the role is allowed to delete any Corteza Low Code namespace,
Manage any namespace: Determines if the role is allowed to manage any Corteza Low Code namespace,
Create modules under any namespace: Determines if the role is allowed to create modules for any Corteza Low Code namespace,
Create charts under any namespace: Determines if the role is allowed to create charts for any Corteza Low Code namespace,
Create pages under any namespace: Determines if the role is allowed to create pages for any Corteza Low Code namespace.

Modules permissions

Read any module: Determines if the role is allowed to access any Corteza Low Code module,
Update any module: Determines if the role is allowed to update any Corteza Low Code module,
Delete any module: Determines if the role is allowed to delete any Corteza Low Code module,
Create record under any module: Determines if the role is allowed to create records for any Corteza Low Code module,
Read records under any module: Determines if the role is allowed to access records for any Corteza Low Code module,
Update records under any module: Determines if the role is allowed to update records for any Corteza Low Code module,
Delete records under any module: Determines if the role is allowed to delete records for any Corteza Low Code module.

Module fields permissions

Read any module field: Determines if the role is allowed to see any Corteza Low Code module field,
Update any module field: Determines if the role is allowed to update any Corteza Low Code module field.

Charts permissions

Read any chart: Determines if the role is allowed to see any Corteza Low Code chart,
Update any chart: Determines if the role is allowed to update any Corteza Low Code chart,
Delete any chart: Determines if the role is allowed to delete any Corteza Low Code chart.

Pages permissions

Read any page: Determines if the role is allowed to see any Corteza Low Code page,
Update any page: Determines if the role is allowed to update any Corteza Low Code page,
Delete any page: Determines if the role is allowed to delete any Corteza Low Code page.

Corteza Messaging

Service permissions

Access to messaging: Determines if the role is allowed to access Corteza Messaging,
Grant permissions on messaging service: Determines if the role is allowed to grant permissions on Corteza Messaging,
Access all settings: Determines if the role is allowed to access any Corteza Messaging setting,
Manage all settings: Determines if the role is allowed to manage any Corteza Messaging setting,
Create public channels: Determines if the role is allowed to create public Corteza Messaging channels,
Create private channels: Determines if the role is allowed to create private Corteza Messaging channels,
Create direct messages and group channels: Determines if the role is allowed to create direct Corteza Messaging channels to a specific user or a set of,

Channels permissions

Update any channel: Determines if the role is allowed to update any Corteza Messaging channel,
View any channel: Determines if the role is allowed to access any Corteza Messaging channel,
Join any channel: Determines if the role is allowed to join any Corteza Messaging channel,
Leave any channel: Determines if the role is allowed to leave any Corteza Messaging channel,
Delete any channel: Determines if the role is allowed to delete any Corteza Messaging channel,
Undelete any channel: Determines if the role is allowed to undelete (restore) any Corteza Messaging channel,
Archive any channel: Determines if the role is allowed to archive any Corteza Messaging channel,
Unarchive any channel: Determines if the role is allowed to unarchive any Corteza Messaging channel,
Manage members on any channel: Determines if the role is allowed to add or remove any Corteza Messaging channel members,
Manage attachments on any channel: Determines if the role is allowed to manage attachments of any Corteza Messaging channel,
Message sending on any channel: Determines if the role is allowed to send massages to any Corteza Messaging channel,
Reply to messages on any channel: Determines if the role is allowed to reply (create threads) to any Corteza Messaging channel message,
Embedding in messages on any channel: Determines if the role is allowed to embed external resources to any Corteza Messaging channel message,
File attaching on any channel: Determines if the role is allowed to upload files (attachments) to any Corteza Messaging channel,
Update own messages on any channel: Determines if the role is allowed to update own messages of any Corteza Messaging channel,
Update any message on any channel: Determines if the role is allowed to update any message or any Corteza Messaging channel,
Delete own messages on any channel: Determines if the role is allowed to delete own messages of any Corteza Messaging channel,
Delete any message on any channel: Determines if the role is allowed to delete any message of any Corteza Messaging channel,
React on messages on any channel: Determines if the role is allowed to add reactions to any message of any Corteza Messaging channel,

Automation

The automation interface can be accessed by clicking on the "Automation" navigation item on the left navigation drawer.

This interface provides an overview of all registered automation scripts. It provides a user-friendly list that defines the automation script’s label, description, triggers and issues when processing the code.

There are currently two different interfaces for System (shows system resource scripts) and Low Code (shows compose resource scripts).

Use this interface to validate, that the extension was correctly registered.