You are reading the documentation for an outdated Corteza release. 2023.9 is the latest stable Corteza release.

Corteza Admin

Corteza Admin Panel is a platform designed for system resource management such as users, roles permissions and application.

To access Corteza Admin Panel, click on a new tab and select it from the list of available applications. Alternatively you can navigate to the appropriate URL.

You must have Administrator rights to access and edit this part of Corteza system.

If you do not have permissions to access the admin panel, contact your system administrator.

Dashboard

The dashboard section can be accessed by clicking on the "Dashboard" navigation item on the left navigation drawer.

The dashboard provides a quick overview over the system. It provides an overview of system resource statistics, such as the number of users, number of active roles and applications.

Action Log

The action log interface can be accessed by clicking on the "Action log" navigation item on the left navigation drawer under the system item group.

The interface provides an insight into the actions registered by a system, such as accessing users, fetching records, creating modules and much more.

The action log comes in handy when debugging the system as it provides a rich insight into the system without the need of low-level system understanding.

The interface allows you to:

Listing actions

Registered actions are displayed in a table in the middle of the interface. The table provides a brief overview of the action:

  • The timestamp of when the action was registered,

  • the user that caused the action to be registered,

  • what part of the exposed system caused the action to be registered (eg. api/rest),

  • what resource was involved when registering the action,

  • what action was being performed,

  • some additional description to help understand the action,

  • the status of the action:

    • info: an informative log that something happened successfully,

    • warning: a warning that something did not go as expected but was not fatal, such as an invalid login attempt,

    • error: there was an error either in the internal system or in one of the extensions.

Inspecting actions

To inspect an action, click on the action (table row). This expands the row and provides more insight into the action.

Users

The users interface can be accessed by clicking on the "Users" navigation item on the left navigation drawer under the system item group.

A user is someone who can log in to the Corteza system.

Each user has Email, Full name and Nickname (handle). Additionally, each user has a username (=email) and password to enable them to log in to the system (referred as credentials).

The interface allows you to:

Managing permissions

To manage permissions related to the user resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any user

Determines if the given role is allowed to access information of any user,

Update any user

Determines if the given role is allowed to update the information of any user,

Delete any user

Determines if the given role is allowed to delete any user,

Suspend any user

Determines if the given role is allowed to suspend any user,

Unsuspend any user

Determines if the given role is allowed to unsuspend any user,

Show email details for any user

Determines if the given role is allowed to see the email corresponding to any user,

Show name details for any user

Determines if the given role is allowed to see the name corresponding to any user,

The ability to manage the visibility of emails and names was introduced with the user masking privacy feature. It allows a specific role to know about other users but they can’t necessarily know of their private information.

Adding users

To add a new user, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the user.

  • Email address,

  • full name,

  • handle (sort of like a nickname).

After saving the user, a new interface is provided where you can edit the newly created user.

The user edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the user, such as their email and username, It also provides the options of deleting the user or temporary suspending the user.

Password

This section allows you to define a new password for the user,

Role membership

This section allows you to manage the roles of the given user.

Every user is a member of the dynamic role "Everyone".

The user edit interface also allows you to define permissions specific to the given user. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(user name)"

Determines if the given role is allowed to access information of the given user,

Update "(user name)"

Determines if the given role is allowed to update the information of the given user,

Delete "(user name)"

Determines if the given role is allowed to delete the given user,

Suspend "(user name)"

Determines if the given role is allowed to suspend the given user,

Unsuspend "(user name)"

Determines if the given role is allowed to unsuspend the given user,

Show email details for "(user name)"

Determines if the given role is allowed to see the email corresponding to the given user,

Show name details for "(user name)"

Determines if the given role is allowed to see the name corresponding to the given user,

Listing users

Users can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only non-suspended users and so on. It also supports pagination and sorting.

Editing users

Users can be edited by pressing on the edit icon next to each row in the user list, that opens up a new interface.

The user edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the user, such as their email and username, It also provides the options of deleting the user or temporary suspending the user.

Password

This section allows you to define a new password for the user,

Role membership

This section allows you to manage the roles of the given user.

Every user is a member of the dynamic role "Everyone".

The user edit interface also allows you to define permissions specific to the given user. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(user name)"

Determines if the given role is allowed to access information of the given user,

Update "(user name)"

Determines if the given role is allowed to update the information of the given user,

Delete "(user name)"

Determines if the given role is allowed to delete the given user,

Suspend "(user name)"

Determines if the given role is allowed to suspend the given user,

Unsuspend "(user name)"

Determines if the given role is allowed to unsuspend the given user,

Show email details for "(user name)"

Determines if the given role is allowed to see the email corresponding to the given user,

Show name details for "(user name)"

Determines if the given role is allowed to see the name corresponding to the given user,

Roles

The roles interface can be accessed by clicking on the "Roles" navigation item on the left navigation drawer under the system item group.

A role defines a user group with a specific set of permissions on the resources. A role is a key part of Corteza Role-Based Access Control (RBAC).

Each role has a name, a system handle and a set of permissions on resources.

The interface allows you to:

Managing permissions

To manage permissions related to the role resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any role

Determines if the given role is allowed to access information of any role,

Update any role

Determines if the given role is allowed to update the information of any role,

Delete any role

Determines if the given role is allowed to delete any role,

Manage members for any role

Determines if the given role is allowed to add or remove members to any role.

Adding roles

To add a new role, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the role.

  • Name,

  • handle.

After saving the role, a new interface is provided where you can edit the newly created role.

The role edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Listing roles

Roles can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only active roles and so on. It also supports pagination and sorting.

Editing roles

Roles can be edited by pressing on the edit icon next to each row in the role list, that opens up a new interface,

The role edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Applications

The applications interface can be accessed by clicking on the "Applications" navigation item on the left navigation drawer under the system item group.

The interface allows you to:

Managing permissions

To manage permissions related to the application resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any application

Determines if the given role is allowed to access any application,

Update any application

Determines if the given role is allowed to update any application,

Delete any application

Determines if the given role is allowed to delete any application,

Adding applications

To add a new application, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the application.

  • Name,

  • if active.

After saving the application, a new interface is provided where you can edit the newly created application.

The application edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Listing applications

Applications can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only active applications and so on. It also supports pagination and sorting. Out of the box, these applications are already configured:

  • Messaging,

  • Low Code,

  • CRM,

  • Jitsi Video,

  • Corteza Admin Area,

  • Google Maps.

Editing applications

Applications can be edited by pressing on the edit icon next to each row in the role list, that opens up a new interface,

The application edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Settings

The settings interfaces can be accessed by clicking on the "Settings" navigation item on the left navigation drawer in each one of the available Corteza systems

System settings

Authentication

This section allows you to customize authentication related settings such configuring email, requiring email confirmation or disabling internal authentication all together,

Email

This section allows you to customize the email template that will be used when sending emails from the internal system (password reset, registration confirmation, …​),

External authentication

This section allows you to configure external authentication providers, such as Google and Facebook. See Configuring external providers for configuration details.

The ability to disable internal login can be useful when wanting to force the users to either use external authentication providers or using a different system for their authentication.

Configuring external providers

Google

To enable Google authentication you need to create a client ID:

  1. Go to Google Sign-in Guide and click on "Configure a project" button

  2. Select and existing project or create a new one

  3. Set a product name (i.e. Corteza)

  4. On "Configure your OAuth client" screen select "Web browser" and paste the URL where your Corteza system is running (inlcuding https://)

  5. Copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit

Facebook

To enable Facebook authentication you need to create Facebook app to receive Client key and Secret:

  1. Go to Facebook for developers website, click on "Add a new app" and choose a name of the app (i.e. Corteza) or select and existing app

  2. In the list of available products search for "Facebook Login" and click on "Set Up" button

  3. Select "Web" platform and paste the URL where your Corteza system is running

  4. Go to "Settings" and then "Basic" in the left sidebar

  5. Copy and paste "App ID" to "Client key" inside Corteza Admin panel

  6. Copy and paste "App Secret" to "Secret" inside Corteza Admin panel and hit Submit

Github

To enable Github authentication you need to register Github application to get unique Client ID and Client Secret:

  1. Go to this link and create a new OAuth application

  2. Copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit.

LinkedIn

To enable LinkedIn authentication you need crete a LinkedIn application:

  1. Go to this form, fill out the form and click on "Create app"

  2. Go to Auth section and copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit.

Low Code

Basic

This section allows you to define some basic user interface and system options, such as attachment limitations and some minor user interface tweaks.

Messaging

Basic

This section allows you to define some basic user interface and system options, such as attachment limitations and some minor user interface tweaks.

One

Logo

This section allows you to customize the interface by interpolating your own logo instead of our own,

Panels

This section allows you to configure the default layout, such as open panels and the open tabs.

Permissions

The permissions interfaces can be accessed by clicking on the "Permissions" navigation item on the left navigation drawer in each one of the available Corteza systems.

This interface allows you to define some of the more general permissions such as the actual access to a specific service. Refer to …​ for a more fine-grained overview over all the possibilities.

Corteza system

System service permissions

Allow access to administration

Determines if the role is allowed to access the administration panel (the web application being defined here),

Grant permission on system service

Determines if the role is allowed to grant permissions on system service,

Access all settings

Determines if the role is allowed to access any setting defined under the system,

Manage all settings

Determines if the role is allowed to manage and edit any setting defined under the system,

Create new organization

Determines if the role is allowed to create a new organization,

Create new role

Determines if the role is allowed to create a new role,

Create new user

Determines if the role is allowed to create a new user,

Create new application

Determines if the role is allowed to create a new application,

Allow reminder assignment

Determines if the role is allowed to assign reminders to other users.

When denying access to system settings, this also prevents their usage from inside automation scripts or any other operation that might read these settings.

Organizations

Access to all organizations

Determines if the role is allowed to access any organization.

Applications

Access any application

Determines if the role is allowed to access any application,

Update any application

Determines if the role is allowed to update any application,

Delete any application

Determines if the role is allowed to delete any application.

Users

Read any user

Determines if the role is allowed to access any user,

Update any user

Determines if the role is allowed to update any user,

Delete any user

Determines if the role is allowed to delete any user,

Suspend any user

Determines if the role is allowed to suspend any user,

Unsuspend any user

Determines if the role is allowed to unsuspend any user,

Show email details

Determines if the role is allowed to see the email address of any user,

Show name details

Determines if the role is allowed to see the name of any user.

The ability to show/hide email address/name can be useful when defining a community instance and we wish to keep some privacy.

Roles

Read any role

Determines if the role is allowed to see any role,

Update any role

Determines if the role is allowed to update any role,

Delete any role

Determines if the role is allowed to delete any role,

Manage members for any role

Determines if the role is allowed to add/remove members from any role.

Corteza Low Code

Service permissions

Access to compose

Determines if the role is allowed to access Corteza Low Code,

Create namespaces

Determines if the role is allowed to create namespaces for Corteza Low Code,

Grant permissions on compose service

Determines if the role is allowed to manage permissions for Corteza Low Code,

Access all settings

Determines if the role is allowed to read any setting for Corteza Low Code,

Manage all settings

Determines if the role is allowed to manage any setting for Corteza Low Code.

If a role doesn’t have access to the Corteza Low Code, they will also not be able to access any application defined as a Corteza Low Code namespace.

Namespaces permissions

Access any namespace

Determines if the role is allowed to access any Corteza Low Code namespace,

Update any namespace

Determines if the role is allowed to update any Corteza Low Code namespace,

Delete any namespace

Determines if the role is allowed to delete any Corteza Low Code namespace,

Manage any namespace

Determines if the role is allowed to manage any Corteza Low Code namespace,

Create modules under any namespace

Determines if the role is allowed to create modules for any Corteza Low Code namespace,

Create charts under any namespace

Determines if the role is allowed to create charts for any Corteza Low Code namespace,

Create pages under any namespace

Determines if the role is allowed to create pages for any Corteza Low Code namespace.

Modules permissions

Read any module

Determines if the role is allowed to access any Corteza Low Code module,

Update any module

Determines if the role is allowed to update any Corteza Low Code module,

Delete any module

Determines if the role is allowed to delete any Corteza Low Code module,

Create record under any module

Determines if the role is allowed to create records for any Corteza Low Code module,

Read records under any module

Determines if the role is allowed to access records for any Corteza Low Code module,

Update records under any module

Determines if the role is allowed to update records for any Corteza Low Code module,

Delete records under any module

Determines if the role is allowed to delete records for any Corteza Low Code module.

Module fields permissions

Read any module field

Determines if the role is allowed to see any Corteza Low Code module field,

Update any module field

Determines if the role is allowed to update any Corteza Low Code module field.

Charts permissions

Read any chart

Determines if the role is allowed to see any Corteza Low Code chart,

Update any chart

Determines if the role is allowed to update any Corteza Low Code chart,

Delete any chart

Determines if the role is allowed to delete any Corteza Low Code chart.

Pages permissions

Read any page

Determines if the role is allowed to see any Corteza Low Code page,

Update any page

Determines if the role is allowed to update any Corteza Low Code page,

Delete any page

Determines if the role is allowed to delete any Corteza Low Code page.

Corteza Messaging

Service permissions

Access to messaging

Determines if the role is allowed to access Corteza Messaging,

Grant permissions on messaging service

Determines if the role is allowed to grant permissions on Corteza Messaging,

Access all settings

Determines if the role is allowed to access any Corteza Messaging setting,

Manage all settings

Determines if the role is allowed to manage any Corteza Messaging setting,

Create public channels

Determines if the role is allowed to create public Corteza Messaging channels,

Create private channels

Determines if the role is allowed to create private Corteza Messaging channels,

Create direct messages and group channels

Determines if the role is allowed to create direct Corteza Messaging channels to a specific user or a set of,

Channels permissions

Update any channel

Determines if the role is allowed to update any Corteza Messaging channel,

View any channel

Determines if the role is allowed to access any Corteza Messaging channel,

Join any channel

Determines if the role is allowed to join any Corteza Messaging channel,

Leave any channel

Determines if the role is allowed to leave any Corteza Messaging channel,

Delete any channel

Determines if the role is allowed to delete any Corteza Messaging channel,

Undelete any channel

Determines if the role is allowed to undelete (restore) any Corteza Messaging channel,

Archive any channel

Determines if the role is allowed to archive any Corteza Messaging channel,

Unarchive any channel

Determines if the role is allowed to unarchive any Corteza Messaging channel,

Manage members on any channel

Determines if the role is allowed to add or remove any Corteza Messaging channel members,

Manage attachments on any channel

Determines if the role is allowed to manage attachments of any Corteza Messaging channel,

Message sending on any channel

Determines if the role is allowed to send massages to any Corteza Messaging channel,

Reply to messages on any channel

Determines if the role is allowed to reply (create threads) to any Corteza Messaging channel message,

Embedding in messages on any channel

Determines if the role is allowed to embed external resources to any Corteza Messaging channel message,

File attaching on any channel

Determines if the role is allowed to upload files (attachments) to any Corteza Messaging channel,

Update own messages on any channel

Determines if the role is allowed to update own messages of any Corteza Messaging channel,

Update any message on any channel

Determines if the role is allowed to update any message or any Corteza Messaging channel,

Delete own messages on any channel

Determines if the role is allowed to delete own messages of any Corteza Messaging channel,

Delete any message on any channel

Determines if the role is allowed to delete any message of any Corteza Messaging channel,

React on messages on any channel

Determines if the role is allowed to add reactions to any message of any Corteza Messaging channel,

Automation

The automation interface can be accessed by clicking on the "Automation" navigation item on the left navigation drawer.

This interface provides an overview of all registered automation scripts. It provides a user-friendly list that defines the automation script’s label, description, triggers and issues when processing the code.

There are currently two different interfaces for System (shows system resource scripts) and Low Code (shows compose resource scripts).

Use this interface to validate, that the extension was correctly registered.