User Management
The user management functionality of Ditto Hybrid Platform allows for the organization and regulation of both internal and external users. These users are classified according to their system roles and their integration with external systems like LDAP. The following sections provide a detailed breakdown of how internal and external users are handled, the roles they are assigned, and how permissions are mapped to these roles.
Note
Definition In This Section :
Internal User / Internal Role : User / Role which created by Ditto Hybrid Platform system
External User / External Role : User / Role from any system that integrated with Ditto Hybrid Platform system
Internal Users and Roles
Internal Users
Ditto Hybrid Platform automatically creates default internal user accounts for each predefined internal role. These users are assigned specific access rights based on their roles within the system. Internal users are primarily categorized into the following roles:
Username |
Default Password |
Role |
|---|---|---|
passw0rd$1 |
Administrator |
|
123456 |
User Manager |
|
123456 |
Data Scientist |
|
123456 |
Fraud Officer |
These users can manage various aspects of the system depending on their assigned role, from user management to model training and project handling.
Internal Roles and Permissions
Each internal user is granted permissions based on their assigned role, which determines their access rights and the actions they can perform within the system. The table below outlines the default roles and the corresponding permissions.
Role Name |
Description |
|---|---|
Administrator |
Full access to manage users, projects, data sources, models, and application logs. |
User Manager |
Limited to managing users, adding, editing, and deleting user accounts. |
Data Scientist |
Responsible for managing projects, data sources, and models. Cannot modify user settings. |
Fraud Officer |
Handles model evaluation and reporting but does not manage user accounts or project configurations. |
Role - Permissions Overview
Each of Default Internal Role mapped to Permissions to grant access rights for User based on their Internal Role.
Note
Only Internal Role will mapped to Permissions. External User will get its Internal Role from mapping between Internal Role and External Role
Description |
Administrator |
User Manager |
Data Scientist |
Fraud Officer |
|---|---|---|---|---|
View users |
|
|
|
|
Add user |
|
|
|
|
Edit user |
|
|
|
|
Delete user |
|
|
|
|
Add project |
|
|
|
|
Delete project |
|
|
|
|
Update data source |
|
|
|
|
Update mapping |
|
|
|
|
Update models |
|
|
|
|
Import model |
|
|
|
|
View model |
|
|
|
|
Report models |
|
|
|
|
Train models |
|
|
|
|
Test evaluation |
|
|
|
|
Manual evaluation |
|
|
|
|
View data subset |
|
|
|
|
Export data to excel |
|
|
|
|
Update activity status |
|
|
|
|
Run activity |
|
|
|
|
View server log |
|
|
|
|
View client log |
|
|
|
|
Reset Password |
|
|
|
|
Unlock User |
|
|
|
|
Agent Project Mapping |
|
|
|
|
External Users
LDAP Integration
Ditto Hybrid Platform supports the authentication of external users through integration with an LDAP server. This integration allows for one-way synchronization of external user data from the LDAP server into the system. The synchronization process ensures that the system regularly updates its user list to reflect changes made in the LDAP server.
External users are mapped to internal roles based on their LDAP group memberships. These roles grant the external users the necessary permissions to access Ditto Hybrid Platform. Without an internal role assignment, external users cannot access the system.
LDAP User Attributes
When synchronizing external users, the system retrieves the following attributes from the LDAP server:
LDAP Attribute |
Friendly Name |
|---|---|
givenName |
First Name |
sn |
Last Name |
userPrincipalName |
User Logon Name |
distinguishName |
(No specific name) |
cn |
Common Name |
objectGuid |
External User ID |
External Role
The external users’ roles within the Ditto Hybrid Platform system are derived from the memberOf attribute, which corresponds to the groups they belong to within the LDAP server. These group memberships define which external roles they will assume in the system.
Administrator of Ditto Hybrid Platform will assign an internal Role for external user. Only after external user have an internal role given by administrator, they can login and authenticated to access the applications.
Managing User Accounts
User accounts can be managed through the Users menu, accessible via the application’s left sidebar. This feature is available to users who have the necessary permissions to access and manage user accounts. The following operations can be performed:
Create Internal User: Administrators can create new internal user accounts by filling out the necessary details. Internal users will assigned specific roles later that govern their access permissions.
Edit User: Existing user accounts can be updated, both internal user and external user, specifically their internal roles. This allows administrators to modify a user’s access rights or resetting user’s password without altering other user details.
Note
Password reset functionality is available only upon a user’s request. This action can only be performed by administrators or users who have the necessary permissions.
Update Multiple User Roles: Administrators can also update the roles of multiple users at once. To do so, simply tick the
Change Rolecheckbox next to any users whose roles you want to update. After selecting the users, choose the new role to assign from the available options and click theUpdate Rolesbutton to apply the changes. This feature allows for efficient role management when dealing with multiple users.
Delete & Recover User: Users can be deleted from the system by selecting the corresponding delete option next to their user ID. This action will mark the user as Inactive in the system.
Note
Recovering the user back to the system can only be done by administrators or users who have the necessary permissions, and will reset user password to default.
Synchronize External Users: External users can be synchronized from the LDAP server by selecting the
Create New Useroption in the External Users tab. This process updates the list of external users and ensures that any changes made to the LDAP server are reflected in the system.
By managing both internal and external users effectively, administrators can ensure that the right people have access to the right resources within Ditto Hybrid Platform while maintaining control over user permissions and system security.