Too often our clients run into the issue of managing users in their Panviva application. To some extent this topic is covered in this article , but it focuses on the manual aspect of the task at hand. In this article I would like to cover the benefits of taking advantage of our built-in automated synchronisation.
Users and their role assignment can be loaded into Panviva via a comma-separated file. This type of load can be scheduled to run automatically as a scheduled task or the synchronisation may be triggered manually, for example when you have an updated file. Every time a new version of the file is loaded, users get updated, added or removed, including their role information. The core principles of the user synchronisation process are:
|A user appears in the input file, but is not listed in the Panviva application||The user is created in the system and added to all roles they are associated with in the input file. The user is marked as managed by the system.|
|A role appears in the input file, but is not listed in the Panviva application||The role is created in the system. All users, this role is associated with, are added to it. The role is marked as managed by the system.|
|A user doesn’t appear in the input file, but is listed in the Panviva application and marked as managed by the system||The user is deleted, i.e. taken out of the system completely.|
|A user exists in both the input file and Panviva application, but the input file contains a different first name/last name/email address.||The user’s first name/last name/email address is updated with the new one as per input file entry.|
|A user exists in both the input file and Panviva application, but the input file lists only two roles this user should be in, whereas the user is listed in three roles in Role Management, only one of which corresponds to the input file entries.||The user is removed from the two roles which do not appear in the input file and is added to a new role listed in the input file.|
|A user exists in both the input file and Panviva application, but the input file lists only one role this user should be in, whereas the user is listed in two roles in Role Management, one corresponding to the input file entry and one NOT marked as managed by the system.||No action is taken.|
Users and roles included in the input file will be added to the role called ‘imported’. This identifies that they are managed by the system (future synchronisations). If a user is added to Panviva manually via User Management, that user will remain unaffected by the synchronisation, unless they are subsequently added to the input file. Only then would the system take control. The roles themselves will not be deleted. Due to obvious security restrictions, passwords may not be set or changed using this feature.
We now have clients from all our regions (Australia, North America and Europe) successfully managing their users using a fully automated end-to-end synchronisation process.
- A client generates an input file listing all users (and possibly roles) they want to manage. This is typically scripted to extract active users from an internal user management system and produce a CSV-formatted file our system accepts;
- A client transfers this file to our external secure FTP location at a regular interval;
- Panviva picks up this file and imports into the application, thus synchronising the content of the input file with what appears in the system.
Managing users and roles in such a way achieves two main objectives: 1) eliminates the need to manually create and assign a user to roles, 2) eliminates the need to manually delete a user when they leave, thus freeing up a license and removing a potential security breach.