User management is a feature that allows you to create and manage the users and their permissions within the platform. The platform offers predefined policies that can be assigned to users to ensure they have secure and appropriate access to specific operations and resources, which improves efficiency and security.
This guide will walk you through the steps on how to create and manage users, and how to control user access.
Users
The Users section in the Administration module allows you to create, manage and delete users on the platform. The following are the operations that you can perform in the Users section. You must have the Administrator policy to perform these operations:
Create a new user
This section provides instructions on how to create a new user account on the platform.
Note: This feature is not applicable for the Single Sign On (SSO) users.
The platform can be integrated with SSO, allowing you to use your organization’s login credentials to access the platform. You can only access the platform with Viewer Policy during your initial login. Your access Policy will change based on your roles and responsibilities. Contact the Platform Administrator if you wish to modify your policy.
- Head to the Administration module and select User management.
- In the Users tab, click Create User.
- On the Create new user page that appears, enter the First name, Last Name, a unique User name and Email.
- Select the appropriate predefined Policies from the drop down list and then click Submit.
Note: You can assign multiple policies to a user.
Note: The platform offers predefined policies that are configured based on attributes. To customize these policies, contact our support team at mapsupport@intellectdesign.com. For more information about policies, see Policies section.
Edit user account information
This section provides instructions on how to edit user account information on the platform.
Note: For SSO users, only the policies field can be edited.
- Head to the Administration module and select User management.
- In the Users tab, select the user whose information you wish to modify.
- On the User account information page that appears, click Edit account.
- Make the desired changes to the user’s information and click Submit.
Note: You can assign multiple policies to a user.
Remove a user
This section provides instructions on how to delete an existing user from the platform.
Note: SSO users who no longer need access must be removed from the platform and the in-house SSO portal to prevent unauthorized access.
- Head to the Administration module and select User management.
- In the Users tab, select the user you wish to delete.
- On the User account information page that appears, click
and select Delete.
Reset password
This section provides instructions on how to reset the password.
Note: This feature is not applicable for users who sign in using Single Sign On (SSO).
- Head to the Administration module and select User management.
- In the Users tab, select the user whose password you wish to reset.
- On the User account information page that appears, click Reset password. The respective user will then receive an email to reset their password.
Attribute based access control
Attribute Based Access Control (ABAC) is a method of controlling access for users based on their attributes (characteristics), the resource they are trying to access, and the environment in which the access is being requested.
According to NIST, ABAC is defined as “an access control method where subject requests to perform operations on objects are granted or denied based on assigned attributes of the subject, assigned attributes of the object, environment conditions, and a set of policies that are specified in terms of those attributes and conditions.”
Access control methods protect your sensitive digital assets. The two most recommended access control methods today are role-based access control (RBAC) and attribute-based access control (ABAC). The main difference between RBAC and ABAC is the method of providing access. RBAC grants access based on roles, while ABAC grants access based on a wider range of factors, such as the user’s attributes, the object’s attributes, and the action being performed.
ABAC is more flexible and granular than RBAC, allowing for fine-grained control and dynamic decision-making. The Platform uses ABAC to control access to its resources. This means that users can only access the modules and permissions that they are authorized to access, based on their attributes, the resource they are trying to access, and the environment in which the access is being requested. The policies define which users have access to which modules and permissions. For more information about the policies, see Policies section.
Policies
A policy is the set of permissions that determines what actions a user can perform on the platform modules and its resources. For example, a policy can permit users to access one or more modules, and to some or all the actions associated with those modules. This approach allows users to only access the information and features that they need, which can improve security and usability.
Currently the platform offers six predefined policies such as Creator, Annotator, Viewer, Manager, Reviewer, and Administrator.
Note: The platform also offers customized policies. Contact our support team at mapsupport@intellectdesign.com to create customized policies.
Predefined policies
The following table displays the predefined policies along with their descriptions:
| Policy | Description |
| Creator | The creator policy allows users to have full access to the Asset Studio, Document Library, Asset Monitor and Human-in-the-Loop modules. Creators can create and manage document sets, build, deploy, consume, and monitor assets. They also have limited access to the Administration module to only define and manage document types. |
| Annotator | The annotator policy allows users to only annotate assets in the Asset Studio module. Annotators can also delete annotations, import and export annotations, and view the history of annotations. |
| Viewer | The viewer policy allows users to access the platform modules such as Asset Studio, Asset Monitor and Human-in-the-Loop. Viewers are read-only users and cannot create, edit, or delete assets. |
| Manager | The Manager policy allows users to access only the Asset Monitor module. Managers can monitor the assets, activate and deactivate assets, enable manual review, and set threshold limits. |
| Reviewer | The reviewer policy allows users to access only the Human-in-the-Loop module. Reviewers can review transactions, verify and correct the fields that have fallen below the threshold settings. |
| Administrator | The administrator policy allows users full access and permissions to all modules in the platform. Administrators have exclusive permissions to add and manage users and their permissions within the platform. They can also establish connectors for document upload. |
The following table shows the modules and the permitted actions that users can perform using each policy:
| Modules | Permissions | Administrator | Creator | Viewer | Reviewer | Manager | Annotator |
| Administration | Add, edit and remove users | ✔ | |||||
| Assign predefined policies | ✔ | ||||||
| Create, edit and delete the document type(s) | ✔ | ✔ | |||||
| Add, configure and delete connectors | ✔ | ||||||
| Add, edit and delete the URL aliases and Download the API | ✔ | ||||||
| Document Library | Create, update and delete document set(s) | ✔ | ✔ | ||||
| Asset Studio | View all assets, search for an Asset | ✔ | ✔ | ✔ | ✔ | ||
| Create, Annotate, Train, Fine-tune, Validate, Review results, Publish, Retrain, Download Asset API, Upload Asset image, Edit Asset name, and Delete an Asset. | ✔ | ✔ | |||||
| Annotate documents, import, export annotation and review annotation | ✔ | ✔ | ✔ | ||||
| Human-in-the-Loop | View the list of transactions flagged for manual review | ✔ | ✔ | ✔ | ✔ | ||
| Review, verify and correct the fields that have fallen below threshold limits | ✔ | ✔ | ✔ | ||||
| Asset Monitor | View performance metrics of operational assets, search for an Asset | ✔ | ✔ | ✔ | ✔ | ||
| Activate and deactivate assets | ✔ | ✔ | ✔ | ||||
| Enable manual review and set threshold limits | ✔ | ✔ | ✔ | ||||
| Consume an asset via Create Transaction | ✔ | ✔ | ✔ |
Assign a predefined policy
New User
You can assign a predefined policy to a new user when creating their account. For more information about assigning a predefined policy to a new user, see Create a new user section.
Existing User
To update the policy for an existing user, follow the instructions below:
Note: If you are an SSO user, you can only access the platform with the Viewer Policy during your initial login. Contact the Platform Administrator if you wish to modify your policy.
- Head to the Administration module and select User management.
- In the Users tab, select the user whose policy you wish to update.
- On the User account information page that appears, click Edit Account.
- In the Policies field, assign the appropriate policies.
Note: You can assign multiple policies to a user.
Login to the Platform