Users and Groups

Accounts vs Stroom Users

See Accounts vs Users for details on the difference between a Stroom User Account and a Stroom User.

User

A Stroom User represents a human user and is linked to either a User Account in Stroom or to a user account in an external Identity Provider (IDP) Identity Provider (IDP) An Identity Provider is a system or service that can authenticate a user and assert their identity. Identity providers can support single sign on (SSO), which allows the user to sign in once to the Identity Provider so they are then authenticated to all systems using that IDP.Click to see more details.... It can also represent a non-human processing user, e.g. where a Stroom User is created and has an API Key API Key API Keys are a form of authentication token that are created within Stroom for use by Stroom-Proxy instances or other clients that want to use Stroom’s API. It is an encrypted string that contains details of the user and the expiration date of the token. Possession of a valid API Key for a user account means that you can do anything that the user can do in the user interface via the API.Click to see more details... created for it to allow a client system to use Stroom’s API API Application Programming Interface. An interface that one system can present so other systems can use it to communicate. Stroom has a number of APIs, e.g. its many REST APIs and its /datafeed interface for data receipt.Click to see more details....

All audited activity in Stroom will be attributed to a Stroom User and their unique identifier will be included in the audit events.

A User can have the following:

• Membership of one or more Groups.
• One or more Application Permissions Application permission This is a permission that is not specific to a single document. It applies to all documents or is not related to documents in any way.Click to see more details... granted to it.
• One or more Document Permissions Document permission Document permissions control the access that users and/or groups have to a Document.Click to see more details... granted to it.

Group

A Group represents a collection of Stroom Users and/or other Groups. A Group can be used to ease the management of application and document permissions by granting permissions to one Group then adding users to that Group. For example if all the users in a team require the same application and document permissions, then a Group can be created for them and the permissions assigned to the Group. When a user joins or leaves the team it is simply a case of editing the membership of the Group.

A Group can have the following:

• One or more members (Users and/or other Groups).
• Membership of one or more other Groups.
• One or more Application Permissions Application permission This is a permission that is not specific to a single document. It applies to all documents or is not related to documents in any way.Click to see more details... granted to it.
• One or more Document Permissions Document permission Document permissions control the access that users and/or groups have to a Document.Click to see more details... granted to it.