Managing Users & Administrators

  1. Overview
    1. Users are People
  2. Managing Users
    1. Roles
    2. Inviting a New User
    3. Editing an Email Address
    4. Changing the Owner
  3. API Users
    1. Development vs Production
  4. Users and Support
    1. Product Information
    2. Shared Accounts

1. Overview

In CheddarGetter, users can have access to multiple product accounts and each product account can have multiple users. This article will detail each of the three roles, explain how to add new users, change ownership of a product, and grant administrator status. Follow this guide to keep your users straight!

1.1 Users are People

It's important to note that each user represents an individual. Under no circumstances should user accounts be shared. Shared accounts make it difficult for your team to accurately report issues and for our team to accurately troubleshoot them. This topic will be covered in more detail in Section 4 below.

2. Managing Users

A product owner has complete control over who has access to the product. When inviting collaborators, you may select which products new users will have access to. Please note that only owners and administrators can invite new users. More on that in 2.1 - Roles. You may invite as many users as you wish. After logging into CheddarGetter, go to the Manage Users page to find a table including all current users and user invitations.

Fig. 1: The User/Product many-to-many relationship

User_Roles.png

2.1 Roles

There are three "roles":

  • Owner - The user who creates a product is automatically designated as that product's owner. A product can only have one owner, but that role can be assigned to another user at any time. You can read more on changing ownership below.

  • Administrator - An administrator has all of the rights of an owner with the exception of downgrading/canceling the product account.

  • User - A user has all of the rights of an administrator except a user does not have access to the 'Manage Users' interface. Permissions for the "user" role may change in the future.

2.2 Inviting a New User

Go to the Manage Users page and click "Invite a New User". You will be prompted to enter an email address and select "Administrator" if you want this user to be an administrator. If you have more than one product, you can select which products the new user will have access to. The invitee will then receive an email with instructions for completing the new user registration process.

Note - new user invitations expire after 24 hours.

2.3 Editing an Email Address

It's not possible to edit an existing user's email address. To do that, invite a new user at the new email address. An invitation is then sent to that email address to complete registration. You may then optionally revoke access from the old user.

2.4 Changing the Owner

The current owner may go to the Manage Users page, and click "Change Owner". You may then select the new owner, and also for which products they will have ownership. Only existing users and administrators can become owners. If you need to relinquish ownership to someone that hasn't signed up yet, invite them as a new user before granting them ownership.

3. API Users

We suggest that you have a dedicated API user account for your system. Down the road, if a standard user is accessing the API regularly and all of a sudden changes her/his password, that user will lose access and you will run into trouble. To save headaches like this, create a dedicated user that will only be used for the API.

An alternative method to authenticating to the API is by using the product API key. Login to the CheddarGetter app, and go to https://cheddargetter.com/admin/configuration/settings. There, under the Product heading, you will see a 'Secret Key.' This is a special API key for your product. If you are using this API key as your credentials to login to the API, make sure the API user has access to the product.

3.1 Development vs Production

It's considered best practice to have two separate API user accounts for the development and production environments. This minimizes the potential for a development codebase to unintentionally communicate with the production product account.

4. Users and Support

When a user asks a question via our support forum, that thread is tied directly to that user's account. All product and customer information that our team uses to troubleshoot any threads opened by the user is pulled from that user account.

4.1 Product-specific Information

When discussing a specific product account, our support team requires that the inquiring user has access to the account in question.

4.2 Shared Accounts

As stated in Section 1, your users are people. Each user account represents an individual to our system and to our support team. Although it may be tempting to create a blanket admin account to share with various members of your organization, this is not advisable. Having multiple individuals using the same user account to contact support muddles communication and ultimately slows down the support process. If multiple users need to be aware of an issue, our support team has a process in place to enable group communication without the threat of information being missed or tickets being duplicated.

In short, please do not share user accounts.

Tracking Behavior

Shared accounts also prevent you from being able to accurately attribute account activity to an individual. Using the example users from Fig. 1, if Marc, Maggie, and Jess are sharing an account - admin@example.com - any action taken within CheddarGetter is logged and associated with that username. If Marc opens a thread and wants to know why customer Jane was deleted, the only information our team can give is that it was manually deleted by admin@example.com. He'll have to determine on his own if it was Jess or Maggie who deleted the Customer.