Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

User Account Management

Topics to cover:

  • The hierarchy of users.
  • The superadmin users and their privileges.
  • The admin users and their privileges.
  • Normal users and their privileges.
  • Adding and removing users.
  • Password recovery via email.
  • Reseting a user password.
  • Multi-factor authentication (MFA).

How to Add a User to Ridgeback

By default, Ridgeback only allows users listed in the .env file to access the server. This ensures that only authorized users can view your data, though you can adjust these settings to allow anyone or restrict access to certain email domains.

User Permission Levels

Ridgeback has three permission levels for users:

  • SuperAdmin: Can access all data, manage users, and more across all organizations.
  • Admin: Can manage data and users within their assigned organization.
  • User: Can view all data within their organization.

SuperAdmin and Admin users need to be specifically listed in the .env file. If you set AllowAnyUser to true, anyone can register with an email address as a User.

To restrict registration to specific email domains (like your company's), set the EmailEndsWith parameter to your domain.

Steps to Add Users

  1. Open the .env File

    • Go to \Program Files\Ridgeback\ on Windows or ~/Ridgeback/ on Mac/Linux.
    • Open the .env file to edit the user lists.

  2. Add Users to the List

    • Locate the SuperAdminList, AdminList, or UserList in the .env file.
    • Add emails to the appropriate list, separating each email with a comma (no spaces).
    • Example: 
      AdminList=johnsmith@myco.com,ceo@myco.com,tco@myco.com
UserList=employee@myco.com,staff@myco.com,johnsmith@myco.com

  3. Restart the Server

    • After updating the .env file, you'll need to restart the Ridgeback server to apply changes.
    1. Open a command line window (Command Prompt, PowerShell, or Terminal).
    2. Navigate to the Ridgeback folder:
      • On Windows: 
        cd \Program Files\Ridgeback\
      • On Mac/Linux: 
        cd ~/Ridgeback/
    3. Stop and Remove the Server Container:
      • Run this command: 
        docker compose rm -sf server
      • If you receive a permissions error, use sudo: 
        sudo docker compose rm -sf server
    4. Rebuild and Start the Server:
      • Run the following command to rebuild and start the server in the background: 
        docker compose up -d server
      • Or, if necessary, use sudo: 
        sudo docker compose up -d server

  4. Register New Users

    • Any email addresses added in the .env file should now be registered at https://localhost/#register.
    • Once registered, you can log in with the new user credentials.

How to Delete a Specific User

Is a user unable to reset their password because your Ridgeback instance is not configured with an email server?

Here’s an example script to delete the account associated with sample_email@example.org. This script handles a single email address at a time. After running it, a browser window will open, allowing you to re-register the email address.

set local
SET email=sample_email@example.org
docker compose exec surface /usr/bin/mysql  -h %DatabaseHostname% -u %DatabaseUser% --password=%DatabasePassword% -e "USE CustomerDb; DELETE CustomerDb.User, CustomerDb.Permissions, AuthenticationDb.Auth, AuthenticationDb.Recovery FROM CustomerDb.User LEFT JOIN CustomerDb.Permissions     ON CustomerDb.User.UserId = CustomerDb.Permissions.UserId LEFT JOIN AuthenticationDb.Auth     ON CustomerDb.User.UserId = AuthenticationDb.Auth.UserId LEFT JOIN AuthenticationDb.Recovery     ON CustomerDb.User.UserId = AuthenticationDb.Recovery.UserId WHERE CustomerDb.User.Email = '%email%';"
echo The account for %email$ is deleted.
explorer "https://localhost/#register?email=%email%
pause