Managing users and groups
Authentication and authorization
The security of the memoQ server is built on access control. A user who wants to access a resource or a project on a memoQ server must pass two security gates. The first is called authentication, and the second gate is authorization.
•Authentication means that the server has some means to verify who the user is. In most systems – including the memoQ server – you need to type a user name and a password to gain access to the server.
•Authorization means that you also need to have sufficient permissions to perform specific operations on the server. So, if you successfully authenticate, you can receive permissions, but you do not necessarily have them automatically.
For more information on permissions to access specific resources, see the Server management: Permissions topic.
A user can have permissions on two levels:
•Permissions over the entire server: You can have permission to create or remove users, create remote projects, share resources etc.
•Permissions over a specific resource: For example, you can have permission to perform lookups, or add new entries to a translation memory, or edit the entire translation memory.
The server-level permissions are defined by the group you belong to. Every user on a server belongs to a group. An administrator can create groups, but the memoQ server comes with five built-in groups:
•Administrators: Members of this group can perform all possible operations on the server. If you are member of the Administrators group, you can create and delete users, reset passwords, create and delete groups, share resources, create and manage remote projects, control mobile licenses, and change the server configuration.
•Everyone: All users on a memoQ server are automatically members of this group. The Everyone group has no permissions, but you can give resource-level permissions to the group. However, even if the Everyone group has permission to access a particular resource, the resource is not available to everyone on the network, only to those who manage to log on to the server using a user name and a password. In other words, the Everyone group covers all users that have been successfully authenticated.
•Internal translators: Members of this group can access resources and check out remote projects from the server. If you are member of the Translators group, you cannot share resources, create or manage remote projects, or manage users, mobile licenses, or the server configuration – basically nothing that would affect the general behavior or the configuration of the server.
•Language Terminal vendors: Contains users who are listed as vendors in the Language Terminal profile of the memoQ server owner. The group has no special privileges, but it can be granted permissions to resources as one unit.
•memoQWeb external users: Members of this group have access to qTerm , Kilgray's online terminology management tool, and memoQWebTrans, Kilgray's browser-based translation environment.
•memoQWebTrans priority: Members of this group have priority access (being granted a CAL license). When your organization uses CAL licensing, then members of this group are granted a translator pro CAL license, and a user who is using a translator pro CAL license is being kicked out instead.
•Project managers: Members of this group can perform project-related operations on the server. If you are member of the Project Managers group, you can share resources, and create and manage remote projects. Project managers cannot create or delete users with project manager rights and higher, control mobile licenses, or change the server configuration.
•Publishers: Members of this group can share resources on the server. If you are a member of the Administrators or Project managers group, you can also publish resources on a server. Is a user not member of the Administrators or Project managers group, he can only share resources of the groups he is a member of.
•Resource lookup via API/plugins: When an external application attempts to access resources on the memoQ server through the application programming interfaces (APIs), it becomes member of this group.
•Resource lookup via API/plugins: When an external application attempts to update or modify resources on the memoQ server through the application programming interfaces (APIs), it becomes member of this group.
•Terminologists: Regarding server-level permissions, this group is equivalent to Translators, with no privileges to change overall server behavior or configuration. This group can be a basis for a logical grouping of users, so that the project managers will be better oriented to choose a user for a particular role in a project.
Important: Users in a remote project have specific roles. The groups on a memoQ server are completely independent from the project roles, with one exception: remote projects must be created by a member of the Project managers or the Administrators group. In other words, the project manager in a remote project must always be a member of the Administrators or the Project managers group.
An administrator can create user accounts through the User management category of the Server administrator. As a minimum, the administrator must specify a user name, a password, and a full name for the user. Optional details include a postal address, an e-mail address, and phone numbers.
•For a full description of the fields, see the User properties dialog topic.
•For a full description of the user management options, see the Server administrator: User management topic.
The administrator can also add the user to a group on the memoQ server. If the administrator specifies no groups, the user will be member of the Everyone group.
When a user no longer needs access to the server, the user account can be deleted. However, if the same user needs access again, the permissions cannot be restored by creating a user account of the same name – and the permissions can be plenty and complex. If you, as an administrator, are not sure whether or not a particular user will need access in the future, you can disable a user account instead of deleting it.
With the memoQ server, the users cannot change their passwords. If the passwords need to be changed or reset, the administrator needs to take action. To change the password for a user, you need to edit the details of the user account: open Server administrator, navigate to the User management category, select the user, then click Edit to display the User properties dialog.
An administrator can create groups on a memoQ server. Groups have the following benefits:
•Simplify administration of resource-level permissions. Instead of individual users, you can grant permissions to a group. When a group is granted a specific permission, all members have that permission.
•Provide logical grouping: A project manager can use logical grouping for a better orientation in choosing a specific user for a specific role.
Organizations using remote projects do not use groups heavily. Remote projects have a role-based permission system: when you create a remote project, memoQ will automatically grant the necessary permission to each team member, based on their role and their assigned job. On the other hand, if your organization does not use remote projects, but uses the memoQ server to publish translation resources to a large number of users, using groups to grant permissions may come in very handy.