memoQ TMS - Users and groups

Authentication and authorization

The security of the memoQ TMS is built on access control. A user who wants to access a resource or a project on a memoQ TMS must pass two security gates. The first is called authentication, and the second gate is authorization.

Authentication means that the server has some means to verify who the user is. In most systems – including the memoQ TMS – you need to type a user name and a password to gain access to the server.
Authorization means that you also need to have sufficient permissions to perform specific operations on the server. So, if you successfully authenticate, you can receive permissions, but you do not necessarily have them automatically.

A user can have permissions on two levels:

Permissions over the entire server: You can have permission to create or remove users, create online projects, share resources etc.
Permissions over a specific resource: For example, you can have permission to perform lookups, or add new entries to a translation memory, or edit the entire translation memory.

For more information on permissions to access specific resources, see Help about Permissions.

Built-in groups

The server-level permissions are defined by the group you belong to. Every user on a server belongs to a group. An administrator can create groups, but the memoQ TMS comes with these built-in groups:

Administrators : Members can create and modify projects, even those where they are not added as project manager. They can create, edit or delete translation memories, term bases and other resources. They can create and manage users and groups. They can change all of the the server's settings.
Everyone: Every user on the server is member of this group.
In-country reviewers: Members (typically subject matter experts) can use the In-country review tool to for checking translated documents to ensure that their flow and context are correct. They cannot use the webtrans translation editor to open documents. This is an exclusive group: its members cannot be in any other built-in group.
Internal translators: Members can check out online projects. They can see and use translation memories and other resources if they have permission. Normally, a new resource allows Internal translators to access it.
Language Terminal vendors: If the memoQ TMS is connected to Language Terminal, Language Terminal users are allowed to log in to memoQ TMS. The users taken from Language Terminal will automatically be members of this group.
memoQweb external users : If your client appoints people to work with terminology on the Qterm terminology management system, place their user accounts in this group.
webtrans priority: Members of this group always get a license when they log in to memoQweb, even if that means taking a license away from another user. Ideal for customers who should always be served first.
Project managers: Members are allowed to create users and projects, and they can create, edit, or delete translation memories, term bases and other resources on the server.
Publishers: Members are allowed to share local resources on the memoQ TMS.
Resource lookup via API/plugins: If there are users who access translation memories from a different tool, place them in this group. Members have read-only access to translation memories and term bases from plugins that use memoQ TMS's API. An example is the translation memory plugin for Trados Studio. Members can only access those resources where they also have explicit permission.
Resource update via API/plugins: If there are users who need to update translation memories from a different tool, place them in this group. Members have read and write access to translation memories and term bases from plugins that use memoQ TMS's API. An example is the translation memory plugin for Trados Studio. Members can only access those resources where they also have explicit permission.
Terminologists: Members can approve changes in moderated term bases; they can list and use term bases created with default permissions.

Important: Users in an online project have specific roles. The groups on a memoQ TMS are completely independent from the project roles, with one exception: online projects must be created by a member of the Project managers or the Administrators group. In other words, the project manager in an online project must always be a member of the Administrators or the Project managers group.

Managing users

An administrator can create user accounts through the User management category of the Server administrator . As a minimum, the administrator must specify a user name, a password, and a full name for the user. Optional details include a postal address, an e-mail address, and phone numbers.

For a full description of the fields, see Help about the User properties window.
For a full description of the user management options, see Help about Server administrator: User management.
The administrator can also add the user to a group on the memoQ TMS. If the administrator specifies no groups, the user will be member of the Everyone group.

When a user no longer needs access to the server, the user account can be deleted. However, if the same user needs access again, the permissions cannot be restored by creating a user account of the same name – and the permissions can be plenty and complex. If you, as an administrator, are not sure whether or not a particular user will need access in the future, you can disable a user account instead of deleting it.

With the memoQ TMS, the users cannot change their passwords. If the passwords need to be changed or reset, the administrator needs to take action. To change the password for a user, you need to edit the details of the user account: open Server administrator, choose User management, select the user, then click Edit to open the User properties window.

Managing groups

An administrator can create groups on a memoQ TMS. Groups have the following benefits:

Simplify administration of resource-level permissions. Instead of individual users, you can grant permissions to a group. When a group is granted a specific permission, all members have that permission.
Provide logical grouping: A project manager can use logical grouping for a better orientation in choosing a specific user for a specific role.
Organizations using online projects do not use groups heavily. Online projects have a role-based permission system: when you create an online project, memoQ will automatically grant the necessary permission to each team member, based on their role and their assigned job. On the other hand, if your organization does not use online projects, but uses the memoQ TMS to publish translation resources to a large number of users, using groups to grant permissions may come in very handy.