Module Information and Requirements

The User Registration Module allows admin users, with the requisite permissions, to add new users, edit existing users, and delete users from the RhinoOMS system. RhinoOMS implements a multi-layered cloud-based security protocol that is separate from, but integrated into, the RhinoOMS app. Put simply, this means that to add/remove/delete a user from the RhinoOMS system, an admin must make physical changes within the RhinoOMS app, as well as physical changes to both Amazon Web Service’s (AWS) Redshift and S3 security permissions (via the AWS Console and awscli). This involves implementation within the RhinoOMS app, as well as AWS Query Editor (for Redshift) and AWS Identity and Access Management platform (for S3). This multi-layered approach helps to ensure RhinoOMS users are securely managed and site data are securely regulated. To proceed, please ensure you have the following:

  • Full user data (Full name, email, organisation details)
  • User permission levels, including site access permission and tab access permission
  • Admin S3 and Redshift credentials
  • Stable internet connection

Step-by-step guidelines for adding a user

Step 1

Start the RhinoOMS app, and ensure you are successfully logged into Redshift and S3.

Step 2

To add a user, enter their username (email address), first name, surname and organisation details within the specified text boxes. From the drop-down menu, specify their permission level, which indicates what their role will be whilst using the RhinoOMS system. Next, specify their site access permission—only choose “full” site access for admins. Next, specify the tab access permission afforded to the user—some users should only have access to limited functionality within the RhinoOMS app, but this level of customisation is up to the admin adding the new user.

Step 3

Click the Generate password button to create a secure password for the new user.

Step 4

Click the Add User button to submit the new user’s details to the RhinoOMS system. Please be patient and allow for the data verification process and upload to complete. This will automatically add the necessary credentials file to S3.

Step 5

If successfully, a popup with appear with the the new user’s ROMS credentials. This is the only chance to save the file and password. Click the Save Key button to download the authentication file to be shared securely with the new user. Click Dismiss only once you have saved all of the login information.

Step 6

Go to the AWS Console (https://aws.amazon.com), sign in using your admin AWS credentials, then go to Amazon Redshift and click on the Editor tab on the left of your screen. This will open a window to allow you to connect to the database behind the RhinoOMS system. Create a new connection on cluster - rhinooms using database name - rhinosdtbs, then enter the master username and password. Then click Connect to database. See image below:

Step 7

In the query editor console, enter the first SQL script to add a new user. Ensure only letters are used for the user’s id (e.g., NameSurname). The password should contain alpha-numeric characters (upper and lower case) and include one or more of the following special characters: _ * ! $ Finally, specify the group that the user should be affiliated to. Groups names can be viewed by running the second SQL script. 

create user NameSurname with password 'hsjwQd_84932kdSqnfk3ALW*JD103' in group aenpgroup;
select * from pg_group;

Step 8

To check which users are affiliated to a specific group, run the following SQL script: 

select usename from pg_user , pg_group  where
  pg_user.usesysid = ANY(pg_group.grolist) and
  pg_group.groname = 'aenpgroup';

Step 9

Open terminal (Mac or Linux) or Command Prompt (Windows). Ensure that the AWS command line interface software is installed on the admin’s machine (see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html), then ensure that awscli is correctly configured (see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html).

Step 10

Create the new user’s AWS IAM profile by entering the following script in Terminal/Command Prompt: 

aws iam create-user --user-name NameSurname

Step 11

Add the new user to the security group they should be affiliated to by entering the following script in Terminal/Command Prompt: 

aws iam add-user-to-group --user-name NameSurname --group-name rhinooms-aenp-r-w

Step 12

Take note that the group name contains -r and -w tags, denoting read permissions (i.e., view/download) and write permissions (i.e., upload), respectively. To enable a user to have both read and write functionality, please specify one of the -r-w group names as in the above example.

Step 13

Create AWS S3 credentials for the new user by entering the following script: 

aws iam create-access-key --user-name NameSurname

Step 14

Log into AWS Key Management Service (KMS) Console, and select Customer managed keys. Select RhinoOMS_EK and scroll down to the Key users box and add the new user, using the Add button.

Step 15

Provide the Redshift and S3 credentials to the new user via a secure cloud-based platform (e.g., 1Password). Do not distribute credentials over email, unsecure text message or in hard copy. Users should equally maintain secure management of their RhinoOMS credentials using a minimum of AES-256 bit encryption protocols.

Step-by-step guidelines for editing a user

Step 1

Ensure you are successfully logged into Redshift and S3.

Step 2

To edit a user, select the user from the menu drop-down, specify the column (aka. RhinoOMS attribute) to edit, then specify the new value in the last menu drop-down.

Step 3

Click the Edit User button to submit your edits to the RhinoOMS system. Please be patient and allow for the data verification process and modification to complete.

Step 4

If access levels or site access permissions are modified, ensure that the respective Redshift and S3 modifications are made to reflect those changes (see Step-by-step guidelines for adding a user).

Step-by-step guidelines for removing a user

Step 1

Ensure you are successfuly logged into Redshift and S3.

Step 2

To remove a user, select the user from the menu drop-down, then click the Remove User button to submit your edits to the RhinoOMS system. Please be patient and allow for the data verification process and removal to complete.

Step 3

Go to the AWS Console (https://aws.amazon.com), sign in using your admin AWS credentials, then go to Amazon Redshift and click on the Editor tab on the left of your screen. This will open a window to allow you to connect to the database behind the RhinoOMS system. Create a new connection on cluster - rhinooms using database name - rhinosdtbs, then enter the master username and password. Then click Connect to database. See image below:

Step 4

In the query editor console, enter the SQL script to remove the user: 

drop user NameSurname;

Step 5

Open terminal (Mac or Linux) or Command Prompt (Windows). Ensure that the AWS command line interface software is installed on the admin’s machine (see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html), then ensure that awscli is correctly configured (see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html).

Step 6

Remove the user’s AWS IAM profile by entering the following script in Terminal/Command Prompt: 

aws iam delete-user --user-name NameSurname

Problems?

If you experience any issues, please report it to the Issue Tracker.