Configuration
Configuration
Breadcrumbs

Users (Authentication and Database Authorisation)

When the internal Database provider is used, Anjana Data Platform manages user authentication through the Users table in the Configuration Panel.
This table contains the users who can log in to the platform and subsequently receive permissions/roles to operate in the various Anjana Data Platform portals.

Adding users

Users of the Database provider can be registered through three mechanisms:

  1. Manual registration from the Configuration Panel
    Recommended method for creating users individually.
    Path: Schemas → Users → New.

  2. Registration via API
    Allows automating user provisioning from external processes.
    (Refer to the Zeus Users API documentation for more details.)

  3. User synchronization
    Available via the action: Actions > Syncronize users

The Users Table in the Configuration Panel (Administrator View)

The users table stores the basic information of each user authenticated/authorized via database.

image-20251201-162500.png

To view and access the Users table within the Configuration Panel, the user must have a role with permissions for the CREDENTIAL_ADMIN action on the ANJANA subtype.

Table structure

Each user is defined by the following fields:

  • Id: unique identifier of the user in the table.

  • userName: unique identifier of the user in the application or the identity provider integrated with the Platform.
    It is the name with which the user registers and logs in to the Anjana Data Platform portals.

  • firstName: first name of the user.

  • lastName: last name(s) of the user.

  • email: email address of the user.

  • phone: phone number of the user.

  • title: title of the user (informational field, not mandatory).

  • Password: hash of the user's password in BCrypt format. The hash is unique per user, even for identical passwords. It can be generated with any standard BCrypt tool.

  • isServiceUser: boolean indicating whether this is a service user for securing microservices (true) or a named user (false).

Adding users to the Users table

The registration and management of users via the Anjana Data Platform Administrator Panel is performed in the Users table.

  1. To create a new user, click New.

  2. The creation wizard prompts you to fill in the fields described in the Structure section.

  3. Click Save to save the user or Cancel to discard.

For authentication via Database, the user will use the plaintext password (before hashing) as their password, which is validated against the Password field.

Modifying users in the Users table

Modification of the attributes associated with a user (userName) can be done with caution.

  1. Go to Schemas → Users within the Configuration Panel.
    The list of existing users will be displayed.

  2. Locate the user you want to modify:

    • You can search by userName, email or other fields available in the table using the filters.

  3. Open the user's details by clicking the pencil icon that opens the editing panel:

  4. Modify the required fields:

    • firstName

    • lastName

    • email

    • phone

    • title

    • Password (only if you wish to change the password)

  5. Save the changes using the Save button.

Important:

  • For changes to take effect immediately, it is recommended to clear caches from the Configuration Panel using the Actions > Clear cache option.

  • It is not recommended to change values that were populated via synchronization with the corporate identity management system, unless those values are not present in that system.

Important considerations

  • userName is a unique identifier.
    It is not recommended to modify it except in exceptional cases, as it is the login value and may be referenced in permissions/roles or in a user-type attribute in an object's template.
    If it is modified:

    • if there are users referenced in user-type attributes in any template, a bulk edit must be performed to remove any such references.

    • it must comply with all restrictions of the userName field (uniqueness, length, valid characters, etc.).

    • the user will need to log in with the new value.

  • Password change
    If the password is updated, the field to modify is password, which must be a valid BCrypt hash.
    The user will use the plaintext password corresponding to that hash when logging in.

  • isServiceUser
    This is an informational field. It should not be modified manually unless indicated by the platform team.

Configuring users via direct database access (Developer View)

The creation and maintenance of internal users in Anjana Data Platform (authentication by Database) is performed on the zeus.users table. It stores the user identity data and their encrypted credential.

Column

Data type

Constraints / Notes

id_user

int4 (INTEGER)

Not null. PK. Internal user identifier. Must be unique.

email

varchar(254)

Unique. User's email address. Can be null, but if provided it cannot be duplicated.

first_name

varchar(50)

User's first name. Optional.

last_name

varchar(50)

User's last name(s). Optional.

password_hash

varchar(60)

Not null. Password hash. Length compatible with BCrypt.

phone

varchar(255)

Contact phone number. Optional.

title

varchar(255)

User's position/role. Optional.

user_name

varchar(50)

Not null. Unique. Username for internal login.

is_service_user

bool

Indicates whether this is a service user. Default value false.

Relevant constraints and indexes

  • Primary key: users_pkey (id_user)

  • Email uniqueness: UNIQUE (email)

  • Username uniqueness: UNIQUE (user_name)

  • Case-insensitive username uniqueness:
    CREATE UNIQUE INDEX unique_lower_username ON zeus.users (lower(user_name::text));
    This prevents duplicates due to uppercase/lowercase differences (e.g., jgarcia and JGarcia).

Authentication considerations

  • The password_hash field must be stored encrypted, not in plaintext.

  • The expected format is a BCrypt hash (hence the size of 60).

  • If a user is inserted without a valid hash, they will not be able to authenticate.

Note: the exact procedure for hash generation (cost factor, library, etc.) must follow the deployment/security technical guide of the installation. It is not recommended to generate hashes manually without using the official method.

Example of user creation via SQL

Below is an example of how to register named users:

SQL
INSERT INTO zeus.users (
    id_user, email, first_name, last_name, password_hash,
    phone, title, user_name, is_service_user
) VALUES
(1, 'ana.lopez@empresa.com', 'Ana', 'López',
 '$2a$10$u1oS7m0y4v5B8uYVg0WwJeWwBq0wO6T8z7pBq8cY3oZfM2a8n4c9S',
 NULL, 'Data Steward', 'alopez', false),

(2, 'svc_anjana@empresa.com', 'Anjana', 'Service',
 '$2a$10$QwErTyUiOpAsDfGhJkLzXeCvBnMmNnBbVvCcXxZzAaSsDdFfGgHh',
 NULL, 'Service Account', 'svc_anjana', true);