Create a Cirro user account manually, through bulk upload, set passwords and authentication.

Scenarios

You can create user accounts in three different ways, with different passwords and authentication. A user must be granted a Cirro role so they can login, and you can then grant database permissions.

Some scenarios include

You can mix and match these scenarios, and even make adjustments later.

Once you’re set the user up, then you can add Roles, Cirro permissions, Database privileges and system object privileges.

Create single user

You’ll need a unique user name and the user’s email address.

  • Click Users & Roles then View all users.

  • Click Create User.

  • Enter the Login ID. This is the unique account name used to login to Cirro.

  • Set the password type:

Type Description Additional choices
Standard Once chosen you can have the system generate a password for you, or enter one yourself. When the user logs in, they’re prompted to change the password.  
Timed One Time Password The user is sent a QR code which can be ready by any smartphone authenticator app. The app generates a six digit code which is then used as the user password  
Both… The account has both Standard and TOTP passwords. The user then combines their standard and TOTP password when loggin in (e.g., mypassword123456).  
  • Choose authentication.

  • Choose the account validation.

Type Description
Account Always Valid Toggle on for no expiration date/time
From grid Select when the account is valid from, day, month, year and time.
To grid Select when account is valid to.
Timezone Choose the timezone the dates apply to.
  • Click Next.

Cirro Roles

You can use the Cirro Roles page to grant any Cirro roles to the new user.

Also available are Cirro’s built-in roles, created to speed the onboarding process. Each allows login to Cirro and a subset of Cirro permissions.

Cirro Role Description
secure_connect secure_connect allows users to login to Cirro and execute SQL on single datasources.
federated_read_only the federated_read_only role allows users to execute SQL queries on groups of datasources, but only as read-only.
federated_read_write the federated_read_write role allows users to execute SQL queries on groups of datasources and write to these databases.
data_migrator The data_migrator role is used for data management to manage and execute data copy projects.
cirro_admin The administrator role that has all Cirro permissions to allow complete administration of the Cirro system.
  • Tick roles then use the arrow keys to grant or revoke them.

  • Toggle Grantable so any user granted the parent role can grant the child role to other users.

  • Click Next.

Grant Cirro Permissions

Cirro permissions are required to access different Cirro functionality and are equivalent to specific Cirro SQL commands.

  • Select permissions then use the arrow keys to grant or revoke them.

  • Click Next.

Grant Database credentials

When you grant a credential, the database username and password restricts access to the data within. You can grant an additional level of security by defining object access.

Granting a credential is a two step process.

  • First, click to open the credential dialog.

  • Second, choose the Datasource, then enter the appropriate username and password. For example, for a DBA user, you’d use the DBA username.

  • Click Add Credential.

Once added, the new credential is added to the page. You can edit the username and password or delete them.

  • Click Next.

Define object access

To add an additional level of security, you can grant specific permissions at the schema, database, object and column level.

Click NEXT until the System Object Permissions page opens.

This is a three-step process.

  • First, click click to open the object picker.

    • Choose the system, database and object, then click the arrow keys to grant them.

    • Click OK when finished.

  • Second, tick each privilege (e.g., SELECT, DELETE, UPDATE) and use the arrow keys to grant or revoke.

  • Third, set an encryption key (if required).

    • Select the objects then click Encryption Keys.

    • Tick each key then use the arrow keys to grant or revoke.

    • Click OK when finished.

  • Click Finish to save the user.

Create Multiple Users

Set up a headerless utf-8 .csv file which contains the user ID and email address of multiple users.

Once uploaded you can grant Cirro roles and database privileges to them all in one go.

Use these instructions to create an upload file.

Create upload file with Google Drive

Google drive creates utf-8 CSV files by default.

  • Login to your Google Drive Account and open a new Google Sheet.
  • Add your users in the form username, email@domain.com:
          jsmith,jsmith@acme.com
bbaggins,bbaggins@acme.com
wecoyote,wecoyote@acme.com
  • Click File then Download As and Comma Separated File.

Create upload file with Microsoft Excel

This works for Microsoft Excel 2013 and 2016.

  • Open Microsoft Excel.
  • Add your users in the form username, email@domain.com:
          jsmith,jsmith@acme.com
bbaggins,bbaggins@acme.com
wecoyote,wecoyote@acme.com
  • Choose File, Save As then enter the filename and browse for a folder.
  • Choose Tools and Web Options.
  • Choose UTF-8 in the Encoding tab of the Web Options dialog.
  • Click OK then Save when finished.

Upload Users

  • Click Users & Roles then View all users.

  • Click Create User.

  • Click Bulk Upload

  • Browse your drive and select your .csv file. Then click Ok.

  • Set the password type:

Type Description Additional choices
Standard Once chosen you can have the system generate a password for you, or enter one yourself. When the user logs in, they’re prompted to change the password.  
Timed One Time Password The user is sent a QR code which can be ready by any smartphone authenticator app. The app generates a six digit code which is then used as the user password  
Both… The account has both Standard and TOTP passwords. The user then combines their standard and TOTP password when loggin in (e.g., mypassword123456).  
  • Choose authentication.

  • Choose the account validation.

Type Description
Account Always Valid Toggle on for no expiration date/time
From grid Select when the account is valid from, day, month, year and time.
To grid Select when account is valid to.
Timezone Choose the timezone the dates apply to.
  • Click Next

Cirro Roles

You can use the Cirro Roles page to grant any Cirro roles to the new user.

Also available are Cirro’s built-in roles, created to speed the onboarding process. Each allows login to Cirro and a subset of Cirro permissions.

Cirro Role Description
secure_connect secure_connect allows users to login to Cirro and execute SQL on single datasources.
federated_read_only the federated_read_only role allows users to execute SQL queries on groups of datasources, but only as read-only.
federated_read_write the federated_read_write role allows users to execute SQL queries on groups of datasources and write to these databases.
data_migrator The data_migrator role is used for data management to manage and execute data copy projects.
cirro_admin The administrator role that has all Cirro permissions to allow complete administration of the Cirro system.
  • Tick roles then use the arrow keys to grant or revoke them.

  • Toggle Grantable so any user granted the parent role can grant the child role to other users.

  • Click Next.

Grant Cirro Permissions

Cirro permissions are required to access different Cirro functionality and are equivalent to specific Cirro SQL commands.

  • Select permissions then use the arrow keys to grant or revoke them.

  • Click Next.

Grant Database credentials

When you grant a credential, the database username and password restricts access to the data within. You can grant an additional level of security by defining object access.

Granting a credential is a two step process.

  • First, click to open the credential dialog.

  • Second, choose the Datasource, then enter the appropriate username and password. For example, for a DBA user, you’d use the DBA username.

  • Click Add Credential.

Once added, the new credential is added to the page. You can edit the username and password or delete them.

  • Click Next.

Define object access

To add an additional level of security, you can grant specific permissions at the schema, database, object and column level.

Click NEXT until the System Object Permissions page opens.

This is a three-step process.

  • First, click click to open the object picker.

    • Choose the system, database and object, then click the arrow keys to grant them.

    • Click OK when finished.

  • Second, tick each privilege (e.g., SELECT, DELETE, UPDATE) and use the arrow keys to grant or revoke.

  • Third, set an encryption key (if required).

    • Select the objects then click Encryption Keys.

    • Tick each key then use the arrow keys to grant or revoke.

    • Click OK when finished.

  • Click Finish to save the user.

Duplicate User Privileges

For this scenario you’ll need an existing user to copy from.

  • Click Users & Roles then View all users.

  • Click Create User.

  • Enter the User ID.

  • Choose Set Like Another User

  • Toggle the following as required:

Toggle Description
DB Credentials Logins to specified databases within Cirro.
Roles Built in and manually created Cirro roles. These contain a subset of Cirro privileges such as CONNECT which allows a user to login to the system.
Direct privileges Granted privileges on Database objects.
  • Click Next.

The new user is created and has the same credentials, roles and privileges as the user you copied, depending on the toggles selected.