User and Access Controls
The Organization is the core tenant in Live Data that houses your Users and Ledgers – it represents your business relationship with Live Data and contains business level settings such as user access controls, single sign-on, and billing information.
You can customize the name of your organization in the Settings menu. The settings menu also shows your organization ID, which is needed for some API calls.
In Live Data, a User is a top-level construct with their own authentication mechanisms and settings, configured by the User themselves. A user is granted access to an Organization by an Organization administrator.
When a user account is created, the user can choose to authenticate via password or other auth mechanisms (such as Google). For users that authenticate with a password, a password reset flow is available.
A user can change their user settings as needed by clicking on their name in the UI and then selecting Settings
. Here the user can change their display name, password, auth mechanism, and other properties.
To add users to your organization, use the Invite
link in the left-hand nav or the Team menu. Entering an email address will send that user an invite to your Organization with the specified permission.
Every user of your organization has an associated Role that defines the actions they are allowed to take within the organization. The currently supported roles are:
- Administrator - can perform any action in the organization, including user and billing management. The first user is automatically granted this role. Administrators can add and remove keys from any service account.
- Editor - users with this role can modify your ledgers, adding and removing people as needed
- Viewer - users with this role can only read data from your organization. They can see your ledgers, the people on them, and any updated contact data
To remove a user from your organization, navigate to the Team menu, locate the user you want to remove, and click the Remove
button. Confirming the user removal will prevent the users from accessing your Organization in Live Data.
When removing a user, you can choose to remove all of the service accounts that the user created. Whether or not you choose to remove the user-created service accounts, you may want to consider rotating the key material to prevent the user from using the API.
In Live Data, a Service Account is an account that can be used in automated software solutions to interact with the Live Data API - Service Account can not login to the UI. To manage your Service Accounts, navigate to the Team
page and the Service Accounts
tab. This will list all of the created service accounts along with their user-provided name and description and the user that created the account.
To create a new Service Account, click the Add
button on the Service Accounts page. Provide a name and description for the account and specify which role you want the account to have. Service Account roles are the same as user roles in terms of options and permissions.
Once you click the Create
button, you will be shown the API key for that service account. This key will not be shown again, so be sure to copy it and store it securely.
In some cases you may need to rotate or create a new key for a service account. Find the Service Account and click on it to see the details. You will see a list of the keys for this account. Click the Add Key
button to create a new key, and the Remove
button to remove an existing key.
Only administrators or the user that created the service account can perform this action.
Click the Remove
button next to the service account to remove it. Removing a service account immediately revokes and disables any associated keys.