FAQ - User Permissions & Roles
I'm a Gemini Administator why can't I see Project X, Field Y, Functionality Z?
Membership of the Gemini Administrator User Group gives access to the Gemini site's admin section, nothing else. For members of this group to see projects they must be in the "Can View Project" role on that project's permission set. If Gemini Administrators are in the "Can Only View Own Items" role, they will only see items they create or items where they are the assigned resource. In other words, all normal restrictions on projects, screens and functionality apply to members of this group.
I'm a Gemini Administator and the explanation above still doesn't explain why I can't see Field Y or access Functionality Z?
Gemini applies the most restrictive permission from all the User Groups a person is in. Run the Report for a user on the User Maintenance screen. The most restricted role they have on any given project is the one that will apply.
What is the Portal User Group and how are its members treated differently from other User Groups?
Portal users are members of a group that is defined on the "People...Options" tab of the admin section. These users have a different login welcome message, can only see the Grid View, and they are either in "Can Only View Own Items" or "Can Only View Own Organization Items" roles on a project.
How can I have a customer see all the tickets for their organization (only) and not just their own?
You have to create an Organization for your customer and define the users that are its members. Normal members of the company will be in a User Group associated with "Can Only View Own Items", but the user(s) who should see all the tickets for the organization should be in a separate User Group that is associated with the role "Can Only View Own Organization Items". This latter role 'grants access to the items for all the members of an organization.
I need to free up a seat on my license, can I delete a user?
Yes, if the user has no records associated with them. No, if they have records associated with them. Gemini will not let you 'break' connections and data integrity but you can disable the user. Disabled users are not included in your license count.
How do I stop a user from seeing specific projects?
Create different Permission Sets for your projects and don't put the users in the "Can View Project" role on projects you don't want them to see.
I've added a user but they're not showing up in the system
Gemini caches data for performance, and users and roles are cached. You may have to wait for the cache to refresh, or you can force it to refresh by having the App Pool in IIS recycled. If you are a hosted customer, you can email Countersoft Support who will do this for you.
I cannot login to Gemini
If you are faced with a Gemini login screen then you need to contact your Gemini Administrator - your account may be locked out. You also need to contact your Gemini Administrator if you don't use username/password to login to Gemini (you use Windows Authentication) and you get an error screen with the words "Stop! You cant do that". If you do not see a Gemini login screen, you have not got to Gemini and this is a network problem for your internal IT.
Why can't I share my Workspace?
Gemini doesn't allow sharing across the board. For each User Group you must define which other groups its members can share with. You can simply share with the User Group "Everyone" if you have no restrictions, but that works best if subsequent sharing is with individuals. Once your sharing Groups are defined, you can share with those User Groups as groups, or with individuals who are members of those groups.
Sharing groups are defined in User Group Maintenance (see image of AD Group mapping below, which is configured in the same place).
Users in AD are not coming across. Why?
There are a number of possible reasons:
- You have not specified the right options in the Active Directory configuration.
- Your AD User Group is not mapped to any User Group in Gemini.
- Your AD User group is a sub-group in AD. Gemini does not iterate through levels importing sub-groups, only users in a group.
If you cannot see the user(s) from an AD synch that you would expect to see, take the following steps:
- In System -> System Log, delete the log.
- Enable Diagnostic mode with the checkbox. Force AD Synch to run.
- Disable Diagnostic mode (or the log will quickly become very large).
- See if there are messages in the System Log (not the AD log) about the AD Group you have created, or any AD Groups.
- See if there are any messageds in the AD Timer App log about the user(s) you would expect to be imported.
Users are getting an error message saying "No Permissions" when we try to add new items
This is probably because you have added one or more users and exceeded your license limits. We don't tell users that you have exceeded your license, it doesn't seem right. We tell admins on the License screen.
We also tell admins on the User Maintenance screen, so it really should not come as a surprise.
Is there a log of user actions to delete records or change the config?
There is, but you have to enable it. The App you need to enable is an Event App called 'Administrator Log'. Enable this, and actions like item deletion and configuration changes will be logged.
If I use the Close Ticket Template, so users can close items, does the email recipient need to login?
No. The page to close the ticket does not require the user to be logged in.
Can I make changes to what users see in their profile?
Yes, if you are technically skilled, however your change(s) are not supported and you are responsible for re-implementing/merging them when you upgrade. The user profile page is to be found on the web server in Views\Account\Profile\_Profile.cshtml