diff --git a/source/administration-guide/comply/embedded-json-audit-log-schema.rst b/source/administration-guide/comply/embedded-json-audit-log-schema.rst index 4da0a83b24e..f18d9ef424c 100644 --- a/source/administration-guide/comply/embedded-json-audit-log-schema.rst +++ b/source/administration-guide/comply/embedded-json-audit-log-schema.rst @@ -801,8 +801,8 @@ Access Control Events | ``updateActiveStatus`` | Updating active status of access control policies | +-------------------------------+-------------------------------------------------------------------+ -Custom Profile Attributes Events -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +User Attributes Events +~~~~~~~~~~~~~~~~~~~~~~~ +-------------------------------+-------------------------------------------------------------------+ | **Event Name** | **Description** | diff --git a/source/administration-guide/configure/user-management-configuration-settings.rst b/source/administration-guide/configure/user-management-configuration-settings.rst index 92c3a1390e8..584284a1de1 100644 --- a/source/administration-guide/configure/user-management-configuration-settings.rst +++ b/source/administration-guide/configure/user-management-configuration-settings.rst @@ -140,12 +140,25 @@ If you deactivate a Mattermost user who has integrations tied to their user acco - **Bot accounts** won't continue to work after user deactivation when the :ref:`disable bot accounts when owner is deactivated ` is enabled. This configuration setting is enabled by default. - **OAuth apps** won't continue to work after user deactivation, and associated tokens are deleted. Manual action is needed to keep these integrations running. +Manage user attributes +~~~~~~~~~~~~~~~~~~~~~~ + +From Mattermost v11.1, you can can view and update user attribute values for individual users directly from the System Console. This capability provides a centralized way to manage user profile attributes without requiring users to update their own profiles or using :ref:`mmctl user attribute commands `. + +1. Go to **System Console > User Management > Users** to access all user accounts. +2. Select a **User** to open their User Configuration page. +3. Scroll to the **User Attributes** section to view and edit the user's attribute values. +4. Update attribute values as needed and save your changes. + +.. note:: + + - User attributes must be created first through **System Console > Site Configuration > System Attributes > User Attributes** before they can be edited in individual user profiles. See the :doc:`User attributes ` documentation for details on creating and configuring attributes. + - Users can edit their own attributes if that attribute is configured as :ref:`user-editable `. + Delete users ~~~~~~~~~~~~~ -*Available from Mattermost Server v10.11* - -When using email/password for authentication, you can enable users to permanently delete their own accounts, or you can delete user accounts as a system administrator. +From Mattermost v10.11, when using email/password for authentication, you can enable users to permanently delete their own accounts, or you can delete user accounts as a system administrator. .. config:setting:: delete-users :displayname: Delete users @@ -182,9 +195,7 @@ When an account is permanently deleted, the following data is permanently remove What data is retained? ^^^^^^^^^^^^^^^^^^^^^^^ -The following data remains in the system after account deletion: - -- Audit logs referencing the user's actions, channel and team membership +After account deletion, audit logs referencing the user's actions, channel and team membership are retained. Manage user's roles ~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/manage/admin/user-attributes.rst b/source/administration-guide/manage/admin/user-attributes.rst index fd487ddcdb5..5fc64c02856 100644 --- a/source/administration-guide/manage/admin/user-attributes.rst +++ b/source/administration-guide/manage/admin/user-attributes.rst @@ -8,7 +8,7 @@ From Mattermost v10.8, ensure your teams always have the critical information th System attributes enable you to customize user profile attributes to match your organization's unique needs and streamline collaboration while keeping user data centralized and consistent. -From Mattermost v11, you have enhanced control over these custom profile attributes through admin-managed vs user-editable settings. By default, attributes are admin-managed for security, but you can explicitly allow user editing for specific attributes that don't impact access control or sensitive organizational data. These custom profile attributes supplement existing user details visible from the user's profile picture. +From Mattermost v11, you have enhanced control over these user attributes through admin-managed vs user-editable settings. By default, attributes are admin-managed for security, but you can explicitly allow user editing for specific attributes that don't impact access control or sensitive organizational data. These user attributes supplement existing user details visible from the user's profile picture. .. image:: ../../../images/cpa-properties.png :alt: Mobile examples of a user profile with custom user attributes added as system attributes. @@ -20,7 +20,7 @@ If you plan to synchronize system properties with your AD/LDAP or SAML identity .. tab:: Mattermost v11 or later - From Mattermost v11, custom profile attributes have enhanced admin controls with a security-first approach. All attributes are admin-managed by default, providing better security and governance. System administrators can explicitly enable user editing for specific attributes through the System Console interface. + From Mattermost v11, user attributes have enhanced admin controls with a security-first approach. All attributes are admin-managed by default, providing better security and governance. System administrators can explicitly enable user editing for specific attributes through the System Console interface. If your organization uses :doc:`attribute-based access control (ABAC) `, which requires an Enterprise Edition Advanced license, attributes used in access control policies should remain admin-managed for security reasons. You can enable user-managed attributes for ABAC by setting ``EnableUserManagedAttributes`` in ``config.json``, or via an environment variable as noted below, but this should be done with caution: @@ -51,7 +51,7 @@ If you plan to synchronize system properties with your AD/LDAP or SAML identity Admin-managed vs user-editable attributes ------------------------------------------- -From Mattermost v11, system administrators have enhanced control over custom profile attributes through admin-managed vs user-editable settings. This distinction provides better security and governance for organizational profile data. +From Mattermost v11, system administrators have enhanced control over user attributes through admin-managed vs user-editable settings. This distinction provides better security and governance for organizational profile data. **Admin-managed attributes** (default behavior): @@ -122,7 +122,9 @@ Manage attributes - **Delete**: Delete attributes you no longer need or want by selecting **More** |more-icon| and selecting **Delete property**. -- **User Edit Permissions**: From Mattermost v11, all custom profile attributes are admin-managed by default for enhanced security. To allow user editing for specific attributes, administrators can enable this through the **More** |more-icon| menu and selecting **Allow user editing**. This should only be enabled for attributes that do not impact security access controls or organizational policies. Attributes used in ABAC policies should remain admin-managed unless there's a specific business need and the security implications are fully understood. +- **User Edit Permissions**: From Mattermost v11, all user attributes are admin-managed by default for enhanced security. To allow user editing for specific attributes, administrators can enable this through the **More** |more-icon| menu and selecting **Allow user editing**. This should only be enabled for attributes that do not impact security access controls or organizational policies. Attributes used in ABAC policies should remain admin-managed unless there's a specific business need and the security implications are fully understood. + +- **Edit User Attribute Values**: From Mattermost v11.1, you can view and update custom profile attribute values for individual users through the System Console. See the :ref:`Manage user attributes ` documentation for details. In cases where multiple system admins manage system attributes, refresh your web browser instance to see real-time updates to system attributes made by other admins. @@ -131,7 +133,7 @@ Sync attributes with your identity provider 1. Synchronize a attribute with AD/LDAP or SAML by selecting **More** |more-icon| and selecting **Link attribute to AD/LDAP** or **Link attribute to SAML**. Mattermost takes you directly to the **AD/LDAP** or **SAML 2.0** configuration settings page in the System Console where you can map the attributes you want to synchronize. -2. Scroll to the **Custom profile attributes sync** section to specify the attribute used to populate the attribute in user profiles. +2. Scroll to the **User attributes sync** section to specify the attribute used to populate the attribute in user profiles. 3. Specify the attribute mapping for the attribute by entering the attribute name in the system attribute's **Attribute** field. The attribute name must match the attribute name in your identity provider. diff --git a/source/administration-guide/manage/mmctl-command-line-tool.rst b/source/administration-guide/manage/mmctl-command-line-tool.rst index db4cdc5287f..3ca82f917fb 100644 --- a/source/administration-guide/manage/mmctl-command-line-tool.rst +++ b/source/administration-guide/manage/mmctl-command-line-tool.rst @@ -2010,7 +2010,7 @@ mmctl cpa .. include:: ../../_static/badges/ent-adv.rst :start-after: :nosearch: -Manage Custom Profile Attributes (CPA) for extended user profile information. +Manage User Attributes for extended user profile information. Child Commands - `mmctl cpa field`_ - Manage CPA fields