Administration

Administration#

The admin section is accessible to superadmins only and is reachable from the sidebar. It covers five areas: organisations, departments, users, access management, and settings.

Data model#

The LEAF Portal uses a three-level hierarchy for organising data access:

Organisation
  └── Department
        └── Entity  (individual sensor / device)

Access to sensor data is controlled through access grants (managements), which bind a user to a scope within this hierarchy.

Organisations#

URL: /admin/organisations

Organisations are the top-level tenants — typically an organisation, company, or research group. Each department belongs to exactly one organisation.

Organisations overview

Creating an organisation#

  1. Click Add organisation.

  2. Enter a unique name.

  3. Click Save.

Deleting an organisation#

An organisation can only be deleted if it has no departments. Remove all departments first.

Departments#

URL: /admin/departments

Departments are subdivisions within an organisation. Sensor data is always tagged with a department.

Departments overview

Creating a department#

  1. Click Add department.

  2. Select the parent organisation.

  3. Enter a name (unique within the organisation).

  4. Click Save.

Department members#

Click the members icon on a department row to manage which users are associated with that department. Department membership is used for alarm rule ownership and portal UI filtering — it does not by itself grant data access (see Access Management below).

Users#

URL: /admin/users

User accounts can be created, edited, and deleted here. Each user has a name, email address, and password.

alt text

Creating a user#

  1. Click Add user.

  2. Fill in name, email, and password.

  3. Optionally tick Superadmin to grant full admin access.

  4. Click Save.

Resetting a password#

Click the edit icon on a user row and enter a new password.

Users can also reset their own password via the forgot-password link on the login page, provided SMTP is configured in Settings.

Access Management#

URL: /admin/access-management

Access grants (called managements) define what sensor data a user can see. A management is a named scope with optional filters:

Field

Meaning

Organisation

Which organisation’s data is included

Department

Restrict to one department (optional)

Entity

Restrict to one entity / sensor (optional)

Time start

Only data from this timestamp onwards (optional)

Time end

Only data up to this timestamp (optional)

Leaving a field empty means no restriction at that level. For example, a management with only an organisation set gives the user access to all data in that organisation across all departments.

User access

Creating an access grant#

  1. Click New access grant.

  2. Enter a descriptive name.

  3. Select the organisation and optionally narrow the scope.

  4. Click Save.

  5. Open the grant and add users to it via the members button.

Example scopes#

Use case

Organisation

Department

Entity

Full organisation access

WUR

Single department

WUR

SSB

Single entity

WUR

SSB

R1

Settings#

URL: /admin/settings

Database#

Reconnect the portal to a different TimescaleDB instance without restarting. Enter the new connection details and click Save & reconnect. The new credentials are also written to the .env file so they persist across restarts.

Field

Example

Host

timescaledb.example.com

Port

5432

User

leaf

Password

Database password

Database

leaf_portal

Mail (SMTP)#

Configure the outgoing mail server used for alarm notifications and password reset emails.

Field

Example

Host

smtp.example.com

Port

587

User

leaf@example.com

Password

SMTP password

From

leaf@example.com