User, Groups and Roles

March 14, 2014 , by


Pistachio authenticates users through integrated Windows Authentication. However, users must have a user record within the Pistachio's Users table.

Creating users in Pistachio

The User Admin section provides administrators with the ability to add new user accounts. When adding a new user account,

  • you will first be shown a AD User dropdown, where you will be able to search for active directory users to create a Pistachio user for.
  • The Date Format drop-down allows you to select how dates will appear to the user, as well as the format they should use to enter dates into Pistachio.
  • The User Groups drop-downs allow you to add the new user to one or more user groups. By default, all users are automatically added to the Everyone group.

Once you click save, other user information - First Name, Middle Name, Last Name and Email are automatically synced from Active Directory.

The following features are available in user's view page:

  • The User Activity tab allows you to view the user's security history and object history. Using this tab, it's easy to isolate a user's recent logins and online activity (adds, edits, downloads, uploads, etc...).
  • You can impersonate a user by clicking on the Impersonate User link at the top of their user account view page. This feature allows you to troubleshoot any issues a user might be having. To exit impersonation, just click the Logout (Impersonation) link, and you will be returned to the view page of the user account.


All users in Pistachio belong to at least one user group. Pistachio ships with a few predefined user groups, with three of them crucial to the platform operating properly:

  • Everyone
  • Anonymous User
  • Admin

Neither of these three user groups should be deleted under any circumstances.

Using the *Active Directory Group' drop-down, you can tie a Pistachio Group to an Active Directory Group. This way the users are automatically placed in proper group when they are synced.

You may add as many new user groups into Pistachio as you would like. They will be stored in the platform's Groups database table. After adding a user group, it will be possible to map the group to different roles for different applications.


Roles are used to logically group a set of access rights, which are in turn are mapped to Groups in a per application basis to restrict access to the application.

For each Role , you may define the following rights.

  • View Rights
  • Search Rights
  • Add Rights
  • Edit Rights
  • Delete Rights
  • Export Rights
  • Pivot Report Rights

Pistachio ships with some default Roles. A description of each one is below:

  • Add Only
  • Administrator
  • Bulk Read-only
  • Manager
  • Read-Only
  • Super-User
  • Writer

Synchronization with Active Directory

Upon each successful login of a user, the information from Active directory is synced back to the Pistachio's user table.