Organisation set up
Different aspects of Organisational setup are organised in groups, depicted as tabs on the top of the System Administration.
Storage configuration
In PIQNIC, physical storage areas are organised in Volumes. A volume is a physical location for storing objects saved to PIQNIC.
A storage volume can be shared by a number of document classes. PIQNIC determines into which volume to write its files, using storage policies and primary storage volume setting in document class definition.
Each storage volume has a unique name and description.
Volume type
Volume type is used to select the type of volume. Currently there are two options available:
- Native
- Customer S3.
Native volume uses PIQNIC-managed S3 storage buckets and requires no further configuration.
Customer S3 volume type allows selection of one of the customer-managed S3 buckets on AWS. Bucket access details are set in Other organisation settings/ Custom S3 area.
PIQNIC storage is built on pluggable architecture which will over time see more storage providers being added to the list of Volume types.
Role of the write queue
Storage service uses write queue before the final document storage location can be determined (before storage policies run), to store documents temporarily until they are moved to the final location. This function is completely transparent to system users.
Write queue is also used whenever a document volume is not available (offline, full and no next volume set) to allow document ingestion. Once volume comes back online or the next volume is set for a full volume, documents stored in write cache are de-queued to their final location. All the while the system allows uninterrupted ingestion and retrieval of these documents.
It is important for system administrators to periodically monitor the number of documents in write queue (volume and queue status screen in service status and logs). Under normal circumstances it should be close to zero – if there is a build up of files, the root cause should be investigated and rectified.
Offline flag
Offline flag makes the storage volume unavailable for both write and read requests until the flag is cleared.
The system can set this flag automatically if it cannot validate Volume’s heartbeat. Flag is unset automatically when connectivity to the Volume is restored.
While this flag is set, the system will write newly ingested objects to the storage service’s write cache until it comes back online.
Whenever a volume goes offline, critical warning will be send to the admin log and Service Status updated.
Volume Full flag
Volume Full flag is used to prevent further writes to the volume.
We use this flag when we want to “close the volume off” for new documents while still leaving it available for retrieval of documents stored on it until the flag was set.
Assuming next volume is set and available, all write requests will be silently redirected to the next volume.
If the Volume Full flag is set and the next volume is not selected, the system will behave as if the volume location is not available. It will write newly ingested objects to the storage service’s write cache until the next volume is selected (or Volume Full flag removed).
Critical warning will be sent to the admin log and service status updated.
Backup flag
If this flag is set, volume cannot be associated with any document class or storage rule – in other words, it cannot be used to actively store PIQNIC documents.
It can only be used to back up one of the “normal” volumes.
Other functions available for volumes defined on the platform
The parameters above are set when creating a volume. Some of them (for example Description, Offline and Volume Full flags) can be changed for existing volumes by using Edit function.
Other functions available for volumes defined on the platform are:
- Info – Lists basic information about the volume, including document classes that are using it.
- Test – Performs basic functions on the volume (Read, Write, Delete) to confirm its operational status.
- Replace with backup volume – If we want to replace a production volume with its backup, we use this function to select one of the available backup volumes. This function should be used with caution as it fully and completely replaces the source volume and results in:
- replacing all file references in PIQNIC database from the old volume to the new volume
- all document classes and storage policies referencing old volume being updated with the backup volume
- backup flag being unset for selected backup volume
- volume being replaced immediately going offline.
- Reconcile – This function looks into discrepancies between the database and Volume and reports (and allows removal of) files that are in the database but not on the Volume and vice versa.
- Rebuild document indexes – Allows download of document metadata for all files stored on the volume. This may result in a very large file and in any case create substantial load for the system so it should be used with caution and at times outside heavy user activity.
- Delete volume – Removes all storage volume references from the system:
- Each object stored on affected volume is removed from the system’s database.
- Storage service will remove all objects from the volume before deleting it if the volume is online. Errors in execution are ignored.
- Re-assign document classes and storage rules to another volume. All document classes and storage policies referencing this volume will be updated. This function affects day-forward storage of files. It is equivalent to changing default volume in storage class definition or in storage policies.
If there are any backup jobs in running state, the system will warn to wait for completion.
Progress of volume deletion would be reported in Sevice Status and Logs
Backup management
In PIQNIC we can create a copy of any volume used for document storage to any other backup volume (volume with backup flag set).
Backup jobs
Backups are managed through Backup jobs. Backup jobs have unique names, descriptions and can be enabled or disabled.
Main parameters for each Backup job are Source and Target Volumes as well as the execution schedule, where we can set recurring backups.
Once defined, backup jobs can be edited or deleted and while they are running they can be paused, resumed or canceled using command buttons at the top of the backup details panel.
Roles
PIQNIC administration is based on roles that are established within PIQNIC environment.
The purpose of roles is to organise user accounts into role specific groups. These groups are then used for allocation of Searches, Save Profiles, Access policies, favourite URLs and other PIQNIC artefacts.
In PIQNIC, access and functionality providing access to PIQNIC documents can only be assigned to groups, not individual users.
Any user can potentially be a member of several roles. Roles members can see and use PIQNIC’s named artefacts assigned to each group they belong to.
User roles configuration has two panels:
- The left panel shows a list of roles available on the system.
- The right panel shows the configuration details of the selected role.
Roles can be created through “Add Role” button and removed using “Delete Role” button. Both buttons are at the top of the screen.
Permissions
Permissions control access to different functional areas of PIQNIC:
- Administration – Controls the access to the PIQNIC System Administration.
- Batch Import – Controls the access to the Batch Import function and its profiles.
- URL Access – Universal object referencing is a way to allow access to PIQNIC documents from other platforms. This can be restricted to only selected user roles.
- Can Purge documents – Members of a role can permanently remove documents from the system that are flagged for destruction by Retention policies. These users will be able to see and use “Deleted by Policy” tab in Deleted documents screen.
- Can Access Unindexed – Through configuration of Save Profiles it is possible to allow partial ingestion of documents where they are not indexed (classified) at the same time they are ingested. We call this deferred indexing. User having access to “Unindexed Documents” area of the PIQNIC application can perform document indexing at the later stage (deferred indexing).
- Access All – Allows access to all unindexed documents.
- Access Own – Allows access to one’s own unindexed documents
- Access Authored by – Allows access to unindexed documents created by selected Roles
- Access Ingested Through – Allows selection of specific Saved Profiles. Members of the selected role can perform indexing on documents ingested through selected Save Profile.
Assigned to tab
Assigned to tab is used to assign existing PIQNIC users to selected role.
System users can be searched and selected using Assign button.
Delete button will remove user from the role (but will not delete user account).
From this screen we can also add users to PIQNIC using “Add User” button in the upper right corner.
Access Policies tab
Access Policies tab allows assignment of one of the existing access policies to the selected user role.
Members of the role will inherit combination of all grants and restrictions embedded into each access policy assigned.
This screen also shows the type of access policy (View, Modify, Create). This is covered in more detail in Access policy configuration.
Access policies can be created using “Add Access Policy” button in the upper right corner – this functionality is covered in Access policy configuration.
Searches tab
Searches tab is used to assign existing PIQNIC searches to a selected role.
System searches can be browsed and selected using the “Assign” button.
“Delete” button will remove the search from the Role (but will not delete the search from the system).
From this screen we can also add searches to PIQNIC using “Add Search” button in the upper right corner.
Search management is described in Search configuration section
Save Profiles tab
Save Profiles tab is used to assign existing PIQNIC Save Profiles to a selected role.
System Saved Profiles can be browsed and selected using the “Assign” button.
“Delete” button will remove a Save Profile from the role (but will not delete Save Profile from the system).
From this screen we can also add Save Profile to PIQNIC using “Add Save Profile” button in the upper right corner.
Save Profile management is described in Save Profile configuration section
Favourites panel
Custom URLs can be assigned to the role.
These URLs will then be listed in the Favorites Panel of the home screen for each member of the role, alongside their personal favourite URLs.
If user is member of several roles, favourites are combined.
User configuration
In PIQNIC we have two types of users:
- Internal, and
- External.
External users
External users are not members of any roles and they do not have direct access to PIQNIC stored documents.
They are invited by task owners on ad-hoc basis to collaborate on specific PIQNIC tasks. They cannot create their own tasks or have access to any other system object outside tasks they are invited to.
External user panel therefore concentrates on providing basic information on external users and their activity.
Administrators can remove and lock or unlock external user accounts.
External users do not need a PIQNIC licence.
Internal users
Internal users can be created in three different ways:
- Individually using “Add user” button in the left panel.
- Individually using “Copy user” button in the top right panel.
- In bulk by using “Bulk upload users” button in the top left panel. Pop up screen provides the access to Excel file template that the bulk upload interface expects, as well as file selection and upload button to upload the list of users to be created in PIQNIC. Each created user will get an invite with the link to the set the password.
List of Internal users (each consuming a system license) is provided in the left panel and their details in the right panel, once the user is selected.
Internal users are known by their email address and first and last name, if provided.
Internal users can have other properties called user metadata. User metadata is managed in a separate section of the System Administration. User metadata fields can be read-only or updatable by the user, depending on their intended purpose.
User can be made a member of selected roles through Assigned Roles control. User properties (with exception of email which is used as a login) can be edited after clicking on “Edit” button in the top right corner.
In user configuration we can also lock or unlock user accounts or send a reset password invite using the button in the top right panel.
User account can be deleted using a button in the right top panel. Before deletion, the system will check whether there are any active tasks assigned to the user which will need to be re-assigned or removed before the user is deleted.
User metadata
Default set of user properties (email, fist, last name) can be expanded through user metadata.
List on the user metadata tab allows system administrators to manage these additional properties.
Each metadata field is defined with its name, type and size (optional):
- “Can Change” toggle makes field read only or allows users to change its value.
- Default (initial) value can be provided. Field can also have a pre-defined list of allowed values.
- Inheritance – Field can be set to be inherited (made part of) all user records. Alternatively, if one or more roles are selected the metadata field will only appear for members of selected roles.
Metadata fields assigned to a role can be used in creating searches and Save Profiles, as long as these searches and Save Profiles are also assigned to those same roles. (This is assuring that the metadata field will always have value at runtime when Search, Profile or Access Policy is executed).
Removal of a metadata field will be allowed only if there are no searches, access policies, profiles, storage or retention policies using it.
The following changes are allowed for existing metadata fields:
- Default value
- List of values – only new items can be added
- List of roles field is assigned to – only new roles can be added.
- User can change value flag.
Outbound email
Server configuration
This tab is used to provide configuration for the outbound email server used to send email notifications from PIQNIC.
Default setting enables PIQNIC’s own email service and does not require any further configuration.
If “Disable default email service” toggle is enabled Host, Port, User Name and Password fields can be edited to use any SMTP mail server that is publicly accessible.
“Test” button sends a test email to nominated email address to validate outbound email functionality.
Email templates
Admin selects the template to modify:
- document subscription
- document version subscription
- document email
- related document file
- consolidated events
- delegation notification
- task completion
- task completion with decision
- decision disputed
- task movement to another step
- new task document
- task assignment
- 2IC notification for project or task – (project notification will list all underlying task names)
- task due date expiration
- task active or inactive.
- task activity
- user invitation – when a user is created the user’s email is used to send the invitation to the platform to nominated email address – this email will have a link that will have to be followed at first login
- external user invitation – this template is used when an external user is added to the task or step
- password reset
- delegation deletion.
When Organisation is created, each of these templates is populated with default content.
Email templates have To, Subject and Message fields.
For each template’s field we can provide customised static text as well as some variables that are replaced at runtime:
- ObjectLink – Link to the object that raised the event (task or document).
- DocumentTitle – Available when event is raised by a document.
- DocumentVersion – Available when event is raised by a document version.
- TaskName – Available when event is raised by a task.
- ProjectName – Available when event is raised by a task that is part of the project or the project.
- UserEmail – Email of the user email is sent to.
- UserName – Name of the user receiving the message.
- UserFirstName – First name of the user receiving the email.
- UserLastName – Last name of the user receiving the email.
- TaskDueDate
- TaskDecision
- EventDateTime – Date and time when the even occurred.
- OrganisationName – Name of the organisation.
- TaskActivityType
- ActivityInitiator – ID of user initiating task activity.
- ActivityObjectName – Name of the artefact that was the subject of the activity (file title).
- UserType – User or watcher.
Syntax for these templates is documented here
Other Organisation Settings
- Timezone – Sets default timezone for the organisation. This can be overridden on individual user basis through user settings.
- Session timeout – Sets time for user session timeout for the Organisation.
- Lock account attempts – Locks user account after nominated number of unsuccessful logins.
- File size threshold for view – This setting is used to determine if supported file types will be displayed in the viewer in real time or offered for download when retrieving a document or its files.
- File size threshold for save – System will not allow saving of files exceeding the set threshold.
Custom S3
Provides configuration details for the organisation’s own S3 bucket.
In PIQNIC it is possible to define volumes to use customer controlled and managed S3 bucket as opposed to PIQNIC controlled S3.
This screen captures configuration and access information needed to access non-PIQNIC S3 bucket.
For more information on configuration details, contact your AWS administrator or Amazon Web Services directly.
Bulk activities
This screen provides list of background jobs that are running or are scheduled for the organisation.
These are low priority or schedule jobs and include:
- Document purge
- Log purge
- Volume reconciliation
- Backup
- Batch save.
The first three job types can be set to execute in “Low Usage Window” that is configured in the same screen to selected time windows at different weekdays.
Note: Set times are calculated for the organisation’s selected time zone. Each of these operations should be able to pause and resume if their execution cycle is not completed by the time this setting allows it to run.
Each listed job can be manually paused and resumed using buttons in the rightmost column of this panel.
File type and icon
This panel allows the setting of a file type-to-icon mapping.
Organisations can replace default icons or add new file type icons here.