The Software Catalog app automatically manages user accounts, groups, and organizational hierarchy in Nextcloud based on data from OpenRegister. This guide explains how the system works from a user and administrator perspective.
When you are added to a contactgegevens object in OpenRegister, the system automatically:
- Creates Your Account: Generates a Nextcloud user account
- Sets Username: Creates username from your name fields (voornaam.achternaam)
- Assigns Groups: Adds you to appropriate groups based on your roles
- Sets Manager: Assigns your organization's beheerder as your manager
You may be automatically assigned to several types of groups:
- beheerder - Administrator/manager role with elevated permissions
- inkoper - Purchaser role with specific access rights
- Custom roles - Additional roles based on your organization's needs
- Organization-specific group - All members of your organization
- Example: 'gemeente_amsterdam' for Gemeente Amsterdam employees
- ambtenaar - Available for manual assignment (civil servant role)
The system automatically assigns managers:
- Your organization's beheerder becomes your manager
- If multiple beheerders exist, the most senior one is your primary manager
- Manager relationships are used for reporting and approval workflows
To view your groups and manager:
- Go to Nextcloud Personal Settings
- Your groups are visible in the account section
- Manager information may be displayed depending on your organization's setup
- Access Nextcloud Admin Settings
- Navigate to "Software Catalogus" section
- Select your register type (AMEF, Voorzieningen, or Generic)
- Configure schema IDs for each object type
- Save configuration
- Create a test contactgegevens object in OpenRegister
- Check Nextcloud Users section to verify account creation
- Check Groups section to verify group creation
- Monitor logs for any processing errors
Viewing Users:
- Go to Nextcloud Admin Settings → Users
- Users created by Software Catalog will have:
- Username format: voornaam.achternaam
- Group memberships based on roles
- Manager relationships (stored in preferences)
Manual User Operations:
- You can manually modify users, but changes may be overwritten
- Role changes should be made in OpenRegister contactgegevens objects
- Group memberships will be automatically updated
Automatic Groups: The system creates these groups automatically:
- 'beheerder' - Administrator role
- 'inkoper' - Purchaser role
- 'ambtenaar' - Civil servant role (manual assignment)
- Organization-specific groups (e.g., 'gemeente_amsterdam')
Manual Group Operations:
- You can create additional groups manually
- Automatic groups will be recreated if deleted
- Manual group assignments may be overwritten by automatic processing
When organizations are created/updated in OpenRegister:
- Group Creation: Each organization gets its own group
- Name Sanitization: Organization names are converted to safe group names
- Group Assignment: Group ID is stored back to the organization object
Beheerder Assignment:
- First user in an organization automatically gets 'beheerder' role
- Additional beheerders can be assigned manually in OpenRegister
- Oldest beheerder becomes primary manager for the organization
Manager Relationships:
- All users get the organization's primary beheerder as manager
- Multiple beheerders get the primary beheerder as their manager
- Manager relationships are stored in user preferences
Monitor Nextcloud logs for:
- User creation events
- Group assignment changes
- Manager relationship updates
- Processing errors
Log Examples:
SoftwareCatalog: Successfully processed contactgegevens creation
SoftwareCatalog: Added user to role-based group: beheerder
SoftwareCatalog: Set user manager: john.smith → jane.doe
Users Not Created:
- Check schema configuration matches OpenRegister
- Verify contactgegevens objects have required fields (voornaam, achternaam)
- Check event processing logs for errors
Groups Not Assigned:
- Verify 'roles' property is properly formatted array
- Check if groups exist and are accessible
- Verify user has permission to be added to groups
Manager Relationships Missing:
- Check organization has beheerders assigned
- Verify 'organisation' property links to correct organization UUID
- Check beheerder users exist and are active
Consistent Data Entry:
- Ensure consistent naming in contactgegevens objects
- Use proper role names ('beheerder', 'inkoper')
- Maintain accurate organization linkages
Role Management:
- Assign beheerder role thoughtfully - they become managers
- Use role-based groups for permission management
- Document custom roles and their purposes
Large Organizations:
- Monitor processing time for large user batches
- Consider staging large imports
- Watch for resource usage during bulk operations
Event Processing:
- Events are processed automatically and immediately
- Failed events are logged for manual review
- System handles concurrent events safely
To add new role-based groups:
- Code Modification: Update SoftwareCatalogueService
- Documentation: Document new role meanings
- Testing: Verify assignment works correctly
For organization-specific needs:
- Event Listeners: Add custom event processing
- Service Extensions: Extend existing service methods
- Custom Groups: Implement special group logic
Monitor user creation and assignment:
- Track new users created per month
- Monitor group membership changes
- Analyze manager relationship patterns
Track organizational data:
- Organization group sizes
- Beheerder distribution
- Manager hierarchy depth
Group-Based Permissions:
- Use automatic groups for folder access
- Implement role-based app permissions
- Configure file sharing by group membership
Manager-Based Security:
- Manager relationships for approval workflows
- Hierarchical access to subordinate data
- Delegation of administrative tasks
User Information:
- Manager relationships stored in user preferences
- Group memberships visible to group administrators
- Contact data synchronized from OpenRegister
Audit Trail:
- All user creation logged
- Group assignment changes tracked
- Manager relationship changes recorded
Folder Structure:
- Use organization groups for shared folders
- Role-based access to specific directories
- Manager access to subordinate folders
Approval Processes:
- Manager relationships for approval chains
- Role-based workflow assignments
- Organization-specific process routing
User Data:
- Group memberships backed up with Nextcloud
- Manager relationships in user preferences
- Configuration stored in app settings
Recovery Procedures:
- Groups automatically recreated on next event
- Manager relationships re-established during processing
- Configuration can be restored from backups
When updating the Software Catalog app:
- Backup First: Always backup before updating
- Test Configuration: Verify settings after update
- Monitor Processing: Watch for changes in behavior
When changing systems:
- Export Configuration: Save schema mappings
- Document Customizations: Record any custom logic
- Test Thoroughly: Verify all functionality works
Log Analysis:
- Enable debug logging for detailed information
- Search logs for 'SoftwareCatalog' entries
- Include relevant log excerpts when reporting issues
Documentation Resources:
- Architecture documentation for technical details
- Configuration guide for setup instructions
- API reference for integration development
Best Practices Sharing:
- Document successful configurations
- Share custom role implementations
- Contribute improvements back to the project