User Accounts backup

jnewman67 · December 1, 2022, 10:42pm

New Manager user, still just trying things out to see if it’s a fit. Playing with the self-hosted Server version -v22-12-1-530, on Win10Pro.

I have it set up as a service (using NSSM), and found the Business data under C:\Windows\System32\config\systemprofile\AppData\Local\Manager - no problems there, found the 0000… file and the password file, and see that the Business.manager files end up there when created/imported/restored, and leave when deleted. That’s the location I’ll be concerned about when backing up the data, as well as the application location that I created when the software was installed and set up as a service.

However, I have searched the Guides and the Forum, but haven’t found out where the User data is stored, or how to back that up from within Manager. Where is that data stored, or how does one export/back that information up? are the 0000… and password file the files needed to preserve the User info?

I did a little testing, created 2 test Businesses, then created an admin user, and a restricted user (to one Business), and set the restrictions within that Business for just the Purchase functions. I made sure I could log into both Businesses with both users, then backed up both Businesses, then deleted both Businesses and both new users.

Restoring the Businesses did not restore the users globally, nor did it appear to restore their permissions within the Business either (maybe that doesn’t happen if they don’t already exist)…

Am I missing something, do something wrong, or does this not work as I expected it to (I figured it would recreate the User accounts that had access to the company files if they weren’t present when restored, as well as their permissions within that Business for that account, though not necessarily with their same password).

any help leading to a successful backup and recovery would be appreciated.

Thanks.

Ealfardan · December 1, 2022, 10:53pm

The user data is hidden for security reasons.

However, the user permission are part of the business file itself. So regarding this…

Once you restore your backups or import your businesses, go to Settings > User Permissions and just create new users matching the user permission entries.

lubos · December 1, 2022, 11:15pm

Right now, users are stored within 0000.... file. But I’d like to make this more intuitive and eventually I will be getting rid of 0000.... file altogether. If you lose 0000.... file, then you have to recreate users manually.

But user permissions are stored within individual business files. So if you have user permissions set up. That won’t be lost. When you recreate users manually and give them access to specific businesses, their user permissions within businesses don’t have to be set up again.

jnewman67 · December 2, 2022, 3:22am

EDIT: see my final post - this response turned out to be wrong. It does show the setup correctly, but my findings were wrong for some reason. I think my backups were done with the Project permission off

First, thanks for the quick response, and clarification on what files to back up. I’ll be trying that next
But, I’ve done as suggested. after deleting both Businesses, then deleting both users, I restored one of the Businesses, and checked and could see that the extra administrator user was still listed under User Permissions, and just had the Purchase permissions set. I then recreated that user, and logged in as that user, and the system told me that they had no permissions assigned to them yet. Maybe there is some basic level of permissions that NEEDS to be assigned just to navigate through opening the Business?

screenshots:
business_list

user_list

jnewman67 · December 2, 2022, 3:23am

the rest of the screenshots
purchase_perms

jnewman67 · December 2, 2022, 3:39am

just went through the same setup again, no issues with the setup of the test environment.

HOWEVER, i did notice that when I logged in as the restricted user using just the Projects and the 3 Purchase perms having been assigned, the only menu option available was Projects. There was no visible way to get to anything Purchase related.

I logged out and back in as Administrator, and removed the Projects permission from that restricted user, and when I logged in as the restricted user, I was able to see and open the TestCompany, but right after that it gave me the “no permissions assigned” error.

So it would appear that the Purchase permissions are either 1) either dependent on another set of permissions that aren’t automatically granted, or 2) there’s an error in giving access to that functionality based on the permissions assigned.

okay, off to back things up and delete them again, and see what happens.

Thanks.

jnewman67 · December 2, 2022, 2:37pm

Ok, I’m back to update/correct my findings, and give the test cases. My previous post indicated that a recreated user could not access a restored Business file - I proved that to be FALSE (setting the record straight) and proved to myself that the system is pretty resilient as well, and easy to backup and restore.

First, the setup is: self-hosted server, 2 Business files, 1 extra admin user, and 1 restricted user (restricted to 1 Business with just Project and Purchase perms). Backups of both Businesses were done through the web interface at this point. I also made a copy of all the files (4) in the Local/Manager folder at this time (2 .Manager files, 0000… and password).

For the first 3 tests (there are 5), the Businesses were removed through the web interface first, then both the extra users. Then Businesses were restored (various ways), and users recreated (in that order).

There are 3 ways to “restore” a Business file, and 1 way to restore Users - that’s what I tested.

Test 1 - after the above setup, Businesses were deleted, then extra users. To restore, the .Manager files were simply moved back out of the Manager/Trash folder into the Manager folder. Admin logged in, could see both Businesses, verified User Permissions for the restricted user were still present, and after recreating the extra users (as defined above), the restricted user could log in, restricted to just the permissions give. Worked as expected, no setbacks.

Test 2 - after the above setup, Businesses were deleted, then extra users. To restore, the Businesses were imported back into the system through the Add Business function, leaving the dates in the Business names (which come from the name of the backup files). Admin logged in, could see both Businesses, verified User Permissions for the restricted user were still present, and after recreating the extra users (as defined above), the restricted user could log in, restricted to just the permissions give. Worked as expected, no setbacks, however the Business names included a date in them.

Test 3 - was done the same as Test 2, but the backup files were renamed to remove the date from the filename before restoration. The results were identical, but the Business names were now cleaner, with no date in the Business name (this was the preferred result).

Test 4 - This simulated a catastrophic failure. I stopped the ManagerServer service, deleted all the files in Manager/Local folder, then copied in the manual copies I had made in the initial setup, and restarted the ManagerServer service. Worked as expected, no setbacks, all users and Businesses present.

Test 5 - This was just to test file corruption. After Test 4, without stopping the ManagerServer service, I deleted the 000… file. Attempts to log in with any user yielded SQLite server errors. The 0000… file had been recreated by the server. Restarting the ManagerServer service allowed the Admin to log back in, and both Businesses were there, but no extra users were present. I stopped the ManagerServer service again, copied in the manually backed up 0000… file from my backups, and started ManagerServer. Worked as expected, no setbacks, all users and Businesses present.

So, in summary, it seems 99% bulletproof as far as Business backups and manually copying the Local/Manager folder goes. I’m assuming the backups through the web interface are really just copying the .Manager files directly without any compression or conversion (like an SQL dump), so really, just copying the Local/Manager folder is the best backup. Easy to restore just users or just a business by moving files around. For users without direct access to the server, the Import and recreating users is the way to go.

A note on recreating users - the only part of the recreated user that needs to be identical is the Username - the Name and Password fields can be different (each time I recreated the restricted user, those were unique). The Business file appears to ONLY link to the user by the Username field. Not sure this is the most secure way to do this, as there is a scenario where one person could remove a user, then someone else could recreate that user, and if permissions weren’t removed when the user was, or weren’t set to None, then that recreated username would again have access to the Business. For recovery purposes this is convenient, but it would be better if there was a unique key involved, and when the username was recreated, there would be a check to see if relinking them to the company file was desired or not, then update the key assigned to the username in the Business file if desired.

My thoughts and findings - thanks.

Ealfardan · December 2, 2022, 9:47pm

That’s a good breakdown of how user access controls work in Manager but

That’s not entirely true. In addition to the business having the user permissions, the user must also be assigned to the business in the user screen, otherwise user gains no access.

Topic		Replies	Views
Where is the accounting file?	22	6047	January 18, 2023
Missing Business after Power Cut	22	2129	January 18, 2023
Backup with user permissions	12	1008	January 18, 2023
Database files	29	3273	January 18, 2023
[17.4.0] Phasing out "Application Data" folder in desktop edition	107	10196	January 18, 2023

User Accounts backup

Related Topics