You are currently viewing the User Control section of LimeSurvey.

From this point you can view and edit the security settings and user access rights for your script.

LimeSurvey security settings rely on the Apache directory security system. If you are not using the Apache web surver, you cannot use these security settings and you should initialise directory security using your servers standard methods.

Initialising Security
The first time you run security from LimeSurvey, it will 'initialise' the security settings. When it 'initialises', it creates a '.htaccess' file in your admin directory that restricts access to the admin directory to only those users in the '.htpasswd' file. The initial username and password are determined by the 'default' settings in your config.php file. Once you have initialised security succesfully, your browser will ask for this username and password before allowing you to continue using the administration scripts of LimeSurvey.

Adding Users
Once you have initialised security and 'logged in', you will be able to view the existing users on your system, add new users, delete users or modify users. This is fairly straight forward. In the list of users that displays, click on the "edit" button to modify an entry, or the "del" button to delete it. If there is only one entry in the user table you will not be able to delete that.

Turning Off Security
To turn off LimeSurveys security settings, click on the "Turn Off Security" button. This will delete the htpasswd, htaccess file and all user information from the directories.

Limitations of LimeSurvey Security
Until a more flexible security system is implemented, it should be remembered that the LimeSurvey security settings are an 'all-or-nothing' affair. Users either have access to ALL administration functions, or they have none. Eventually a system is planned that allows you to set levels of access. Note especially that the user security feature is accessible to all users, including the PLAIN-TEXT PASSWORDS.

Troubleshooting
If you are having trouble setting up security: