The user management is an essential part of the security system to manage
and authorize all individuals with access to the application. After initially
activating the security policy only the administrator user will have access
to the software. Depending on the selected security policy the administrator
needs to manually add new users or simply needs to activate existing user
accounts from the windows system. The main features of the user management
User Information - shows details about the user
Account Activation - enables or disables the account
- controls access to individual software functions by assigning permission
The user management dialog consist of three main fields, the user list,
user information and password settings:
The user list shows all users that potentially have access to the application.
The list contents slightly differ depending on the selected security policy:
Software Security Policy - the list shows all users
that have been added by the user management system.
Windows Security Policy - the list shows the complete
user list of the selected windows system/LDAP-server
By selecting a user in the list all of his account details can be managed.
User accounts that are disabled are depicted with a special icon:
New User are added to list by clicking the New
Userbutton. Existing using can be deleted
by clicking the Deletebutton.
These buttons will not be available when using the Windows Security Policy.
The user information field manages detailed information about the user:
Used to show/enter the full user name.
Used to show/enter a description of the user account. This field will
be disabled when using the Windows Security Policy since this information
is provided by the operating system.
Used to show/enter the department of the user.
This checkbox controls the state of the selected user account. The
user account is enabled if the checkbox is checked. A user account may
be automatically disabled if a wrong password has been entered to many
times in a row. Details about this feature can be found in the chapter
"Password Policy". Disabled
accounts are displayed with a special icon:
Assigns a permission scheme to the user account. Permission schemes
are used to manage access to the applications menus and software functions.
For example: Access to the security functions of the software can be denied
to all user except the administrator using a permission scheme. The software
offers a few predefined permission schemes. Permission schemes can be
edited using the "Edit permission scheme" function and may alternatively
assigned using the "Assign permission schemes" command. Please
review the chapter "Permission Schemes"
for a detailed description.
Assigns a signature role to the user account. Signature roles are similar
to permission schemes but they manage access to data instead of software
functions. By assigning a user to a signature role he may be granted or
denied the rights to view, copy, modify and delete certain kinds of data.
Signature roles are organized in Data Access hierarchy levels. Please
review the chapter "Data Access
Control" for detailed description.
The password settings manage the password options for a user. This field
will be disabled when using the Windows Security Policy since the operating
system is handling the password settings.
Used to assign/change the user password.
The password must be entered again to avoid accidental typing errors.
User must change password
at next login:
Activating this checkbox forces the user to change his password on
the next login.
User cannot change password:
Forces to user to keep the password that was assigned by the administrator.
Additional global password functions (minimum length, expiration interval
etc.) may be determined using the command "Edit Password Policy"
in the Security menu. Please review the chapter "Password
Policy" for details.