Manage Users
Overview
The Rights Management is subdivided into two functions. One is the user management, which you access through the tab 'User' and the Roles Management, which you access through the tab 'Roles'. In the following, the user is responsive to the management. Make sure, that the user, which can set or edit the accounts has the command of Global Right 'Setup waveware user'. Only then the necessary fields are visible on the card staff.
The dialog shows an overview of existing users in the left area. The table is filterable, sortable and customizable. In the following example illustration, for example filtering is done by the entry "Building services" in the department catalog.
When filtering is activated, a maximum number of users to be displayed is shown in the lower area of the window. This is set to 200 by default, but can be increased or decreased as required. Combined filtering is also possible. To reset filtering, remove the entry from the table header.
The fields 'Staff ID' and 'Login Name' are internal fields, which is why you cannot set the field tag for these fields. As a result, these two fields were not displayed in the optional field arrangement. Starting with waveware 11.200.1652, the fields are always displayed with an optional field arrangement without having to be marked with the field tag.
If you select a user from the user list, the user is in focus and all information, buttons and role assignments on the right side of the dialog relate to this user.
Create User
You can create new users, that can log in waveware, through the object type 'Staff' in waveware. Open the ribbon 'Resources' and click the button 'New' in the object type 'Staff'. Fill in the mandatory fields:
- The username, which the new user must enter during his waveware registration, is entered in the field 'Login name' (Field ID: 18545).
- Specify the entry "Staff" in the field 'User type' (Field ID: 795) to indicate waveware, that this user may register in waveware.
- In the field 'Password' (Field ID: 841), the password of the user is to be recorded.
After saving, you can assign Roles and rights to the new users.
Password Security
The password, with which the user logs in, is defined during the creation of a new user. For that, a field 'Password' is available on the staff card (see 'Create User').
In the Supervisor Options, that are to be accessed through the DataManagement, the authorized persons can make general settings for the user password under the path
System \ System (0) \waveware \ Security.
- Minimal length
In the first setting, you specify the minimal length of the password. The default minimal length has 8 characters. If you enter for example "0", you enable the input of empty passwords. - Validity duration
The validity duration describes the number of days, that the user can login with his password, before changing it. The function is disabled by default (the value "0" is entered). If the password is expired after the time, that was set in the Supervisor Option, the user gets a relevant message after the login attempt and can set here a new password under the data of the old one.
This expires again after the set time. The new password that the user specifies for himself, must not coincide with the old one. The number of passwords that this test comprises, can be set in the option 'Last used passwords' (see below). - Complexity
Moreover, it can be set, whether the password must meet various complexity requirements (case sensitivity, numbers, special characters). A password, that is given to a user, must meet the set criteria. This also applies when the user changes his own password in the ribbon 'Extras' under 'Change Password' in waveware. This setting is activated by default. - No login name in the password
If the option 'Password may not contain the login name' is active (disabled by default), the username cannot be used in the password input. - Not allowed terms
A text field accepts terms at this point, that may not be contained in a user password. You can input any terms by separating them with a semicolon, e.g.: "Pass;Password;Login;123". No term is entered by default. - Last used passwords
In order to disable the user to use one of the previous passwords when changing the password, it can be set in this option, how many passwords last used are registered and may not be used by the user. For example, if the value "3" is set here, a user specifies a new character sequence three times when changing a password, before he may use the first used password again during the fourth password change.The counting of the last used password refers only to password changes, that the user makes himself. When defining a password through the card or Multi, the test is not effective.
Through the Rights Assignment when Creating Roles, you can set for each role, whether the password guidelines are active, so should apply or not. It is set by default, that the guidelines apply.
When you want to disable the password guidelines, select the role, for which the guidelines are to be disabled and remove the tick from 'Password guideline active?' under the tab 'Settings'.
The password guidelines cannot be changed for the Role 'Supervisor', as this role cannot be changed for security reasons. Guidelines, that the Supervisor has set in the Supervisor Options, apply to him personally during the next password change.
Assign Roles
Roles are assigned to the existing users. Select a user from the list by clicking on them. The roles assigned to this user and other available roles are then displayed in the middle of the window. Click on a role from the 'Available Roles' area and drag and drop it into the 'Assigned Roles' area to assign this role to this user.
Likewise, roles can be removed by a user, by dragging them from the area of the assigned roles with the mouse rightwards to the available roles.
Click 'Save' to complete the role assignment.
Copy User
To copy a user, select the desired user from the user list and click the 'Copy' button. In the open dialog window, you can choose username and password for the copy. With the click on the Save, the process is completed.
Remove User
You can deprive the existing user of the right to register in waveware anytime, by opening the staff card of the concerned user and emptying the field 'User Type' (Field ID: 795). Then, the user cannot login anymore in future.
Reset User Password
Occasionally, it is necessary for an administrator to reset the password of a particular user. For this purpose, the function 'Reset password' exists in the Rights Management dialog. Select the user, whose password you want to reset and activate the button.
The password of this user is emptied without a query and it must not be specified anymore during the user`s login.
Logging of all Logins
Every user access in waveware can be logged. This function is always activated via a Supervisor Option.
Under the path
System / System / System (0) / waveware / Security
the logging of user access can be activated or deactivated. It is deactivated by default.
If logging is activated, the 'Access statistic' transaction is available in waveware under the 'Staff' resource.
All user accesses with status, date and time are documented here. The access can thus be evaluated with the common waveware tools (Selection, Dashboard).
Edit DEF World
Through special DEF files, the look of the input screen as well as the offered fields for one or more users can be individually changed.
A DEF world shift makes sense, when several DEF worlds were set through the Designer beforehand (e.g. "DEF technician" or "DEF Service Staff"). The default entry is always main DEF world "def". The default entry applies to a case, that the field 'DEF World' remains empty. For each user, it can be decided, which DEF World should find application.
To assign for example the (previously created in the Designer) DEF world "DEF Employee" to a user, enter this term in the field 'DEF world' (Field ID: 840) on the card of the Object type 'Staff'.
Consider also the exact spelling, otherwise the user get an error message during the login in waveware.
Outlines
To retain the view through the assigned rights, restrictions and client rights of all users, Rights Management offers a set of overviews. Hereby, the specifications (e.g. rights, restrictions etc.) of all the roles assigned to a user, are taken into account.
Review User Rights
Roles through which the rights are given, affect additively the universal rights of the users. When you assign three roles to a user, it obtains all rights, which are given in these roles.
To be able to recognize quickly, which rights arise for the user by the virtue of the assigned roles to him, click the button 'User Rights Overview'. The open dialog window contains a overview of all allocated rights:
Restrictions Overview
The restrictions, which work for a user, consist of all roles-data restrictions. A click on the button 'Restrictions Overview' delivers the 'Restrictions Sum' of the currently selected users.
Client Rights Overview
A click on the button 'Client rights overview' delivers a dialog window with a overview of all clients, which may use all the currently selected users.
System Users
System users execute important operations, which guarantee smooth operation in waveware. You, exactly as each user, have Staff-Object available and gain your rights assigned to the roles. This system user cannot be used for the manual registration, for example through the Login screen in the waveware Client. In general, all the system users have administrator authorizations, which are to be restricted only in exceptional cases. Moreover, they should be neither renamed nor deleted.
- SYSTEMHEARTBEAT
Under this user, the 'Server.Beat'-Rules run. They are periodically implemented and are mostly executed in the context of the waveware server, independently of the waveware Client. - SYSTEMDASHBOARD
The Dashboard-System user applies the defined KPI rules of the dashboard. You can get further information on the dashboard and its KPI (Key Performance Indicator) under 'Dashboard'. - SYSTEMSAP
If the waveware server is called through the SAP module, the required changes are executed according to this system user. - SYSTEMNAVISION
The system user 'SYSTEMNAVISION' executes operations, which are requested by the Navision-Interface.