Skip Headers
Oracle® Database Lite Administration and Deployment Guide
10g (10.3.0)

Part Number B28922-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

4 Managing Users and Groups

This chapter describes how to manage users and groups using the Mobile Manager. The following topics are covered in this chapter:

4.1 Managing Users and Groups

The following sections discuss how to manage users. Topics include:

4.1.1 What Are Mobile Server Users?

The Administrator or User of Mobile Server user types are described in the following sections:

Note:

Do not confuse Mobile Server users with database users. Each Mobile Server user is authenticated by the Mobile Server for access to applications and appropriate publications. The Mobile Server users are not used to access data on the database.

4.1.1.1 Mobile Server User Privilege: Administrator

Any user created with the user privilege of administrator can perform any of the following functions:

  • The administrator user can be a general user when logging in to a Mobile application on a device, which is the same as described in Section 4.1.1.2, "Mobile Server User Privilege: User".

  • The administrator can publish applications either through the Packaging Wizard or through the Mobile Manager.

  • The administrator has authorization to use the Mobile Manager.

Once an administrator user is created, it must be associated with the Mobile Manager in the same manner that an ordinary Mobile Server user is associated with any application. See Section 4.1.1.3, "Associating Mobile Server Users With Published Applications" for more information on this process.

4.1.1.2 Mobile Server User Privilege: User

The Mobile Server user with privilege of user is created only for accessing and synchronizing published applications and its data. The user has a specific username/password for synchronizing the application from a device.

Note:

The username or password is limited to a maximum of 28 characters long.

Thus, this Mobile Server user enables access to a particular Mobile application and its publication items. That is, in order for the Windows CE or other devices to be able to synchronize and retrieve a snapshot of data from the database, the Mobile Server validates that the username/password that is entered is valid for the application. If it is, then Mobile Server enables the device to retrieve the snapshot that is indicated by the publication items packaged with the application.

After creating the user, the administrator associates the user with the published applications from which this user will receive data. In addition, if any of the publication items require a parameter to be set, the administrator also sets this parameter for each user. See Section 4.1.1.3, "Associating Mobile Server Users With Published Applications" for more information.

4.1.1.3 Associating Mobile Server Users With Published Applications

Any user that wants to use an application must be associated with that application by an administrator user in the Mobile Manager. In order to associate Mobile Server users with applications, a Mobile Server administrator performs the following:

  1. Package and publish an application with appropriate publication(s).

  2. Create one or more users or groups that will use the application to retrieve data from the database down to a device. See Section 4.1.3, "Adding New Users" for more information.

  3. Associate the users or groups with the application. See Section 4.2.1, "Grant or Revoke Application Access to Users" for more information.

  4. Optionally, if the application has parameters, also known as data subsetting, that are set for each user or group, define these parameters for each user or group. See Section 4.3, "Managing Application Parameter Input (Data Subsetting)" for more information.

4.1.2 Displaying Users

You can see what users and groups have been created with all information relevant to users—such as user names and so on.

To display individual users, logon to the Mobile Manager and click the Mobile Manager link in the Workspace. As displayed in Figure 4-1, the Mobile Servers Farm page is displayed.

Figure 4-1 Mobile Server Farms Page

The Mobile Server Farms page.
Description of "Figure 4-1 Mobile Server Farms Page"

Click your Mobile Server name link. Your Mobile Server home page appears. Click the Users link. As Figure 4-2 displays, the Users page lists existing groups and individual users.

4.1.2.1 Enabling OID Users

By default, the users defined for access within Mobile Server are contained within the Mobile repository. However, you can specify to use OID as the repository for all users. In this case, you can migrate any existing users from the Mobile Server repository into OID. For details on using OID, see Section 4.1.7, "Managing OID Users in the Mobile Server"; for details on how to migrate users to OID, see Section 6.2.7, "Migrate Your Users From the Mobile Server Repostory to the Oracle Internet Directory" in the Oracle Database Lite Getting Started Guide.

Mobile Server is aware of which users were migrated into OID and marks them as "enabled" for use within Oracle Database Lite. By default, all users created within OID are not "enabled" for use within Oracle Database Lite. All OID users are displayed, but are not enabled for Mobile Server. You can enable these users within OID by checking the Enabled box next to the name on the Users screen. This box is only displayed in the case where OID is used as the repository for the users.

4.1.2.2 Searching Group Names or User Names

To search for a group name or individual user name, enter the group name or user name in the Search field and click Go. The Users page displays the search result under the Group Name or User Name column.

4.1.3 Adding New Users

To add a new user, navigate to the Users page and click Add User. As Figure 4-3 displays, the Add User page appears and lists the requisite criteria to register user properties.

To register user properties for new users, enter the following:

4.1.3.1 Define Username and Password

To add a new user, enter data as described in the following table.

Table 4-1 Add User Page Description

Field Description

Display Name

Name used to display as Mobile Server user name.

User Name

Name used to logon to the Mobile Server.

Password

Optional. Password used to logon to the Mobile Server.

Password Confirm

Optional. To confirm the above mentioned password, re-enter your password.

Privilege

Lists available privileges for the Mobile Server user.

  • The Administrator option provides privileges to modify Mobile Server resources.

  • The User option provides access for registered users to the Mobile Server.

For a description of each privilege type, see Section 4.1.1, "What Are Mobile Server Users?" and Section 4.1.3.2, "Assign Priviledge".


Note:

User names and passwords can only contain single-byte characters and cannot contain characters such as ', ", @ ,% or blank spaces.

4.1.3.2 Assign Priviledge

Users can be assigned the following privileges.

  • Administrator: Manages the Mobile Server and its components, publishes and manages applications, and provides application access to groups and users. See Section 4.1.3.2.1, "Administrator" for more information.

  • User: Accesses published applications. See Section 4.1.3.2.2, "User" for more information.

4.1.3.2.1 Administrator

Once an administrator user is created, it must be associated with the Mobile Manager in the same manner that an ordinary Mobile Server user is associated with any application. The Mobile Manager is similar to any other mobile application. It provides the following privileges to the administrator.

  • To logon to an application on a device, the administrator can use administrator as the user name and password.

  • The administrator can publish applications either through the Packaging Wizard or through the Mobile Manager.

  • The administrator has authorization to use the Mobile Manager.

4.1.3.2.2 User

The Mobile Server user is assigned user privileges and is created for being associated with published applications. The user is provided a user name and password for logging in to an Oracle Lite client and accessing applications from a device. When a user synchronizes with the Mobile Server, the Mobile Server validates the user name and password that is provided by a user and downloads the corresponding applications and snapshots to the client.

After creating a user, the administrator associates the user with a published application. The user can then access such applications and receive data. If any of the publication items require a data subsetting parameter to be set, the administrator sets this parameter for each user.

4.1.3.3 Specify Device Policy

Specify the device policy as follows:

  • Register Device: To indicate device registration for the group, select True.

  • Software Update: To indicate the device software update type, select the appropriate option. For example, to update the user's devices with major updates, select this option. To indicate the update date, select the date picker and choose the software update date.

To add the new user and record the device policy, click OK.

4.1.4 Duplicating Existing Users

You can duplicate the privilege and device policy of an existing user in creating a new user. On the main User page, as shown in Figure 4-2, select the user that you want to duplicate and then click Create Like. This brings you to a screen where you can enter the following:

Table 4-2 Add User Page Description

Field Description

Display Name

Name used to display as Mobile Server user name.

User Name

Name used to logon to the Mobile Server.

Password

Optional. Password used to logon to the Mobile Server.

Password Confirm

Optional. To confirm the above mentioned password, re-enter your password.


For more information on privileges and device policy, see Section 4.1.3, "Adding New Users".

4.1.5 Deleting Groups or Individual Users

As an administrator, you can delete groups or individual users from the system. To permanently delete groups or individual users from the system, select the Delete check box against the group name or individual user name that you want to delete, and click Delete. The Mobile Manager seeks your confirmation to delete the chosen group or user name. Click Yes. You will be returned to the Users page.

4.1.6 Adding New Groups

If you have several users that require access to the same application, you can bypass adding access rights for each user by including these users in a group. Once all of the users are included in a group, then assign access to the intended application to the group; at this point, all users in the group have access to the application.

As an administrator, you can add a new group that accesses the Mobile Server. To add a new group, navigate to the Users page and click Add Group. As Figure 4-4 displays, the Add Group page appears and lists the requisite criteria to register user group properties.

Figure 4-4 Add Group Page

This image displays the Add Group page.
Description of "Figure 4-4 Add Group Page"

Enter the new group name in the Group Name field and click OK.

4.1.7 Managing OID Users in the Mobile Server

If you want, you can use the Oracle Internet Directory (OID) for storing and retrieving user information instead of the Mobile Server Repository. To facilitate using OID, you must first migrate all user information from the repository into OID. Once migrated, you can use OID instead of the repository.

OID is part of the OracleAS application server.

If you decide to use OID users (from OracleAS), then after you install the application server and Oracle Mobile Lite, perform the following:

  1. If you currently have installed the Mobile Server and have existing users in the Mobile Server, then you must migrate any existing Mobile users to OID (See Section 3.2.7, "Migrate Your Users From the Mobile Server Repository to the Oracle Internet Directory" in the Oracle Database Lite Getting Started Guide).

  2. Set the SSO_ENABLED parameter in the webtogo.ora file to YES. In the Mobile Manager, migrate Administration tab and select Edit Config file. This is the webtogo.ora file.

  3. Restart the application server. When you modify the SSO_ENABLED parameter, the Mobile Server modifies the application server configuration.

  4. Enable OID users for the Mobile Server. See Section 4.1.2.1, "Enabling OID Users".

    Note:

    When you navigate to the Users page in the Mobile Manager, all OID users are displayed. Add any new users through OID. On this page, you can only enable OID users for use within the Mobile Server or change the password.

    To enable OID users for the Mobile Server, select the user and click Enable.

  5. Assign the appropriate application to these users. As with any Mobile Server user, you must grant access to the appropriate applications. See Section 4.2.1, "Grant or Revoke Application Access to Users" for more information.

4.2 Managing Access Privileges for Users and Groups

The Mobile Server Administrator grant access privileges to Mobile applications by designating the users that can access these applications. The following sections describe the access feature of the Mobile Server:

4.2.1 Grant or Revoke Application Access to Users

The following sections describe how an administrator can grant or revoke application access to users and groups:

4.2.1.1 Grant Application Access to Users

The administrator can grant access to applications for specific users within the Mobile Manager, as follows:

  1. Navigate to the Users page. Click the specific user name to which you wish to give access. This user's Properties page appears.

  2. Click Access. The Access page displays a list of published applications.

  3. Select the checkbox next to each application that you wish to give access to for this particular user.

  4. Click Save.

As Figure 4-5 displays, the Access page displays a list of available applications for the user Jack. Select the applications that you want Jack to have access to and click Save. In this example, Jack is given access to Sample1, Sample3, Sample4, Sample6, and Sample7 applications.

Figure 4-5 Granting Application Access

This image displays the Access page.
Description of "Figure 4-5 Granting Application Access"

4.2.1.2 Revoke Application Access to Users

To revoke application access to any user, clear the check box displayed against an application name and click Save.

Note:

Granting application access to an entire group gives each user in the group, access to the application. For directions on how to include or exclude any user from a group, see Section 4.2.2, "Include or Exclude Users from Group Based Access".

4.2.2 Include or Exclude Users from Group Based Access

The following sections describe how the Administrator can include or exclude users from group based access:

Using the Mobile Manager, you can modify group based access privileges to include or exclude users requiring access to Mobile applications. To modify group based access privileges, click the Users link. The Users page lists existing groups and individual users.

Include Users in a Group

To include users into a group, do the following:

  1. Navigate to the Users page. Click the username of the user you wish to include in a group. The user Properties page appears.

  2. Click Groups.

  3. Select the group name that you want to include the user into.

  4. Click Save.

Note:

Existing users with privileges for group based access only can be excluded from group based access.

Now the user takes on the access for all applications to which the group has access. In order for the group to be given access to additional applications, follow the instructions in Section 4.2.1, "Grant or Revoke Application Access to Users". However, instead of selecting a particular user, select the group instead.

Exclude Users from a Group

To remove a user from any group, do the following:

  1. Navigate to the Users page. Click on the username of the user you wish to exclude from a group. The user Properties page appears.

  2. Click Groups.

  3. Clear the group name that you want to exclude the user from.

  4. Click Save.

Figure 4-6 displays the Clear Group page for the Public Group. If you wanted to clear Jack from this group, you would uncheck the checkbox next to Jack's name and click Save.

Figure 4-6 Clear Group Page

The Group page with its users.
Description of "Figure 4-6 Clear Group Page"

4.2.3 Grant or Revoke Application Access to Groups

Once you have the users that you want in a group, you must indicate what applications that the group has access to. In order to assign application access to groups, you have to add the access rights off the application page. See Section 3.6.1, "Grant Application Access to Users and Groups" for directions.

4.3 Managing Application Parameter Input (Data Subsetting)

If the application that this user accesses requires one or more parameters to determine what data is retrieved from the database, you set these parameters, also known as data subsetting, within the user configuration in Mobile Manager.

Note:

You can only set the parameter values once a user has been granted access to the application. See Section 4.2, "Managing Access Privileges for Users and Groups" for instructions.

For example, if you have an application that retrieves the customer base for each sales manager, the application needs to know the sales manager's identification number to retrieve the data specific to each manager. The identification number, in this example, is the application parameter required that is associated with this user. Thus, if you set up each sales manager as a unique user and set their identification number in the data subsetting screen, then the application is given that unique information and can replace it appropriately in the application.

  1. Navigate to the Users page. Click the specific user name to which you wish to give access. This user's Properties page appears.

  2. Click Data Subsetting. The Data Subsetting page enables the administrator to add parameter input for this user. This displays all of the applications that the user is associated with.

  3. Select the application for which you want to add the parameter value.

  4. Enter the parameter values for the application.

  5. Click Save.

4.4 Assigning Application Roles to Users

When the developers design any OC4J or Web-to-Go application, they can include functionality that is enabled based on the role that the user is assigned. For example, if you have a manager and employee role in an application, the user who is assigned the manager role may have other options available to view on the application GUI. These options would not show up for those users who are assigned the employee role. See Section 7.2.2, "Application Roles" in the Oracle Database Lite Developer's Guide for information on how to programmatically create and grant these roles.

Once the application is deployed, all roles are displayed and can be assigned to any user in the Mobile Manager. You can assign roles either through the Mobile Manager or through the wsh script. This section describes how to assign users to certain roles for an OC4J or Web-to-Go application.

Figure 4-5 displays the User page for Jack. Notice that there is a column for Roles. If you click the pencil icon in this column, you can see the roles that have been created in the application. For example, if we click on the pencil icon for the Sample3 application, as shown in Figure 4-7, we see that two roles have been created in this application: Manager and Special Role. Select the checkbox next to any of the roles to which you want Jack to be added. In this case, the Manager role is checked, so Jack will be added to the Manager role.

Figure 4-7 Add Jack to the Sample3 Application Manager Role

Add User to Role
Description of "Figure 4-7 Add Jack to the Sample3 Application Manager Role"

4.5 Creating an Administrator

As referenced in the previous sections, to create any user, including administrators, you must do the following:

  1. Create one or more users or groups that will use the application to retrieve data from the database down to a device. See Section 4.1.3, "Adding New Users" for more information.

  2. Associate the users or groups with the application. See Section 4.2.1, "Grant or Revoke Application Access to Users" for more information.

  3. Optionally, if the application has a parameter, also known as data subsetting, that is set for each user or group, define the parameters for each user or group. See Section 4.3, "Managing Application Parameter Input (Data Subsetting)" for more information.

Thus, to create an administrator, you would do the following:

  1. Create a user with the name of the administrator that you want, with the privilege of administrator.

  2. Navigate to the Access tab for this new administrator and check the checkbox next to Mobile Manager.

You now have a new administrator user. You can log into your Mobile Manager with this user's name and password.

4.6 Manually Adding Devices for a User

Normally, when you download and install a client, the device is registered automatically for the user. There are two instances where you may need to manually add the device:

To add a device for an individual user, navigate to the specific user's page and perform the following:

  1. On the Users page, select the user for which you want to add a device.

  2. Click Devices. All currently registered devices for this user appear.

  3. Click Add. The Create Device screen (as shown in Figure 4-8) appears.

    Figure 4-8 Manually Add Device to User

    Description of Figure 4-8 follows
    Description of "Figure 4-8 Manually Add Device to User"

  4. Enter the device information, as described in Figure 4-8, and click OK to add the device for this user:

Table 4-3 Device Information

Device Field Description

Language

Select the language that the platform will use. The default is English.

Name

Configure a user-defined name for the device.

Platform

Select the platform for this device.

Address

The device address indicates the unique network identifier of a device. The device address must have a corresponding Network Provider associated with it. To transmit data to a device, the DMS uses the Network Provider associated with the address object. For example, RAPI, HTTP, WOR, SMTP. To enable a communication link between the DMS and the DMC, the Administrator must create a proper device address for all devices. In the Address field, enter the device address.

Network Provider

To specify the network provider, click the Network Provider box and choose the required network provider from the list displayed.


Once added, the user can now synchronize the device to retrieve their applications and related snapshots.

4.7 Set Update Policy for Software Updates for the User

You can control whether a new version of an application software is downloaded on each client. Modify the update policy attribute of the user with the Software Update pulldown to the appropriate update that you want, as follows:

In addition, you can specify the date that the update occurs.