5 Managing Users and Groups

This chapter describes how to manage users and groups using the Mobile Manager. The following topics are covered in this chapter:

5.1 Managing Users and Groups

The following sections discuss how to manage users. Topics include:

5.1.1 What Are Mobile Server Users?

The Administrator or User of Mobile Server user types are described in the following sections:


Note:

Do not confuse Mobile Server users with database users. Each Mobile Server user is authenticated by the Mobile Server for access to applications and appropriate publications. The Mobile Server users are not used to access data on the database.

5.1.1.1 Mobile Server User Privilege: Administrator

Any user created with the user privilege of administrator can perform any of the following functions:

  • The administrator user can be a general user when logging in to a Mobile application on a device, which is the same as described in Section 5.1.1.2, "Mobile Server User Privilege: User".

  • The administrator can publish applications either through the Packaging Wizard or through the Mobile Manager.

  • The administrator has authorization to use the Mobile Manager.

Once an administrator user is created, it must be associated with the Mobile Manager in the same manner that an ordinary Mobile Server user is associated with any application. See Section 5.1.1.3, "Associating Mobile Server Users With Published Applications" for more information on this process.

5.1.1.2 Mobile Server User Privilege: User

The Mobile Server user with privilege of user is created only for accessing and synchronizing published applications and its data. The user has a specific username/password for synchronizing the application from a device. Thus, this Mobile Server user enables access to a particular Mobile application and its publication items. That is, in order for the Palm, Windows CE, or other devices to be able to synchronize and retrieve a snapshot of data from the database, the Mobile Server validates that the username/password that is entered is valid for the application. If it is, then Mobile Server enables the device to retrieve the snapshot that is indicated by the publication items packaged with the application.

After creating the user, the administrator associates the user with the published applications from which this user will receive data. In addition, if any of the publication items require a parameter to be set, the administrator also sets this parameter for each user. See Section 5.1.1.3, "Associating Mobile Server Users With Published Applications" for more information.

5.1.1.3 Associating Mobile Server Users With Published Applications

Any user that wants to use an application must be associated with that application by an administrator user in the Mobile Manager. In order to associate Mobile Server users with applications, a Mobile Server administrator performs the following:

  1. Package and publish an application with appropriate publication(s).

  2. Create one or more users or groups that will use the application to retrieve data from the database down to a device. See Section 5.1.3, "Adding New Users" for more information.

  3. Associate the users or groups with the application. See Section 5.2.1, "Grant or Revoke Application Access to Users" for more information.

  4. Optionally, if the application has parameters, also known as data subsetting, that are set for each user or group, define these parameters for each user or group. See Section 5.3, "Managing Application Parameter Input (Data Subsetting)" for more information.

5.1.2 Displaying Users

You can see what users and groups have been created with all information relevant to users—such as user names and so on. If you are using OID as your repository, then the users that exist within OID are also displayed, but are not enabled for Mobile Server. You can enable these users within OID by checking the Enabled box next to the name on the Users screen.

To display individual users, logon to the Mobile Manager and click the Mobile Manager link in the Workspace. As displayed in Figure 5-1, the Mobile Servers Farm page is displayed.

Figure 5-1 Mobile Server Farms Page

The Mobile Server Farms page.
Description of the illustration ms_farms.gif

Click your Mobile Server name link. Your Mobile Server home page appears. Click the Users link. As Figure 5-2 displays, the Users page lists existing groups and individual users.

Figure 5-2 Users Page

The Groups and Users page for this Mobile Server.
Description of the illustration mmusers.gif

Searching Group Names or User Names

To search for a group name or individual user name, enter the group name or user name in the Search field and click Go. The Users page displays the search result under the Group Name or User Name column.

5.1.3 Adding New Users

To add a new user, navigate to the Users page and click Add User. As Figure 5-3 displays, the Add User page appears and lists the requisite criteria to register user properties.

Figure 5-3 Add User Page

The Add User page.
Description of the illustration mmaduser.gif

To register user properties for new users, Table 5-1 describes values that must be entered in the Add User page.

Table 5-1 Add User Page Description

Field Description
Display Name Name used to display as Mobile Server user name.
User Name Name used to logon to the Mobile Server.
Password Optional. Password used to logon to the Mobile Server.
Password Confirm Optional. To confirm the above mentioned password, re-enter your password.
Privilege Lists available privileges for the Mobile Server user.

  • The Administrator option provides privileges to modify Mobile Server resources.

  • The User option provides access for registered users to the Mobile Server.

For a description of each privilege type, see Section 5.1.1, "What Are Mobile Server Users?"

Enter the user information as described in the above table and click OK.


Note:

User names and passwords can only contain single-byte characters and cannot contain characters such as ', ", @ ,% or blank spaces.

Deleting Groups or Individual Users

As an administrator, you can delete groups or individual users from the system. To permanently delete groups or individual users from the system, select the Delete check box against the group name or individual user name that you want to delete, and click Delete. The Mobile Manager seeks your confirmation to delete the chosen group or user name. Click Yes. You will be returned to the Users page.

5.1.4 Adding New Groups

If you have several users that require access to the same application, you can bypass adding access rights for each user by including these users in a group. Once all of the users are included in a group, then assign access to the intended application to the group; at this point, all users in the group have access to the application.

As an administrator, you can add a new group that accesses the Mobile Server. To add a new group, navigate to the Users page and click Add Group. As Figure 5-4 displays, the Add Group page appears and lists the requisite criteria to register user group properties.

Figure 5-4 Add Group Page

This image displays the Add Group page.
Description of the illustration mmadgrp.gif

Enter the new group name in the Group Name field and click OK.

5.1.5 Managing OID Users in the Mobile Server

If you want, you can use the Oracle Internet Directory (OID) for storing and retrieving user information instead of the Mobile Server Repository. To facilitate using OID, you must first migrate all user information from the repository into OID. Once migrated, you can use OID instead of the repository.

OID is part of the Oracle9iAS or OracleAS application server.

If you decide to use OID users (from OracleAS), then after you install the application server and Oracle Mobile Lite, perform the following:

  1. If you currently have installed the Mobile Server and have existing users in the Mobile Server, then you must migrate any existing Mobile users to OID (See Section 3.6, "Migrate Your Users From the Mobile Server Repository to the Oracle Internet Directory" in the Oracle Database Lite Getting Started Guide).

  2. Set the SSO_ENABLED parameter in the webtogo.ora file to YES. In the Mobile Manager, migrate Administration tab and select Edit Config file. This is the webtogo.ora file.

  3. Restart the application server. When you modify the SSO_ENABLED parameter, the Mobile Server modifies the application server configuration.

  4. Enable OID users for the Mobile Server.


    Note:

    When you navigate to the Users page in the Mobile Manager, all OID users are displayed. Add any new users through OID. On this page, you can only enable OID users for use within the Mobile Server or change the password.

    To enable OID users for the Mobile Server, select the user and click Enable.

  5. Assign the appropriate application to these users. As with any Mobile Server user, you must grant access to the appropriate applications. See Section 5.2.1, "Grant or Revoke Application Access to Users" for more information.

5.2 Managing Access Privileges for Users and Groups

The Mobile Server Administrator grant access privileges to Mobile applications by designating the users that can access these applications. The following sections describe the access feature of the Mobile Server. Topics include:

5.2.1 Grant or Revoke Application Access to Users

This section enables an administrator to grant or revoke application access to users and groups. Topics include:

Grant Application Access to Users

The administrator can grant access to applications for specific users within the Mobile Manager, as follows:

  1. Navigate to the Users page. Click the specific user name to which you wish to give access. This user's Properties page appears.

  2. Click Access. The Access page displays a list of published applications.

  3. Select the checkbox next to each application that you wish to give access to for this particular user.

  4. Click Save.

As Figure 5-5 displays, the Access page displays a list of available applications for the user Jack. Select the applications that you want Jack to have access to and click Save. In this example, Jack is given access to Sample1, Sample3, Sample4, Sample6, and Sample7 applications.

Figure 5-5 Granting Application Access

This image displays the Access page.
Description of the illustration mmuacess.gif

Revoke Application Access to Users

To revoke application access to any user, clear the check box displayed against an application name and click Save.


Note:

Granting application access to an entire group gives each user in the group, access to the application. For directions on how to include or exclude any user from a group, see Section 5.2.2, "Include or Exclude Users from Group Based Access".

5.2.2 Include or Exclude Users from Group Based Access

This section enables the Administrator to include or exclude users from group based access. Topics include:

Using the Mobile Manager, you can modify group based access privileges to include or exclude users requiring access to Mobile applications. To modify group based access privileges, click the Users link. The Users page lists existing groups and individual users.

Include Users in a Group

To include users into a group, do the following:

  1. Navigate to the Users page. Click on the username of the user you wish to include in a group. This user's Properties page appears.

  2. Click Groups.

  3. Select the group name that you want to include the user into.

  4. Click Save.


Note:

Existing users with privileges for group based access only can be excluded from group based access.

Now the user takes on the access for all applications to which the group has access. In order for the group to be given access to additional applications, follow the instructions in Section 5.2.1, "Grant or Revoke Application Access to Users". However, instead of selecting a particular user, select the group instead.

Exclude Users from a Group

To remove a user from any group, do the following:

  1. Navigate to the Users page. Click on the username of the user you wish to exclude from a group. This user's Properties page appears.

  2. Click Groups.

  3. Clear the group name that you want to exclude the user from.

  4. Click Save.

Figure 5-6 displays the Clear Group page for the Public Group. If you wanted to clear Jack from this group, you would uncheck the checkbox next to Jack's name and click Save.

Figure 5-6 Clear Group Page

The Group page with its users.
Description of the illustration mm_cleargrp.gif

5.2.3 Grant or Revoke Application Access to Groups

Once you have the users that you want in a group, you must indicate what applications that the group has access to. In order to assign application access to groups, you have to add the access rights off the application page. See Section 4.5.1, "Grant Application Access to Users and Groups" for directions.

5.3 Managing Application Parameter Input (Data Subsetting)

If the application that this user accesses requires one or more parameters to determine what data is retrieved from the database, you set these parameters, also known as data subsetting, within the user configuration in Mobile Manager.


Note:

You can only set the parameter values once a user has been granted access to the application. See Section 5.2, "Managing Access Privileges for Users and Groups" for instructions.

For example, if you have an application that retrieves the customer base for each sales manager, the application needs to know the sales manager's identification number to retrieve the data specific to each manager. The identification number, in this example, is the application parameter required that is associated with this user. Thus, if you set up each sales manager as a unique user and set their identification number in the data subsetting screen, then the application is given that unique information and can replace it appropriately in the application.

  1. Navigate to the Users page. Click the specific user name to which you wish to give access. This user's Properties page appears.

  2. Click Data Subsetting. The Data Subsetting page enables the administrator to add parameter input for this user. This displays all of the applications that the user is associated with.

  3. Select the application for which you want to add the parameter value.

  4. Enter the parameter values for the application.

  5. Click Save.

5.4 Assigning Application Roles to Users

When the developers design any Web-to-Go application, they can include functionality that is enabled based on the role that the user is assigned. For example, if you have a manager and employee role in an application, the user who is assigned the manager role may have other options available to view on the application GUI. These options would not show up for those users who are assigned the employee role. See Section 4.2.2, "Application Roles" and Section 2.5.5, "Granting Roles" in the Oracle Database Lite Developer's Guide for information on how to programmatically create and grant these roles.

Once the application is deployed, all roles are displayed and can be assigned to any user in the Mobile Manager. You can assign roles either through the Mobile Manager or through the wsh script. This section describes how to assign users to certain roles for a Web-to-Go application.

Figure 5-5 displays the User page for Jack. Notice that there is a column for Roles. If you click the pencil icon in this column, you can see the roles that have been created in the application. For example, if we click on the pencil icon for the Sample3 application, as shown in Figure 5-7, we see that two roles have been created in this application: Manager and Special Role. Select the checkbox next to any of the roles to which you want Jack to be added. In this case, the Manager role is checked, so Jack will be added to the Manager role.

Figure 5-7 Add Jack to the Sample3 Application Manager Role

Add User to Role
Description of the illustration mmaddrole.gif

5.5 Creating an Administrator

As referenced in the previous sections, to create any user, including administrators, you must do the following:

  1. Create one or more users or groups that will use the application to retrieve data from the database down to a device. See Section 5.1.3, "Adding New Users" for more information.

  2. Associate the users or groups with the application. See Section 5.2.1, "Grant or Revoke Application Access to Users" for more information.

  3. Optionally, if the application has a parameter, also known as data subsetting, that is set for each user or group, define the parameters for each user or group. See Section 5.3, "Managing Application Parameter Input (Data Subsetting)" for more information.

Thus, to create an administrator, you would do the following:

  1. Create a user with the name of the administrator that you want, with the privilege of administrator.

  2. Navigate to the Access tab for this new administrator and check the checkbox next to Mobile Manager.

You now have a new administrator user. You can log into your Mobile Manager with this user's name and password.

5.6 Manually Adding Devices for a User

Normally, when you download and install a client, the device is registered automatically for the user. There are two instances where you may need to manually add the device:

  • As an administrator, you could hand a device that is fully loaded with the Mobile client software, but is not assigned to any user or application. After handing the device to your user, you can add their user information, application access, and device that they are using manually.

  • When you hand someone the Mobile client software on an installation CD, then the installation does not register the device manually—since it is not connected to Mobile Server. Thus, for each user that you provide the Mobile client software from an install CD, you will have to add the device to this user.

To add a device for an individual user, navigate to the specific user's page and do the following:

  1. On the Users page, select the user for which you want to add a device.

  2. Click Devices. All currently registered devices for this user appear.

  3. Click Add. The Create Device screen (as shown in Figure 5-8) appears.

    Figure 5-8 Manually Add Device to User

    Description of add_device.gif follows
    Description of the illustration add_device.gif

  4. Enter the device information, as described in Figure 5-8, and click OK to add the device for this user:

Table 5-2 Device Information

Device Field Description
Language Select the language that the platform will use. The default is English.
Name Configure a user-defined name for the device.
Platform Select the platform for this device.
Address  
Proicer Key  
Network Provider  

Once added, the user can now synchronize the device to retrieve their applications and related snapshots.

5.7 Set Update Policy for Software Updates for the User

You can control whether a new version of an application software is downloaded on each client. Modify the update policy attribute of the user with the Software Update pulldown to the appropriate update that you want, as follows:

  • All updates—Include major and minor updates.

  • Major—The devices attached to this user receives only major software updates. This is the default.

  • Minor—The devices attached to this user receives only minor software updates.

  • Disable updates—The devices attached to this user does not receive any software updates.

In addition, you can specify the date that the update occurs.