User Management Module

3 User Management Module

The User Management screen manages users and templates used in the SMS. It contains the following tabs:

User. See Users.
Template. See Assigning Templates.
Template Creation. See Creating User Templates.
Quality of Service. See Quality of Service.

Users and templates

Each user's access to the SMS is defined by which templates they have been allocated. Each template specifies which parts of the SMS the user has access to, and what actions they can take in each part.

Users

The User tab of the User Management screen enables you to create and maintain user accounts in the SMS.

When you create a new SMS user, the SMS assigns the Oracle profile defined in the defaultOracleProfile parameter in the eserv.config file to the new user. If the defaultOracleProfile parameter is not defined, the SMS assigns the standard Oracle profile to the new user by default. The Oracle profile includes the password verification function that determines the specific conditions for a valid password, such as the minimum length, number of digit characters, and so on. When you create or edit a user's password, the SMS verifies that you have entered an acceptable password by applying the verification function that is specified in the Oracle profile.

See Service Management System Technical Guide for more information about assigning Oracle profiles to new users.

User fields

This table describes the function of each field.

Field	Description
User Name	User name of the user. May be any combination of alphanumeric or special characters that produce a valid Oracle user name. This is the name Oracle assigns when adding new users; it cannot change. In the event that a user name must change, you must delete the account and add a new user with the correct name. This field is compulsory.
Full Name	Full name of this user. This is used is for identification of records in the find screens and for reporting purposes. This field is compulsory.
Description	Description of the user. This is used is for identification of records in the find screens and for reporting purposes. This field is optional.
Configuration	Configuration options for the user. These include Language, Tracing, or any other supported Java configuration. Multiple configuration options must be separated with a semicolon. Format: option=value; option=value; ... Where: option is configuration option. value is a supported parameter for that option. Example: LANGUAGE=ENGLISH For more information about the available configuration options, see Valid configuration options.
Quality of Service	The Quality of Service drop down list enables you to specify the level of service this user will be provided. It is populated by the Quality of Service tab. For more information about configuring service levels, see Quality of Service.
Lock Reason	Displays the reason that a user has been locked out of the database. This field is normally blank. If for any reason it is populated, the user will have no access to the system. This field may be populated by either the system or manually. If the Temporary Account Lock Enabled check box is not selected, the system will populate this field. If a user fails to log in to the system in three attempts, the system locks the account and the following text appears in the lock reason field: `LOCKED: Failed login, maximum attempts exceeded.` For more information about locked accounts, see Locked users. Warning: When you create a user, leave this field blank to avoid creating a locked account.
Lifetime (days)	Number of days before user is required to change their password. This is used in combination with today's date to calculate the expiry date of the user's password. The expire date is calculated when a password is changed. If this field is left blank, the user's password will never expire.
Expiry Date	Date when a user's password expires. After this date has expired, the user will not be allowed access to the database. This field will be automatically populated when the password lifetime is set and the password is changed. Formula: SYSTEM DATE + Password Lifetime = Password Expiry Date
Temporary Account Lock Enabled	If this check box is selected, after too many consecutive failed attempts to login, the system will set a time-based-lock. If this check box is not selected, after too many failed attempts to login the system will save data to the Lock Reason field.
Temporary Account Lock Time (minutes)	Minutes the system will add to the system date to calculate when a time-based-lock expires. Will accept either any value between 1 and 1440 (1 day). If no value is supplied, the time-based-lock will remain active until deactivated by the Reset Temporary Time Lock button.
Temporary Account Lock Expiry	If a time-based-lock has been triggered for this user, this field displays the date and time when the lock will expire. Note: This field is cleared when one of the following occurs: The account's password is successfully changed The user logs in successfully after the lock expiry date has been passed
Account Expiry Set	If this check box is selected, the account will expire at the time specified in the Account Expiry Date fields. Note: If this box is selected, but the Account Expiry Date fields do not specify a date, the account will never expire.
Account Expiry Date	If the Account Expiry Set check box is selected, these fields set the time the account will expire. If the current date is later than the date set in these fields, the account will be locked. Note: When you set these fields, the date they specify must be between 1 day and 1 year in the future.

Valid configuration options

Configuration Option	Description
TRACE	Can be set to 'TRUE', 'ON' or '1'. This turns tracing on in the java console. Default is off.
LANGUAGE	Can be set to any valid language, but value must exist as a file in the following directory: /IN/html/sms/language directory/ value .lang If this field is empty, the default language for the system will be used. For more information about setting up additional languages, see Service Management System Technical Guide.

Configuration Option

Description

TRACE

Can be set to 'TRUE', 'ON' or '1'. This turns tracing on in the java console. Default is off.

LANGUAGE

Can be set to any valid language, but value must exist as a file in the following directory:

/IN/html/sms/language directory/ value .lang

If this field is empty, the default language for the system will be used.

For more information about setting up additional languages, see Service Management System Technical Guide.

Adding users

Follow these steps to add a new user account.

If the fields on the User tab are populated with user data, click Clear.

Result: The data in the fields will be removed.
In the User Name field, enter the user's username as it will appear in the system.
In the Full Name field, enter the user's full name.
In the Description field, enter a description for the user.
In the Configuration field, enter the language for the user.
In the Quality of Service field, select the appropriate service level for the user from the drop down list.
In the Password Details section, enter the number of days for expiry of the password in the Lifetime field or enter a specific expiry date in the Expiry Date field.

Note: Setting the number of days until expiration or expiry date configures the user's Oracle database profile password expiration interval. The default profile expiration interval of UNLIMITED (for Oracle 10g databases) or 180 days (for Oracle 11g databases) is used if no value is specified for the new user here.

See the Oracle Database Security Guide for the version of Oracle database you are using for a detailed description of how to use password management and protection.
Click Set Password.

Result: You see the Set SMS User Password screen.
Enter and confirm the user's temporary password and click OK. See Setting the User Password.
If you want to set up a time-based-lock on the account, select the Temporary Account Lock Enabled check box, and enter the number of minutes a triggered lock will remain active for in the Temporary Account Lock Time (minutes) field.
If you want to set an expiry date for this account, select the Account Expiry Set check box and set the date the account will expire in the Account Expiry Date fields.
Click Save.

Result: A User Details confirmation prompt is displayed.
Click OK.

Changing a user

Follow these steps to change a user's account details.

Find the required user on the User tab. See Using the Find Screens.
Change the user's details as required.
Click Save.

Deleting users

Follow these steps to delete an existing user account.

Find the required user on the User tab. See Using the Find Screens.
Click Delete.

Result: The Delete Confirmation prompt will appear.
Click OK.

Result: The user account will be deleted from the database.

Adding Quality of Services

Follow these steps to add a new quality of service definition.

In the User Management screen, select the Quality of Service tab.
If the fields are populated with data, click Clear.
In the Name field, enter the name of this quality of service definition.

Note: If the name is the same as an existing record, this process will update the existing record instead of creating a new record.
In the Description field, type a description of this quality of service definition.
In the Timeout field, enter the number of seconds a user can be inactive before their connection to the database is closed.
In the Maximum Load field, enter the CPU load percentage above which the user's connection to the database will be closed.
Click Save.

Results:
- The details will be saved to the database
- The Save Quality Of Service prompt will appear to confirm that the record has been saved.
Click OK.

Locked users

Users can be locked out by three methods:

When a system administrator saves any data in the Lock Reason field on the User tab
By using an invalid user name and password combination three times in a row
When their account has expired

If a user is locked out due to invalid login attempts:

An entry is added to the SMF_AUDIT table in the SMF database recording the users, terminals and times of invalid login attempts
One of the following occurs:
- The system saves data to the Lock Reason for the user
- If time-based-locking is enabled, a time-based-lock is triggered for the user

Unlocking a locked user

Follow these steps to unlock the user's account:

Find the required user on the User tab. See Using the Find Screens.
If there is data in the Lock Reason field, delete it. Find the required user on the User tab. See Using the Find Screens.
If the Temporary Account Lock Expiry field is showing an expiry date for a time-based-trigger, click Reset Temporary Account Lock.
If the account has expired, set the Account Expiry Date fields to a date in the future.
Click Save to save the changes.
Reset the user's password. For instructions about resetting passwords, see Creating a password.

Setting the User Password

This screen enables you to create a user's temporary password. The following screen appears when creating a user's password for the first time.

The user will be prompted to change the password after successfully logging onto the system for the first time.

Password fields

The table below describes the function of each field.

Field	Description
New Password	User password. For security purposes, it is advisable to enter a password of at least 6 to 8 characters in length.
Confirmation	Confirmed password.

Field

Description

New Password

User password.

For security purposes, it is advisable to enter a password of at least 6 to 8 characters in length.

Confirmation

Confirmed password.

Creating a password

Follow these steps to create a new temporary user password.

On the User tab of the User Management screen, click Set Password.

Result: The Set SMS User Password screen will appear.
In the New Password field, enter the password.

Note: An error message displays if you enter an invalid password.
In the Confirmation field, re-enter the password to confirm it.
Click OK.

Result: The new password will be set.

Creating User Templates

When assigned to a user, a user template specifies what parts (screens and tabs) the user is able to access. Each part has access permissions.

Access permissions may be one or more of the following types:

Read
Modify
Create
Delete
Access
Execute

If a part is not allocated to a user's template, the functionality provided by the part will not be available to the user.

The Template Creation tab on the User Management screen allows you to create, modify, and delete user templates.

Template Creation fields

The following table describes the function of each field on the Template Creation tab.

Field	Description
Template Name	The name of the template. The name must be unique. The Template Name field is compulsory.
Description	A description of the template. A description is required is for identification of records in the find screens and for reporting purposes. The Description field is compulsory.
Available Permissions	A list of parts and associated permissions available to the template. You can expand or contract the list. To expand or contract individual parts, click the + or - symbol. To expand or contract the whole list, right-click anywhere in the Available Permissions field. From the menu, select the required option. The options are: - Expand All - Expand to First Level - Collapse All The create, delete, modify and read permissions are arranged in a hierarchy where a permission at one level also includes permissions for levels below it. The order of permissions, with 1 being the highest, is: 1. CreateDelete 2. ReadModify 3. ReadOnly For example, if you choose CreateDelete, you also receive permission to modify and read. The access and execute permissions are not part of the create, delete, modify and read hierarchy. You can assign only one permission level for any part.
Allocated Permissions	A list of parts and associated permissions allocated to the template. You can expand or contract the list and delete parts from it. To expand or contract individual parts, click the + or - symbol. To expand or contract the whole list, right-click anywhere in the Allocated Permissions field. From the menu, pick the option you require. The options are: Delete Selection Expand All Expand to First Level Collapse All To delete a part, see Removing a permission from a template.

Creating a template

Follow these steps to create a user template.

If any of the Template Name, Description or Allocated Permissions fields contain information, click Clear.
Type a unique name in the Template Name field.
Type a description of the template in the Description field.
In the Available Permissions field, expand the branch of the list you are interested in: click the + symbol adjacent to the branch name.

Result: The contents of the Available Permissions list expands to show all parts and permissions for the branch selected.
Search the branch for the part you want to assign to the template.

Move the mouse pointer over the required permission.

Hold down the left mouse button and drag the permission into the Allocated Permissions field.

Result: The selected part and permission appears in the Allocated Permissions field.

Note: Multiple selections are allowed by holding down Ctrl when selecting.
After you have added all the permissions you require, click Save.

Result: The new user template is saved to the database.

Changing a user template

Follow these steps to change a user template.

If necessary, locate and open the template: click the Find button. See Using the Find Screens.
To add a new permission, follow steps 4 and 5 of the previous procedure.
To change a permission:
1. Search the list in the Available Permissions field for the part to change.
2. Move the mouse pointer over the new permission.
3. Hold down the left mouse button and drag the permission into the Allocated Permissions field.
Result: In the Allocated Permissions field, the permission for the selected part changes.
Click Save.

Result: The changed user template is saved to the database.

Removing a permission from a template

Follow these steps to remove a permission from a user template.

If necessary, locate and open the template: click the Find button. See Using the Find Screens.
In the Allocated Permissions field, move the mouse pointer over the permission you want to remove, left-click and then right-click.

Result: The right-click menu appears.
Pick Delete Selection from the menu.

Result: The selected part and permission disappears from the Allocated Permissions field.
Click Save.

Result: The selected part and permission is removed from the user template.

Deleting a user template

Follow these steps to delete a user template.

Note: You cannot delete a template that is currently defining a user's access.

If necessary, locate and open the template and click the Find button. See Using the Find Screens.
Click Delete.

Result: The Deleting confirmation prompt appears.
Click OK.

Result: The template is deleted from the database.

Assigning Templates

The Template tab of the User Management screen enables you to allocate existing templates to a user. The user will have whatever permissions are specified in the templates they are allocated.

Template fields

The table below describes the function of each field.

Field	Description
User Name	Name of the user whose template allocation is currently being defined.
Available Templates	List of all templates available on the system.
Allocated Templates	List of templates allocated to a user. A user may only access those parts of the SMS and associated services which are defined in the templates in the Allocated Templates list. In addition to giving access to the various parts, templates also give various levels of access (that is, Read only, Read/Modify, and Create).

Field

Description

User Name

Name of the user whose template allocation is currently being defined.

Available Templates

List of all templates available on the system.

Allocated Templates

List of templates allocated to a user.

A user may only access those parts of the SMS and associated services which are defined in the templates in the Allocated Templates list.

In addition to giving access to the various parts, templates also give various levels of access (that is, Read only, Read/Modify, and Create).

Assigning a template to a user

Follow the steps below to assign a template to a user.

Find the required user on the Template tab. See Using the Find Screens.

Result: The User to assign a template to will appear in the User Name field.
In the Available Templates list, select the template to assign to the user.
Click Add.

Result: The template will appear in the Allocated Templates list.
Click Save.

Result: The details will be saved to the database.

Removing a template allocation

Follow these steps to remove a template from a user.

Find the required user on the Template tab. See Using the Find Screens.
Click on the required template in the Allocated Templates list.
Click Remove.

Result: The template will be removed for the Allocated Templates list.
Click Save.

Result: The changes will be saved to the database.

Quality of Service

The Quality of Service tab of the User Management screen enables you to add, edit or delete a Quality of Service record. Quality of Service records enable you to provide different levels of service to different users.

Quality of Service fields

The table below describes the function of each field.

Field	Description
Name	Name of this quality of service record.
Description	Description of this quality of service record.
Timeout	Maximum number of seconds inactivity before a user's database connection is closed. Allowed values: 0 300 through 999999 If set to 0, the connection will never be terminated.
Maximum Load	The maximum percentage of non-reserved database connections used before a user with this quality of service cannot log in. Example: If 50% of the non-reserved connections are in use: A user with maximum load set to 30% will not be able to log in (and will be presented with a message stating that they have insufficient priority to log in), but A user with maximum load set to over 50% will be able to successfully log in. Allowed values: 0 1 though 100 If this value is set to 0, users with this quality of service will always be able to log in. Notes: The system reserves: A number of connections for Oracle and the SMS system processes A connection for each user whose quality of service has maximum load set to 0 Any remaining connections are available for users whose quality of service maximum load is in the range 1-100. Oracle will impose a limit as specified in the processes parameter in the initSMF.ora file in $ORACLE_HOME/dbs directory on the SMS.

Automatic reconnect

The connection will be re-created when the user subsequently uses the system in such a way as to need a database connection.

Note: If the user's maximum load parameter indicates a new connection from them would be denied, their reconnection will fail.

Adding Quality of Services

Follow these steps to add a new quality of service definition.

In the User Management screen, select the Quality of Service tab.
If the fields are populated with data, click Clear.
In the Name field, enter the name of this quality of service definition.

Note: If the name is the same as an existing record, this process will update the existing record instead of creating a new record.
In the Description field, type a description of this quality of service definition.
In the Timeout field, enter the number of seconds a user can be inactive before their connection to the database is closed.
In the Maximum Load field, enter the CPU load percentage above which the user's connection to the database will be closed.
Click Save.

Results:
- The details will be saved to the database
- The Save Quality Of Service prompt will appear to confirm that the record has been saved.
Click OK.

Edit a Quality of Service

Follow the steps below to modify an existing quality of service record.

Find the quality of service to change. See Using the Find Screens.
Change the quality of service fields as required.
Click Save.

Deleting a Quality of Service

Follow these steps to remove an existing quality of service record.

Find the required quality of service. See Using the Find Screens.
Click Delete.

Result: If the user:
- Has permission to delete a quality of service and the quality of service is not currently in use, the Deleting Quality of Service prompt will appear.
  
  Go to step 3.
- Does not have permission to delete a quality of service and/or the quality of service is in use, a dialog box will be displayed indicating that the action is not allowed.
Click OK.

Result: The quality of service record will be deleted from the database.