Defining Users

Defining a New User

When you create a new user in the database, you define the user's first and last name, user name in the database, and set a password. Additionally, you can add an email address and set superuser status.

To define a new user, from the Define Users window under the Security menu:

Define the Account Name, which is the user name a user specifies upon login to the application. The account name is often prefixed with OPS$ but this prefix is not required.
Enter the user's First Name and Last Name. The first name and last name appear in the menu bar when this user is connected to TMS.
Set the Super User? field to either Yes or No. If this person is a superuser then no Data Access Group information is stored (see Assigning Data Access Groups to a User). Superusers have access to all data. Only superusers can run the following jobs and reports:
- All Disconnected System Integration (DSI) jobs, including importing and exporting data
- Autoprocess VTAs
- Predict VTA/VTI Report
- Site Impacts Report
- Omission Impacts Report
- Cross Dictionary Impacts
- X Areas with Outstanding Changes
- Classification Statistics Report
- Date Comparison
- Dictionary Comparison
- Dictionary Export
Set the Load User? field to either Yes or No. If set to Yes, this person can load dictionaries into the predictionary tables. Most TMS users do not need this ability.
(Optional) Enter a Comment about this user. Comment information can help administrators identify users, and thus maintain each user's privileges more effectively.
(Optional) Enter an Email Address for the user. This field is added to support future functionality.
Click Create Schema. The "Password to be Assigned to User Account Name" window opens.
Enter and confirm the password for this user, and click OK.

If the password entries match, TMS adds this user to the OPA_ACCOUNTS table and TMS_ACCOUNTS table, and grants the TMS_ACCESS role to the account. Proceed to Assigning and Revoking Roles to assign additional roles for this user.

Parent topic: Defining Users

Assigning and Revoking Roles

TMS uses menu-based security, so roles give a user access to particular TMS menus or windows. The TMS role TMS_MAINTAIN_PRIV, for example, allows a TMS user to use all of the windows and batch jobs under the Repository Maintenance menu.

This section describes how to assign roles to, and revoke roles from, a TMS user.

For more information, see:

Parent topic: Defining Users

Assigning Roles to a User

To assign roles to an account:

Select the user in the Define Users window, then click Assign Roles.

The "Roles to be Assigned to User Account Name" window opens, displaying the TMS roles that this account does not currently have.
Highlight the roles you want to grant to this account. You can Shift-click to select multiple consecutive rows, or Ctrl-click to select multiple non-consecutive rows.
Click OK. TMS grants the role or roles you selected to this account.

Parent topic: Assigning and Revoking Roles

Revoking Roles from a User

To revoke roles for an account:

Select the user in the Define Users window, then click Revoke Roles.

The "Roles to be Revoked from User Account Name" window opens, displaying the roles currently granted to this account.
Highlight the roles you want to revoke from this account. You can Shift-click to select multiple consecutive rows, or Ctrl-click to select multiple non-consecutive rows.
Click OK. TMS revokes the role or roles you selected to this account.

Parent topic: Assigning and Revoking Roles

Changing a User's Password

You can change any user's password in a database where you have administrator privileges.

To change a user's password:

Start a SQL*Plus session as SYSTEM.
Issue the following alter user command:

alter user username identified by new_password

Parent topic: Defining Users

Assigning Data Access Groups to a User

Data Access Groups (DAGs) work in conjunction with roles to control a user's access to TMS data. You can use them to fine tune the data that a particular user or class of users can operate on. For example, the user with TMS_MAINTAIN_PRIV would still be able to access all of the windows and batch jobs under the Repository Maintenance menu, but if you also assign a DAG that only allows access to MedDRA, then he would see only items relevant to MedDRA.

If a person is designated as a superuser in the Define Users window, he or she belongs to all DAGs and has access to all data.

To assign a DAG:

Select the user in the Define Users window, then click Assign DAGs.

The "Assign DAGs to user Account Name" window opens. If the user has been assigned any DAGs, they are listed.
Place the cursor in an empty field under Dag Name. From the LOV, select the DAG to assign.
Click OK. TMS assigns the DAG or DAGs you selected to this account.

Parent topic: Defining Users

Migrating Account Information from Oracle Clinical

This section applies only to TMS installations that are integrated with Oracle Clinical.

TMS stores general user account information in the OPA_ACCOUNTS table and TMS-specific user account information in the TMS_ACCOUNTS tables. See the Oracle Thesaurus Management System Technical Reference Manual for details.

If you have already set up user accounts in Oracle Clinical, you can migrate all account information from ORACLE_ACCOUNTS to OPA_ACCOUNTS, as follows:

In TMS, go to Security, then select Define Users.
Click Get O*Clinical Account Data.

The system inserts all records from the ORACLE_ACCOUNTS table into the OPA_ACCOUNTS table. The default comment text for each record is "Maintained in Oracle Clinical."
Set up TMS-specific security for each user:
- Either set their Superuser flag to Yes in the Define Users window or assign a Data Access Group; see Assigning Data Access Groups to a User.
- Assign roles as required; see Assigning Roles to a User.
- Give dictionary loading privileges if required; see Defining a New User.
- Set password; see Defining a New User.

You must continue to maintain these accounts in Oracle Clinical.

Parent topic: Defining Users