|
SPS Security Utility
One added benefit of utilizing groups to classify
users is the ability to define attributes to groups using the Attribute Editor
program for Groups. In this manner,
additional information may be designated to allow better organization and
reporting of users on a system. For
example, a group’s supervisor or cost-center may be listed as an attribute so
that reports can be filtered on this data. Choose “Groups” from the combo-box found in the
upper-left corner of the Security utility to receive the application necessary
to modify groups. Choose New to
create a new group under the highlighted group (if no groups exist, only the
name of your company will appear in the tree).
Remember that the highlighted group becomes the parent group and thus
will have the ability to give to the new group only those powers that have been
defined to it.
Provide a Name for your new group and then allow
access to any desired applications listed under the “Permissions” tab. Establishing application permissions for a
group (and users as shown below) requires checking the check box next to each
application and service listed in the Permissions tab. The group may have various levels of access
to each application. If the application
allows for multiple levels of permissions, you can check the check box next to
each sub-level (service) after checking the application. For example, you may want a group to have
the ability to view contact information about the customers in your database,
but not be able to add, edit or delete those customers. You can check all of the categories, along with any
sub-categories using the “Check All” button, but beware that this may provide
the user with unlimited access to the system (based on your ability to give the
power). You should use the “Check All”
to quickly select all items then uncheck those items in which you do not wish
to grant access powers. You can uncheck
all categories by choosing the “Clear All” button.
Once you have saved your changes, your group now
appears in the group tree under the parent that was chosen.
You may view and edit the group by choosing the
group from the group tree and then clicking the Open button. You will receive the same screens that were
used to add the group with the addition of any saved information. After making any changes, choose Save
to write the data to the system.
You may delete a group by choosing the group from
the group tree and then clicking the Delete button. If a group has any users assigned to it, you
may NOT delete the group until you have either (1) deleted the users of that
group or (2) assigned a different group to the user by using the “Group” tab of
the User’s application (see discussion below).
The Inherit button causes the highlighted
group from the group tree to be configured with the same “type” ownership as
its parent group. Types represent system-wide
definitions such as “Customers” or “Employees”. By inheriting type ownership, a group can have access to much of
the same information as its parent. See
the section titled “Type Definitions” for more information.
All SPS groups have certain built-in attributes
pertaining to the maintenance task of password management. Specifically, the required minimum length of
user passwords and the expiration periods of passwords provide an administrator
the ability to ensure that only authorized users access the SPS. By default, these password attributes are
turned on and can be found in the Attributes tab of the Security utility for
Groups. Attributes for Groups can be
modified from the Attribute Editor – Groups application found in the SPS Main
Menu under the Users tab. As discussed
above, additional useful attributes that can be defined for groups may include
“Department Supervisor” or “Cost center”.
See the SPS
AttributesTM section of this manual for more information on
creating new attributes or modifying existing attributes found in the
Attributes tab of the Security utility.
SPS provides the ability to designate on a
group-by-group basis the specific contact category that is displayed upon
access to the SPS
Contact Manager application. If no
category has been selected, then the first contact category listed in the
contact category selection combo box of the Contact Manager is displayed. For example, for ease of use, you may wish
for users of the group “Human Resources” to access the “Employees” contact
category upon accessing the Contact Manager.
To choose a contact category, click the “people”
icon at the right-hand corner of the “Preferred contact category” section of
the Group editing screen. You will
receive a category selection dialog.
Choose the appropriate category to complete the selection. Once a group has been established, you may add
users to that group by selecting the group from the group tree and choosing the
“Users” combo box option. You will
receive the application necessary to modify users of that group.
The process of modifying users resembles that of
modifying groups. You must provide a
name for your user remembering that the best user names are generally written
in all lower-case letters without symbols.
Do not include spaces for your user names as this name will also be the
email address for your user and the Internet mail system does not accommodate
spaces. You may use an underscore (“_”)
or period to separate first and last names.
For example, you may create a user named “joethomas” or “joe.thomas” or
“joe_thomas”. The user permission scheme found in the
“Permissions” tab will contain all of the checked items that their parent group
has checked. The key difference between
group and user permissions is the ability of a user to have MORE or LESS access
to applications than their parent group.
Of course, if a user is to have more permissional powers that their
parent group, the user that is granting that power must possess the power –
typically, this is the admin user performing this function.
Once the user has been added to the system, the
user name will appear under the parent group in the user tree.
You may edit a user by double clicking the user
from the user tree or by choosing the user and clicking the Open
button. You will receive the same
application used to add the user with the addition of any saved
information. In addition to being able
to modify the user name and permissions, you can manage the user’s password
(see discussion below) or re-assign the user to a different group from the
“Group” tab. Simply choose the new
group for the user and save your changes. You may also delete a user by choosing the Delete
button. Deleting a user does not remove
any history of the user (such as emails sent and received). If a user does not need to be permanently
deleted from the system, you may consider simply making the user password
“Invalid” in the “Password” tab (see discussion below). SPS system users may also be linked to contacts
found in the SPS
Contact Manager application. This
feature allows the ability to provide contacts such as customers a
permissionally controlled login into the system in order to perform such tasks
as creating trouble tickets or running an account report.
To link a user with a contact, simply click on the
“people” button next to the “Related contact” field. You will receive a contact selection popup. Choose the appropriate contact to complete
the “Related contact” field. As noted in the User Login section of this manual,
the user’s initial password will be the lower-case word “password”. The user has a limited amount of time to
change his password to something other than the word “password”. This time period is established by the system
administrator in the Attribute Editor – Groups application. Besides the ability to modify given user
permissions, you may also control user access to the system through access
control of the user’s password. If you
wish to invalidate or reset a user’s password, choose the user from the user
tree and click Edit. Next, choose the
“Password” tab and set the radio button option to the desired action. Use “Reset” if a user forgets his password
and you wish to force him to re-establish the password by using the word
“password”. The “Invalid” choice
temporarily inactivates a user, as would be the case if the user were to be on
vacation. Once the user is to become
active again, you must force a password reset, as the previous password cannot
be reactivated.
Each user may also be assigned up to five email
aliases from within the Password tab.
An email alias represents an email address that is to correlate to the
user’s SPS email address (essentially the user name @ the company domain). For example, the user “joe.thomas” in our
above example will have the SPS email address of joe.thomas,
but may also have an email account set up under the name
jthomas If the user wishes
to receive all of his email through the SPS Mail Server, then an alias will
need to be set up in order to cross-reference the external email address to the
correct SPS user. See the section under
the “Email Console”
section of this manual for more information. Once a user has been added to a group, the user may
be re-assigned to a different group through the Group tab, but only to those
groups that the user performing the assignment has the ability to assign. For example, while the system administrator
(the “admin” user) can assign users to any group in the system, a user that
belongs to the Finance sub-group and has edit privileges in the Security
utility can only assign users to the Finance group or any group that falls
under the ownership of the Finance group.
ã 2003 –
Root Systems LLC – http://www.idcs.info/ |
