How can we help?
Manage Users and Security
Video
Chapters
- Overview – 0:06
- Configuring Users – 0:22
- Assigning Permissions – 1:09
- Reset Password – 1:33
- User Groups – 2:00
- Application Security – 2:34
- Resource Security – 3:34
Manage User Groups
User Groups are used to organize permissions. Permissions cannot be assigned to individual users, only to user groups. User groups can be created and then using the Application Security section the groups can be assigned the right to have access to sections of the application. Resource Security can also be assigned to user groups, which filters the Plants and DX Services visible to users in a given group.
Currently, DataXchange only supports one Group Type, which is Employees.
Active Directory Sync, if enabled, will keep the group up-to-date with a group matching its name in LDAP or Active Directory. LDAP/AD Users will be given their appropriate set of LDAP/AD synced user groups when logging into DataXchange. More information about LDAP and Active Directory in DataXchange can be found here.
Manage Users
The Manage User form is used to create and modify users that will access the DataXchange system. A Company and an External email address can be specified which can be used for notifications. A Phone number and Title can be included for reference purposes.
Optionally, a user can be associated with a Plant. The plant association can be used to inherit a default translation set at the plant level.
A Status of Disabled will prevent the user from logging into the system or entering data into the system.
A Status of Data Entry only will prevent the user from logging into the system but will allow data entry into the system via the ODI.
Users can be added to User Groups for permission purposes directly from the Manage User form.
There are 3 fields relating to authentication on the user form:
Authentication | This will specify the type of authentication the user will be using when logging in.There will be 2 methods to choose from: DataXchange - Authentication will be done through the DataXchange database. LDAP - Authentication will be done through the LDAP server or Active Directory. |
Bypass Strong Password | This option is only available for DataXchange authentication. The options are Enabled or Disabled (default). If Enabled, this will allow the user to set a simple password. For example, a generic log in such as "Shop". |
Password Never Expires | If Enabled, the password for the user will never expire. This is only available for DataXchange authentication. This will override the settings on the Authentication form. This will bypass the expiration requirements that have been set. |
Reset Password
If a user forgets their password an administrator of the system can reset the user’s password. When reset, the user’s password will be cleared and replaced with a temporary password. The user can now login with the temporary password, and will then be prompted to set a new password. If the user has an email address within DataXchange it will email that user with the temporary password. If they do not have an email address, the system will display a pop up with a temporary password. Note that changing a user’s User Name will automatically trigger a password reset.
Manage Application Security
The Application Security section is used to assign permissions within the application. Application Security controls access to the tabs on the ribbon bar, as well as buttons and sections within.
Application Security is assigned to user groups, not individual users. Select a user group from the list on the left and then check the application permissions that members of the user group should be able to access.
If an item is checked then members of the associated user group will have access to the item.
If a user is a member of multiple user groups the permissions will be additive from the separate user groups.
Manage Resource Security
The Resource Security form is used to assign permissions at a resource level. Resources controlled at this time are plants and the DX Services.
The objective is to filter user’s access based on the plant(s) or service(s) they are associated with or specifically assigned to. For example, in a multi-plant installation users may only have access to view equipment within their plant. However, upper management may have the ability to view multiple or all plants or services.
Setting Plant and DX Service Permissions
On the Manage Users form users can be assigned to a plant. This assignment to a plant will be used for the default permissions allowing the user to view only the associated plant and its equipment. By default, users will only have access to the plant they are associated with. If a user is not assigned to any plant they would not have access to any plants.
Permissions are assigned to user groups, not individual users. Select a user group from the list and press the Modify button. The associated user group can be assigned permissions to plants and DataXchange Services. If an item is checked then members of the associated user group will have access to the item. If a user is a member of multiple user groups the permissions will be accumulative from the separate user groups. If a user is a member of a user group that has Resource Security assignments then the default plant the user is associated with on the Users form will be irrelevant, the explicitly assigned permissions will be applied.
For the DX Services, there are not any default security settings. The permissions will simply go off of the user group permissions. If the user is not assigned any permissions through any user groups then the user will have access to all DX Services. If the user is assigned permissions then those permissions will be applied.