User Management¶
The User Management allows an nJAMS Administrator to manage users, roles, and permissions. The User Management is represented by a separate category:
When you start from scratch there’s one user and one role available. During installation the nJAMS Installer creates an Administrator account. Usually the account name of the nJAMS Administrator is ‘admin’, but you can name the Administrator account as you like.
An nJAMS Administrator account cannot be removed.
Manage user¶
When creating a user you must supply a user name (which will act as the login id) and a password. Optionally a comment can be added and a time interval that constraints the new user’s validity can be configured.
For roles imported from a directory service via LDAP, the DN is also shown.
To access users navigate to User Management > Users
:
Select a user from the list and you can manage this account:
- Create a new nJAMS account
- Edit an existing user
- Assign a predefined view for the user
- Define a one-time password for the user
- Assign one or more roles to the user
- See more details of the selected user
- Delete the selected user
The following steps are required to create an usable account:
- Add a user
- Assign the user at least one role
- Grant permissions to the role
- Define a password
Add user: |
When you click on SAVE the account will be created:
|
||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Assign roles: | It is required to assign at least one role to the user. Permissions can only be granted to roles, so a user must be assigned to at least one role.
|
||||||||||||||||
Grant and revoke permissions: | |||||||||||||||||
You can grant permissions on domain objects to a role, respectively revoke permissions from a role. Assigned user to that role are therefore granted with these privileges. |
|||||||||||||||||
Manage passwords: | |||||||||||||||||
When creating a user, an initial one-time password has to be created. The one-time password must be changed by the user after first login.
Submit this password to the user. If nJAMS Server contains a valid connection to a SMTP server and an email address has been provided to the account, an email containing the one-time password is sent to the user.
The password can be changed either by the nJAMS Administrator or by the user using the “My Account” dialog. A logged in user has to navigate to ‘My Account’ as follows:
Password retention: You can change the password retention setting for newly created passwords in
|
Manage roles¶
For managing roles, navigate to category roles:
This will show a list of available roles:
- Create a new role
- Edit an existing role
- Assign a predefined view for the role
- Assign Users to the role
- Grant / Revoke System Privileges to/from the role
- Grant / Revoke Object Privileges to/from the role
- See more details of the selected role
- Delete the role
Perform the following steps to introduce a new role:
- Add a role
- Define a predefined View to the role (optional)
- Assign users to the role
- Grant System Privileges to the role
- Grant Object Privileges to the role
Add roles: |
Click on SAVE to create a new role.
|
||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Determine a View: | |||||||||||||||||||||
An nJAMS Administrator can specify a predefined view to users or roles. In case no view is specified - which is the default - the Default View is determined for the user, respectively role.
This option is useful for a group of users that should use a common view for their daily work. For instance, there might be users who just want to check process executions and don’t need access to any further details. In this scenario an nJAMS Administrator can define a reduced custom layout and assign this view to the role for this group of users.
|
|||||||||||||||||||||
Assign users: | A role can be assigned to users.
Click on SAVE and the users are now assigned to that very role. |
||||||||||||||||||||
Grant System privileges: | |||||||||||||||||||||
An nJAMS Administrator can grant or revoke System privileges to a role. What are System privileges?
What kind of System privileges are available?
|
|||||||||||||||||||||
Grant Object privileges: | |||||||||||||||||||||
An nJAMS Administrator can grant or revoke Object privileges to a role. What are Object privileges?
What kind of Object privileges are available?
|
|||||||||||||||||||||
Show details: |
|
||||||||||||||||||||
Delete roles: |
|