User Management#
The User Management allows an nJAMS Administrator to manage users, roles, and permissions. The User Management is represented by a separate category:
When you start from scratch there’s one user and one role available. During installation the nJAMS Installer creates an Administrator account. Usually the account name of the nJAMS Administrator is ‘admin’, but you can name the Administrator account as you like.
An nJAMS Administrator account cannot be removed.
Manage user#
When creating a user you must supply a user name (which will act as the login id) and a password. Optionally a comment can be added and a time interval that constraints the new user’s validity can be configured.
For roles imported from a directory service via LDAP, the DN is also shown.
To access users navigate to User Management > Users
:
Select a user from the list and you can manage this account:
(A)
Create a new nJAMS account
(B)
Edit an existing user
(C)
Assign a predefined view for the user
(D)
Define a one-time password for the user
(E)
Assign one or more roles to the user
(F)
See more details of the selected user
(G)
Delete the selected user
The following steps are required to create an usable account:
Add a user
Assign the user at least one role
Grant permissions to the role
Define a password
- Add user:
(A)
Click on ADD to create a new user account and enter a username. The other fields are optional.Attribute
Description
Username
Name of the account (mandatory)
First name
First name of the user
Last name
Last name of the user
Email
Email address
Comment
Enter a comment for this account
Valid from,
Set a time interval inside the account is valid
Valid to
When you click on SAVE the account will be created:
(B)
The account can be edited at any time; the username can also be changed.- Assign roles:
It is required to assign at least one role to the user. Permissions can only be granted to roles, so a user must be assigned to at least one role.
(E)
Click on ASSIGN ROLES to assign roles to the user:Select the role ‘defenders’ and click on ASSIGN. The user is now assigned to the role ‘defenders’.
- Grant and revoke permissions:
You can grant permissions on domain objects to a role, respectively revoke permissions from a role. Assigned user to that role are therefore granted with these privileges.
- Manage passwords:
When creating a user, an initial one-time password has to be created. The one-time password must be changed by the user after first login.
(D)
Click on CREATE Password and an one-time password is generated.Submit this password to the user.
If nJAMS Server contains a valid connection to a SMTP server and an email address has been provided to the account, an email containing the one-time password is sent to the user.
Note
A user who was imported from a directory service can change neither the password, nor the name nor the email address in nJAMS Server.
The password can be changed either by the nJAMS Administrator or by the user using the “My Account” dialog. A logged in user has to navigate to ‘My Account’ as follows:
Click on CHANGE PASSWORD on the following page:
Password retention:
You can change the password retention setting for newly created passwords in
Administration > System Control > System configuration
. Scroll down to section ‘User management’ and change setting forPasswordRetention
:0
newly created passwords will never expire (default).<number of days>
number of days after creation after which the password expires.
Manage roles#
For managing roles, navigate to category roles:
This will show a list of available roles:
(A)
Create a new role
(B)
Edit an existing role
(C)
Assign a predefined view for the role
(D)
Assign Users to the role
(E)
Grant / Revoke System Privileges to/from the role
(F)
Grant / Revoke Object Privileges to/from the role
(G)
See more details of the selected role
(H)
Delete the role
Perform the following steps to introduce a new role:
Add a role
Define a predefined View to the role (optional)
Assign users to the role
Grant System Privileges to the role
Grant Object Privileges to the role
- Add roles:
(A)
Click on ADD to create a new role and enter a name for the role. A comment is optional.Click on SAVE to create a new role.
(B)
You can edit a role; changing the name of the role later on is possible.- Determine a View:
An nJAMS Administrator can specify a predefined view to users or roles. In case no view is specified - which is the default - the Default View is determined for the user, respectively role.
(C)
Click on VIEW to specify a View for the selected role:This option is useful for a group of users that should use a common view for their daily work. For instance, there might be users who just want to check process executions and don’t need access to any further details. In this scenario an nJAMS Administrator can define a reduced custom layout and assign this view to the role for this group of users.
Note
The assignment of a view to a user overrides the assignment to a role.
Assume a user is part of a role that is in turn assigned to a specific view. In this case the user will consider the view that belongs to this role.
Now further assume that this user is additionally assigned to another view. In this case the user considers the view assigned specifically to this account, the view assigned to the role will be ignored.
- Assign users:
A role can be assigned to users.
(D)
Select role ‘defenders’ and click on ASSIGN USERS to assign users to that role:Click on SAVE and the users are now assigned to that very role.
- Grant System privileges:
An nJAMS Administrator can grant or revoke System privileges to a role.
What are System privileges?
A System privilege is the permission to perform a particular action.
A System privilege can be granted and revoked to/from particular roles.
System privileges are predefined by nJAMS Server or by extensions, i.e. nJAMS plugins.
What kind of System privileges are available?
System privilege
Description
Administrator
Allowed to administrate nJAMS Server. This is the highest privilege a role can have. There has to be at least one role provided with ‘administrator’ privilege. The ‘administrator’ privilege includes all other privileges described below.
Object authorization
Allowed to authorize roles on domain objects. A domain object is an element that is available in the tree ‘Processes’, ‘Queries’ of the Main page. If members of a role should be allowed to authorize someone else to work with Objects, they need this System privilege.
Rules manager
Allowed to define and manage Rules. A Rules Manager can enter category ‘Rules’ from the top menu.
Server operator
Allowed to operate nJAMS Server (configure, start/stop components). Neither managing users, roles nor granting permissions are allowed. A Server Operator can enter category ‘Administration’ and manage all available categories, except User Management.
User manager
Allowed to manage users, roles and granting, revoking permissions. A User Manager can enter category
Administration > User Management
.See new main entries
Allowed to see new incoming Objects in Tree and Result list that have not been granted with Object privileges.
View msg. processing
Allowed to see progress of Message Processing in
Administration > System Control
.Configure Argos
Allowed to add, update, delete Argos dashboards.
View Argos
Entitled to see Argos dashboards.
(E)
Click on SYSTEM PRIVILEGES and you can grant or revoke permissions on the selected role:In this example the role is granted to act as Rules Manager and is allowed to define and manage Rules.
- Grant Object privileges:
An nJAMS Administrator can grant or revoke Object privileges to a role.
What are Object privileges?
An Object privilege is the permission to work with particular nJAMS Objects (Processes, Queries).
An Object privilege can be granted and revoked to/from particular roles.
Object privileges are predefined by nJAMS Server or by extensions, i.e. nJAMS plugins.
What kind of Object privileges are available?
Object privilege
Description
read
Allowed to read data of nJAMS Objects.
Members of a role that was granted to read log events of a particular Process execution can read all information this Process is logging in nJAMS.
write
Allowed to create, update, delete Extracts and Traces on nJAMS Objects.
manage
Allowed to manage Settings on Objects (retention, logmode, loglevel, etc.).
(F)
Select a role and click on OBJECT Privileges. The following dialog opens:- Show details:
(G)
See further details of the selected role.- Delete roles:
(H)
Click on DELETE to remove a role.Note
nJAMS Server will prevent you from deleting roles with references to existing users. Remove all members from the role first and delete the role afterwards.