This chapter describes the properties of a user and what they are for, but not how to change them. See Modifying Users for a description of how to change the properties on a user. The licence for Exprodo DB counts the users with status Normal (whose accounts have not expired) and Password must be reset at next login.
Identity
Every user has a combination of authentication method and login name which must be unique. The login name may contain letters, numbers, hyphen, underscore or full stop. A login name may be changed as long as the new name adheres to these constraints. We store both a login name and a login identifier. Login identifiers can be long and complex, so the login name can be used in these cases instead of the identifier for logging in and display of the user information.
There can be up to 32 roles defined in the system, including the predefined and special Root and Admin roles. A user with the Root role always has permission to do anything in the system. A user with the Admin role is allowed to perform administrative tasks. However, Exprodo DB can be configured so that the Admin role is not required for administrative tasks. The remaining 30 possible roles can be configured as required, and they are normally associated with setting up Permissions as required for your facility. See User Roles in the Bakery section of the Exprodo DB Configuration Guide for how add new roles.
Users with the Root role have the following special properties:
•Permissions are not checked. Permission is always granted.
•They are allowed to log in, even while the licence has expired. This allows you to recover such situations once you have a new licence.
•They can change the status of a user to make them active (for example, by changing the status from Blocked to Normal), even if it means there will be more active users than the licence allows. However, this may not be a good thing to do since only Root would then be able to use the system.
•Normally, a user can only allocate other users with roles that they already have. However, if a user has the Root role, they can add any role to another user.
Users with the Admin role have the following special properties:
•By default, Permissions are created that allow a user with the Admin role to create, update and delete almost all Biskit Types. They can also update the database schema when using the Bakery. However, these Permissions are changeable and may be added, removed or modified for any user by a user with Admin privileges.
•When the Exprodo DB licence has fewer than 30 days remaining, users with the Admin role will receive a warning each time they log in. Regular users only receive a warning in the 7 days prior to expiration. Note that 30 days' grace period is allowed, so that there is always time after expiration before the licence must be renewed.
•When a user with the Admin role logs in for the very first time, they are assigned the menu that has been configured for Admin users in Global Preferences -> Menus -> Default Admin Menu. A user that has neither the Root nor the Admin role will be assigned the menu specified in Menus -> Default User Menu when they first log in.
The final difference that users with the Root or Admin role may notice is that each Biskit Type can be configured in the Bakery to be visible to users with the Root role, users with the Admin role, everybody or nobody. For example this provides a way to reduce the number of bisikit types that users may search for, for example.
Names And Email
A user's name is split into three parts: their given name (usually their first name), the family name (usually their last name) and their other name (for any middle names). Exprodo DB uses these names for display and in reports, but not for anything else. For example, it is not a requirement that a user's name is unique.
A user's email address is important because Exprodo DB sends emails for various reasons (Email Workflow Action and Manual Emails).
Type
Exprodo DB may be configured so that users are asked for a type when they first register. The type is a means of segregating users into non-overlapping sets, which may be used by the facility for assigning Permissions. The possible values for a user type are configured in Configuring Types And Groups.
Password
The users password is stored here, but will only be shown as a number of dots for security reasons. If there is no password the box will be empty.
Status
A user's status indicates whether they can log in. It can take the following values:
Status |
Description |
---|---|
Requested |
This is the status given to a user when they first register. A user whose status is Requested cannot log in. |
Normal |
This is the normal status for a user who can log in. |
Password must be reset at next login |
A user whose status is Password must be reset at next login can log in, but they will be forced to change their password as soon as they do so. If an administrator needs to reset a user's password, then it's useful also to set their status to this value at the same time. |
Blocked |
A user whose status is Blocked cannot log in. Typically, use this status for a user that needs to be stopped from logging in for some reason. |
Denied |
A user whose status is Denied cannot log in. Typically, use this status when not approving a new user request, although there is also have the option of deleting the user. |
Expired |
A user whose status is Expired cannot log in. Either their expiry date has passed or the administrator has decided they no longer need to use the system. |
Lurker |
A user whose status is Lurker cannot login but will receive automatic and booking reminder e-mails. |
Suspended |
A user which doesn't count towards the user limit, they can login, but whilst suspended do not receive any emails. Their status is automatically changed to Normal on login. |
The reason that both Blocked and Denied statuses exist is so that an Email Workflow Action can be used to send the affected user a message that is suitable for the situation.
Expiry Date
This allows the administrator to set an expiry date for the users login. When this field is edited a calendar will appear, just select the day the login is to expire on.
Last Login and Last Login From
This records the last date and time the user logged in and the IP address of the machine they logged in from.
Groups
A user may belong to any number of user groups, and group membership can be used for assigning Permissions. The groups that exist are configured in Configuring Types And Groups.