The User Profile Editor window displays the user's attributes, role membership and permissions. If a user is viewing his/her own profile, then some items may not be visible or may be read-only. If an administrator is viewing (or editing) the profile of a user, then all items will be visible. Such distinctions are indicated below.
To open the User Profile Editor window, click on a username in the User Manager widget. To open the editor to view your profile, click the More Options icon on the right-side of the main window frame for the selected dashboard. From the drop-down menu, click on your username next to the user profile icon .
All changes made on User Profile Editor window will only be saved when the Save icon is clicked. If the Close without Saving icon is clicked, none of the changes will be saved.
User Name – The user name of the user. This value is required (i.e., may not be null), must be unique in the ST_USER table, and is immutable (i.e., cannot be changed after the user is created). Letters with diacritical marks are allowed in the user name field. By default, the database's user name field is of type varchar, which limits it to UTF-8 characters. The diacritical marks in languages supported by Enterprise (German, French, Portuguese, Spanish) should all be able to be stored correctly in the database, while other characters found in other Latin character sets (Slavic languages, Turkish) will be reduced to their UTF-8 form in the database unless the user name field is changed to nvarchar.
Email Address – The email address of the user. This value is required (i.e., may not be null), must be unique within the ST_USER table, and must be a valid email address. A user can have multiple comma-separated email addresses, using the following criteria:
•Each email address needs to be separated by 1 comma.
•There can be 0 or 1 white space characters after each comma.
•There can be 0 characters following the last email address in the list.
•The list of email addresses, including the comma and white space characters, can not exceed 100 characters in length.
Creating a new user with multiple email addresses or updating an existing user to have multiple email addresses:
If a new user is created with or an existing user is updated to have multiple email addresses, the individual email addresses may exist as the email address for another user in the EQuIS database.
First Name – The user's first name. This value is optional.
Last Name – The user's last name. This value is optional.
Preferred Message Delivery Method – Used to set the message delivery method to either Web Only or Email and Web. This value is required.
Remark – This is an optional field for storing a remark.
Click Here to Change Password Button – Used to change the user password.
Note: An Active Client Access License (ACAL) is unique to each user. The user may log in from any device at any time and use the same license. A single ACAL may be used across multiple EQuIS databases if both of the following conditions are true:
•All of the EQuIS databases point to the same license database, and
•The user name (ST_USER.USER_NAME) and email address (ST_USER.EMAIL_ADDRESS) are exactly the same in each EQuIS database.
The Roles tab displays the user's membership. Users that are not administrators will only see the roles to which he/she is a member and will not be able to change role membership. Administrators will be able to see all roles and optionally change the user's role membership.
Name Search Box – Enter a search term (one or more characters) that will be used to search for roles. Only roles will be displayed that contain the search term (name, remark). Press the keyboard <ENTER> key or click the Search button (just to the right of the Search box) to search for roles.
The grid columns contain attributes of the role. The columns are sortable by clicking on the column header (click again to reverse the sort). The columns are as described below.
Role Icon – This column is for display purposes only and may not be changed. The column indicates a role , a licensed role , or an ALS (application-level security) role .
Name – The name of the role. This column is for display purposes only and may not be changed.
User – If the icon is displayed, then the user is a member of the role. If the icon is not displayed (i.e., the cell is empty), the user is not a member of the role.
•Click the column header to sort by role membership (i.e., to see roles for which the user is already a member sorted separately from roles for which the user is not already a member).
•Click the cell to toggle role membership for the given user. Membership is not saved until the Save button is clicked.
The bottom of the grid contains paging controls for displaying a limited number of roles at a time, as described below.
Arrows – Use the left/right arrows to navigate through pages.
Go to Page List – Select a specific page to navigate directly to that page.
Rows per Page – Change the number of roles to be displayed per page by using the drop-down menu.
Count of Pages and Total Items – This control indicates the total number of items available in the grid, how many pages to display the items, and which page is currently selected.
The paging controls are specific to the current search. For example, if there are 15 roles, but only four roles match the current search term, then the paging controls will apply only to the four matching roles.
The Permissions tab contains the permissions grid, where user permissions can be viewed and/or changed. If the User Permissions Report has been enabled, a download button will be available to download the User Permissions report for the given user.
Cache (hours) – This setting pertains to the number of hours to cache report output. Fractional values are allowed (e.g., 0.25 = 15 minutes). Report caching cannot be disabled. Although a zero (0) value can be entered, the minimum report cache will always be 1/10 of an hour (i.e., 6 minutes). See Report Caching Service article for more information.
Delete Report Cache Button – This will delete the Enterprise report cache.
Default Dashboard – This is an optional setting that can be used to set the default dashboard to load upon user login. If a default dashboard has not been set, the current dashboard title is displayed. Clicking on the Choose Dashboard button will open the Dashboard Chooser and a default dashboard can be selected.
This is the application grid that shows the user’s configuration settings and pulls from the ST_CONFIG table. Users with the appropriate permissions can also add entries to the grid and populate ST_CONFIG. For example, if the following entry is in the ST_CONFIG table, it will be shown in the application grid, and vice-versa:
CONFIG_SECTION = DashboardChooser
CONFIG_KEY = DefaultView
OBJECT_TYPE = null
OBJECT_VALUE = null
STRING_VALUE = Recent
USER_ID= Targeted user's ID (e.g., 12345)
If a user adds the above entry, the Dashboard Chooser will default to Recent.
Users may wish to set the default view and/or renderer (grid/tile/map view) for the Dashboard, Facility, Report, and/or Widget Choosers. The DefaultView value can be either "Favorites" or "Recent". The Renderer value can be either "Tile" or "Details" (will display the Grid View). In addition, the Facility Chooser can have a Renderer value of "Map". See the Chooser Configuration article for additional details.
Note: Administrative users will have to add the configuration settings for non-administrative users, who can then modify the settings as desired in the User Profile Editor.
The Security tab displays a grid of tokens that have been created by the user, plus the option to generate new tokens and delete existing tokens. A user is only able to create their own tokens (including administrators), and users need to be assigned to the REST API role in the Roles tab. The security tab is not displayed for users who are not assigned to the REST API role.
To generate a new token, click the Add icon on the top of the view grid frame. This opens a New Token dialog window for creating a new token.
Name – The name of the token. This value is required (i.e., may not be null) and is immutable (i.e., cannot be changed after the token is created).
Expiration – The expiration date and time for the token. The date value is displayed as YYYY-MM-DD (ISO 8601 standard) and the time value is displayed as 12-hour or 24-hour depending on the user’s cultural settings. This value is required and is set to two weeks from the date the token is generated by default. The time stamp value displayed in the grid of tokens corresponds with the time of day the token was created. The minimum expiration time frame that a token can be set to expire in is one day from the date the token is generated. Note that setting the expiration date to 2038-01-19 or later creates an invalid token due to a known Microsoft limitation.
Subject – The Subject field allows a token to be restricted to an absolute Uniform Resource Identifier (URI) path, making the token more secure by limiting where it can be used. The field is populated with the base URI of the site being used to create the token (e.g., https://www.tokenexample.com/) by default, but is not required to create a token, can be blank, and is not displayed in the grid of tokens. If the base URI is unchanged, the token will be valid for the entire URI site. If the token’s subject is updated to be more specific (e.g., https://www.tokenexample.com/locations), the token would be limited to the URI’s “locations” resource.
Referrer – The Referrer field is optional and is not displayed in the grid of tokens. The entered value is used to limit token validation to “Referrer” domains that end with the given value. The value is embedded in the token and is not accessible to the user. If the Referrer field is left blank, the token is valid for all referrers.
Remark – A field for the user to add a comment about the token. Text added in this field is displayed in the grid of tokens.
After the user fills out the form with, at a minimum, the required fields populated, clicking the OK button brings up a dialog window displaying the token value. It is important to know that this is the only opportunity to view and copy the token value. Click the Copy button to automatically highlight and copy the token value so it can be used in the necessary application. The Close button will close the modal and add the token as a new record in the grid.
Warning: After a new token has been generated, there is only one opportunity to copy the token value. After closing the Token dialog window, a record will be added to the token grid, but the token value will not be accessible.
To deactivate a token, select the token and click the icon on the top of the view grid frame of the Security tab grid. This will delete the token from the Security tab grid and disables the token for the user.
Enterprise 7 introduces license-based roles. New users are created with the STATUS_FLAG set to 'R'. Assigning these users to a licensed role (e.g., EQuIS Enterprise - Basic role) activates the user and the user's STATUS_FLAG is set to 'A'. When removed from the licensed role, the user's STATUS_FLAG is set to 'R'. Roles can be assigned in the Role interface on the top-right in the User Manager widget.
Note: It is strongly recommended to not alter user status or any other user information via ST_USER.
When an administrator is viewing the user profile of another user, s/he will see an impersonate button with the More Options icon to the top-right of the window. Clicking on this icon will allow the administrator (after a confirmation prompt) to disable a user.
Note: Only use the 'Disable' function for a user if you plan on not re-activating them. If you plan on reactivating a user in the future, it is strongly recommended to remove them from a license role and NOT disable them.
For data security reasons, disabling a user will also disable any EIAs that user has created. It is recommended to review all EIAs created by the disabled user and either have an active user recreate them or alter ST_REPORT_EVENT.USER_ID by replacing the disabled user's USER_ID with a current active user's USER_ID.
When an administrator is viewing the user profile of another user, s/he will see an impersonate button with the More Options icon to the top-right of the window. Clicking on this icon will allow the administrator (after a confirmation prompt) to impersonate that user. The browser will refresh and the administrator will now be logged in as the specified user (with all applicable permissions, etc.). A record is added to the ST_LOG table indicating the administrator's user name and the user which was impersonated.
To end impersonation, the administrator must click the Logout link.
Impersonation works for basic authentication (e.g., username and password) and Lightweight Directory Access Protocol (LDAP) authentication. EarthSoft recommends clearing the browser's cache after impersonating a user.
All changes made on the User Information window will only be saved when the Save button is clicked. If the Close without Saving button is clicked, none of the changes will be saved.
Copyright © 2022 EarthSoft, Inc • Modified: 16 Mar 2022