Users
The Users (md_user) table is in the User Management System (UMS). This table defines the persons or users that access the system and contains personal information about each user, including first name, last name, email address and home resource name.
In order to access the Users table, you must be logged into iTopia as a user assigned the UMS Administrator role, or as a user with sufficient permissions to access the view. A 'system' user will be created when iTopia is installed at your site. This user will be set up to access the Users table.
Each user has an associated personal user menu, the My Views folder. When a user record is created, the system automatically creates the user's My Views folder. When a user record is deleted, the associated My Views folder is also deleted. The My Views folder can be maintained by the user using the User Resource Group view via the user's profile.
When a new user is created, a 'ums_user' role is automatically created for the user by the system. This role provides limited UMS access to each user. For details on the UMS access provided by this ums_user role, see the Role Details for the ums_user topic.
If changes are made to a user, you must log out and then log back in to see the effect of the changes on the given user record.
During the deletion of a user record, the system automatically deletes the personal and ums_user roles along with all other roles assigned to the user from the User Roles table.
The following list defines every field available in the users (md_user) table in alphabetical order:
- Application Inactivity Timeout - is used to trigger the expiration of a session application that has been inactive for a given period of time. When the selected value of inactivity is reached, the system automatically releases all locks within the application and forces the expiration of the session application.
The following options are available: 0 - User Default (default), 5 - Five Minutes, 10 - Ten Minutes, 15 - Fifteen Minutes, 30 - Thirty Minutes, 60 - One Hour and 120 - Two Hours.
A value of 0 - User Default indicates that the application inactivity timeout set up in the configurations table is to be used.
An inactive session application exists when an application has failed unexpectedly (i.e. a fatal error) or the user has closed the browser window instead of the application within the browser window.
The cleanup of session applications is performed by the Meta - Clean Up Expired Session Applications (meta_ums_session_cleanup) timer
- Applications
- this field is not maintainable. The applications column is an expression column that shows the details of the applications currently registered as open for the current user. When the number of applications is greater than zero, hover over the icon to preview the list. Clicking on the icon will open the Session Applications view.
- Automatically Discard Changes - a flag that dictates system behavior while modifying a record from within a maintainable view. Determines how the system should react if a change is made to a field value and the user attempts to exit the Details page without saving his/her changes.
The following options are available: Yes and No (default).
- A value of Yes indicates that changes are to be discarded without further user intervention.
- A value of No indicates that a prompt will appear requesting confirmation that the changes are to be discarded. If the user chooses to discard the changes, then he/she is redirected accordingly and the changes are aborted. If the user chooses to cancel, then he/she remains on that page and the redirection is aborted.
This field can be maintained through the user's profile.
- Automatically Format Phone Numbers - a flag that indicates whether or not phone numbers are to be formatted.
The following options are available: Yes (default) and No.
- It should be noted that a phone number is formatted only if this flag is set to Yes. When the flag is set to Yes, the number will be formatted using the North American phone number standard as detailed in the table below:
Type of Number Entered |
Example |
Formatted Value |
7 numeric digits |
5551212 |
555-1212 |
10 numeric digits |
8005551212 |
800-555-1212 |
11 numeric digits |
18005551212 |
1-800-555-1212 |
- If the telephone number entered does not contain numeric digits, or is not 7, 10 or 11 characters in length, the phone number entered will be left as is.
Note: This flag only applies when phone numbers are entered. If another user, for which the Automatically Format Phone Numbers flag is set to No, logs in, the phone number will still be displayed as a formatted value. As well, some resources such as Organizations and Divisions use the Standard Phone and Fax Number Format setting on the global table instead of the user profile setting.
- This field can be maintained through the user's profile.
- Company the company name.
- Confirm Password - confirmation of the user password entered.
The system prompts you to confirm your entry and to ensure that an error did not occur unknowingly.
-
When using Update Fields to change the passwords for one or more users, both the Password and Confirm Password fields must be entered manually. If both fields are not entered, the password is not validated successfully.
- The value entered in this field is masked.
- Created By - displays the name of the user who created the record you are viewing or maintaining. May not be overridden.
- Created On - displays the date on which the record that you are creating or maintaining was created. May not be overridden. May also represent the creation date of the records you are attempting to retrieve.
- Date Format - the date format for the current user. The following options are available:
- 1 - yyyy-mm-dd
- 2 - yyyy.mm.dd
- 3 - yyyy/mm/dd
- 4 - mm-dd-yyyy
- 5 - mm.dd.yyyy
- 6 - mm/dd/yyyy (default)
- 7 - dd-mm-yyyy
- 8 - dd.mm.yyyy
- 9 - dd/mm/yyyy
Note: This field can be maintained through the user's profile. You must log out and log back into the system to see modifications made to the date format.
- Display Time Zone - indicates whether or not time zones should be displayed throughout the product. The following options are available: Yes and No (default).
- A value of Yes indicates that the time zone's short description will appear to the right of timestamp columns and will be hyperlinked. This allows you to preview the record by hovering over the link.
- A value of No indicates that the time zone's short description will not be displayed.
The value of this field may be modified only when the system supports multiple time zones (i.e. the general.multi.time_zone.support property is set to 1 in the tecsys.properties file).
- Default Printer - the default output device
- Department the department to which the user belongs.
- Email Address the user's email address. If a valid email address is entered, it displays as a link. Double clicking on the link launches the user's default email application with the email address automatically populated in the To field.
- First Name the user's first name.
- Form Label Format - a rule that defines how the system will display the columns in the business views. The following options are available:
- 1 - Column Description (default) indicates that the column title simply includes the column name. Examples: Item, Order Status.
- 2 - Column Description with Related Table Description indicates that the column title is composed of the column name followed by its related table name or its role description name from the relation indicated within the parentheses. Examples: Item (Sales Order Lines), Order Status (Sales Order Computation).
Note: If the user scrolls over a column name, a tooltip appears displaying the full path. The format in which the path is displayed is table name > column name. For example, when the user scrolls over the Item column title, the tooltip displays Sales Order Lines > Item.
This field can be maintained through the user's profile
- Full Name - this field is not maintainable. The full name column is an expression column that displays the user's full name (i.e. the first name followed by the last name).
- Home Resource Name defines the resource that will be launched when the user logs in. It represents the user's default home or main menu. The icon beside the home resource name opens the home menu for this user.
- For most non-administrative users, the home resource name to entered will be 'ibis_home_menu'.
- For system administrators, the home resource name entered will be 'ibis_admin_home_menu'.
The resource name can be set to any resource that exists in the system (the resource can be of type 1 - Resource or type 2 - Resource Group).
If the resource name is a resource group, then the application portal is launched and this resource group (menu) is shown upon a successful login. It represents the user's default home menu.
- For example, if the user works mostly with business views, the Business Views resource group (meta_business_views_menu) can be defined as the new home menu for the user. Assign the resource group by entering meta_business_views_menu in this field.
If the resource name is a resource, then the user will go directly to the resource upon a successful login. If a user is set up as such, then the Home action no longer takes them to their Home menu. It keeps them in that resource. Also, the Logout action will appear on the individual resource instead of a Close action.
- For example, if the user spends most of his or her day maintaining database columns, the Columns resource (meta_md_column) can be defined as the new home resource name for the user. Assign the resource by entering meta_md_column in this field.
This field can be maintained through the user's profile.
- Honor the user's title. The following options are available:
- Mr. (default)
- Ms.
- Miss
- Mrs.
- Dr.
- Is Active a flag that indicates whether or not the user is currently active. The following options are available: Yes (default) and No.
- A value of Yes indicates that the user is currently active.
- a value of No indicates that the user is deactivated. A deactivated user no longer has access to the system.
- Is Internal - a flag that indicates whether or not the user is an internal user. The following options are available: Yes (default) and No.
- A value of Yes indicates that the user is an internal user.
- A value of No indicates that the user is an external user.
In many cases, it is necessary to denote a user as either an internal or an external user. For example, an internal user (some type of employee of the organization) may have access to certain information that an external user (like a customer or or supplier) should not be allowed to access.
- Is Scheduling Allowed
- a flag that indicates whether or not the user is allowed to schedule tasks. The following options are available: Yes and No (default).
- A value of Yes indicates that the user is allowed to schedule tasks.
- A value of No indicates that the user is not allowed to schedule tasks.
- Job Title the job title associated with the user. This is a free-format field.
- Keep Me Logged in Timeout - applicable for Web service sessions only. The Web service request must submit the login request with the keepMeLoggedIn parameter set to 1.
A timeout value that overrides the session timeout value set by the User Inactivity Timeout field.
The following options are available: 0 - User Default (default), 30 - Thirty Minutes, 60 - One Hour, 120 - Two Hours, 240 - Four Hours, 480 - Eight Hours, 720 - Twelve Hours, 1440 - One Day, 2880 - Two Days, 10080 - One Week and 20160 - Two Weeks.
A value of 0 - User Default indicates that the keep me logged in timeout set up in the configurations table is to be used.
The cleanup of session applications is performed by the Meta - Clean Up Expired Session Applications (meta_ums_session_cleanup) timer.
- Last Name the user's last name.
- LDAP Instance Name - the name of the instance in the Tecsys.properties file.
By default, the application only connects to one LDAP instance.
The Tecsys.properties file may include multiple instance definitions. Users can then authenticate themselves with whichever instance they choose.
- This setting defines the default/current LDAP instance with which the product is defined:
[LDAP]
ldap.connection.ums.current=apache
- The instance with which the ums.current property is defined uses the settings defined with the following keys:
ldap.connection.ums.apache.*
- The LDAP instance the user can specify can change the LDAP instance with which to authenticate:
ldap.connection.ums.tecsys.*
The correct value is: tecsys
- LDAP User Name - when the UMS authentication method is set to 1 - LDAP, the user must specify the LDAP user name. The LDAP user name is used to connect to LDAP.
The LDAP user name must include a domain specification. For example, both bob@tecsys and bobby@tecsys can be specified. The users are defined on the same LDAP instance (i.e. server), but in different domains.
The LDAP user name supports any syntax that LDAP supports for the user name. For example:
- domain\userName (e.g. TECSYS\bob)
- username@domain (e.g. bob@tecsys)
- Locale the locale sets the language that the user will use in PointForce iTopia. This field is set to en_US by default. You may override this value as required. This field is validated against the locales table.
Simply change the user locale to run the application portal and all resources in the selected language. Note:
You must log out and log back into the system to see the change in language.
This field can also be maintained through the user's profile.
- Locks - this field is not maintainable. The locks field is an expression column that displays the details of the locks currently registered for this user.
When the number of locks is greater than zero, hover over the icon to preview the list. Clicking on the icon brings you to the locks view.
- Logged In - this field is not maintainable. The logged in field is an expression column that indicates whether or not the user is logged into the application currently.
- Maximum Search Results Rows to Display the maximum number of rows retrieved when returning results of a search. This field is set to 1,000 by default. The maximum number of rows that can be retrieved is 9,999.
This field can also be maintained through the user's profile.
- Middle Name - the user's middle name.
- Mobile Home Resource - the mobile Home resource name defines the resource that will be launched when the user logs into a mobile device (i.e. any other device than the desktop). The resource name can be set to any resource that exists in the system (the resource can be of type 1 - Resource or type 2 - Resource Group).
If the resource name is a resource group, then the application portal is launched and this resource group (menu) is shown upon a successful login. It represents the user's default home menu.
If the resource name is a resource, then the user will go directly to the resource upon a successful login. If a user is set up as such, then the Home action no longer takes them to the portal Home page. It keeps them in that resource. Also, the Logout action will appear on the individual resource instead of a Close action.
Click the Launch Resource icon (displayed on the far right of the field) to preview the selected resource or resource group. A preview of the selected resource or resource group is possible only once the page has been submitted. So, if you change the value in this field, you will not be able to preview until the record is saved or submitted.
Set to meta_mobile_home_menu by default.
This field can be maintained through the user's profile.
- Mobile Phone Number - the user's mobile phone number.
- Modification Counter - this field is not maintainable. The date and time a given record was last modified.
- Modified By - this field is not maintainable. The user or system process that last modified the record.
- Modified On - this field is not maintainable. The date on which the record was last modified.
- Number of Active Sessions - this field is not maintainable. The number of active sessions is an expression column that displays the number of the sessions currently registered as open for this user.
- Number of Applications - this field is not maintainable. The number of applications is an expression column that displays the number of applications currently registered as open for this user.
- Number of Locks
- this field is not maintainable. The number of locks is an expression column that displays the number of locks currently registered for this user.
- Number of Sessions - this field is not maintainable. The number of sessions is an expression column that displays the number of sessions currently registered as open for this user.
- Numeric Format - the numeric format used by this user. The following options are valid:
1 - 123.456.789,123
2 - 123 456 789,123
3 - 123456789,123
4 - 123,456,789.123 (default)
5 - 123 456 789.123
6 - 123456789.123
Here are examples of each option:
Numeric Format |
Example |
Comma as a decimal separator and period as a grouping separator |
123.456.789,123 |
Comma as a decimal separator and space as a grouping separator |
123 456 789,123 |
Comma as a decimal separator |
123456789,123 |
Period as a decimal separator and comma as a grouping separator |
123,456,789.123 |
Period as a decimal separator and space as a grouping separator |
123 456 789.123 |
Period as a decimal separator |
123456789.123 |
This field can be maintained through the user's profile. You must log out and log back into the system to see your modifications to the numeric format.
- Open Outlook Contact - this field is not maintainable. The open outlook contact is an expression column that presents an icon that when clicked displays the user's Microsoft Outlook contact entry.
- Password the user's password. The password is encrypted before it is saved. The password can be a minimum of 1 alpha numeric character to a maximum of 20 alpha numeric characters.
The password defaults to the user name.
The system prompts you to confirm your entry and to ensure that an error did not occur unknowingly.
- Phone Number the user's telephone number.
- Portal Launch in Separate Window - a flag that indicates whether or not the resources are to be launched in a separate browser window. The following options are available: Yes (default) and No.
- A value of Yes indicates that resources are to be launched in a separate browser window.
- A value of No indicates that resources are to be opened in the portal window.
This field can be maintained through the user's profile.
- Portal Minimum Number of Resources per Column - the maximum number of resources for each column appearing on the application portal. The default value is 12.
This field can be maintained through the user's profile.
- For example, if the user has this value set to 12 and has access to 12 resources, the 12 resources will be displayed in one column.
-
If the user has this value set to 5 and has access to 12 resources, the portal will split the resources in half and display 6 resources in the first column and 6 in the second column.
- If the user has this value set to 12 and has access to 20 resources, the portal will show 12 resources in the first column and 8 in the second column.
- Portal Resource Filter - the search filter expressions for the portal page.
To enable the preference, assign it a value expressed as a list of filter strings separated by commas. The sequence in which the filter strings are specified determines the string to be launched if multiple filters are matched. The %1 placeholder value may be used in a filter string. When used, it is replaced with the text entered in the Quick Launch input text box.
Set to meta_%1,meta_md_%1,dms_%1,wms_%1,wms_%1_f,tms_%1,ibis_%1,iwms_%1 by default.
This field can be maintained through the user's profile.
For example, the field is set to: ibis_%1,meta_%1. If the user enters md_mq_generic in the search text box, the following takes place:
- A lookup for a resource named md_mq_generic is performed. If it is found, the resource is launched.
- A lookup for a resource named ibis_md_mq_generic is performed. If it is found, the resource is launched.
- A lookup for a resource named meta_md_mq_generic is performed. If it is found, the resource is launched.
- A wildcard search on md_mq_generic is performed. If only one resource is found, then it is launched; otherwise, all resources that match the string are displayed in the result set.
- Prompt for Session Parameters at Login - a flag that indicates whether or not the user will always be prompted to specify session parameters upon logging into the system.
The following options are available: Yes and No (default).
- A value of Yes indicates that the user will always be prompted to specify session parameters upon logging into the system.
- A value of No disables the session parameters prompt when logging in. Note: If this field is set to No and the default session parameters are not configured for the user in the iBIS Users (ibis_user) view, then any attempt to launch a PVX resource in iTopia will result in an error. For more information, see the iBIS Users help topic.
- Proceed with Warnings - available where implemented. A flag that indicates whether or not the system will proceed if there are warnings. The following options are available: Yes (default) and No.
- A value of Yes indicates that the system will proceed if there are warnings.
- A value of No indicates that, while executing a Web resource, the system will not proceed if there are warnings, and a message will be displayed.
This field can be maintained through the user's profile.
- Prompt for Session Parameters at Login - a flag that indicates whether or not the user will always be prompted to specify session parameters upon logging into the system. The following options are available: Yes and No (default).
-
A value of Yes indicates that the user will always be prompted to specify session parameters upon logging into the system.
- A value of No disables the session parameters prompt when logging in.
- Roles - this field is not maintainable. The roles field is an expression column that displays the roles assigned to the user.
Each user has an associated personal role. When Personalization is used to create a view, the view is assigned to the user through the personal role.
During the modification of a user record, the system automatically updates the personal role's role name to reflect any changes to the first and last name.
During the deletion of a user record, the system automatically deletes the personal role. Records in the roles and user roles tables are deleted.
During the creation of a user record, the system automatically creates the personal role by inserting a record in the roles table. The role name is the first name concatenated with the last name separated by a space. The system also creates a record in the user roles table to associate the personal role to the user. Note that the system prevents the creation of a user if the user name exists as a role name in the roles table.
- Scheduled Tasks - this field is not maintainable. The scheduled tasks field is an expression column that displays the user's scheduled tasks.
- Search Results Rows per Page the maximum number of rows displayed on a single page when returning the results of a search. This value is used as the default value for each view's Search page.
The default value set to 20.
This field can be maintained through the user's profile.
May also be overridden on a per view basis for each individual user. The field may be accessed via the Search Results tab while personalizing the view.
- Sessions - this field is not maintainable. The sessions field is an expression column that shows the details of the sessions currently registered as open for this user.
When the number of sessions is greater than zero, hover over the icon to preview the list. Clicking on the icon brings you to the Sessions view.
- Single Sign-On - a flag that indicates whether or not the login page will be bypassed automatically when the user logs into the system. The following options are available: Yes and No (default).
- A value of Yes indicates that when this user logs into their organization's network, he/she also gains immediate access to PointForce iTopia without having to reenter their credentials. In other words, when the user logs into their desktop and then launches the PointForce iTopia application, the login page is bypassed automatically because the system knows who the user is and that they have already been authenticated.
- A value of No indicates that this user must log into each and every application to which he/she wishes to gain access in a given session.
PointForce iTopia supports the following two methods for the Single Sign-On feature:
- Kerberos, which is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography; and,
-
Reverse Proxy (e.g. Siteminder), which is a type of proxy server that retrieves resources on behalf of a client from one or more servers.
The Single Sign-On feature is enabled through configuration. Here are some points to consider:
- Only one authentication method is allowed for a given deployment;
- There are Tecsys.properties settings to be defined;
- Users must be identified as being SSO-enabled or not; and,
- When Cognos is used, it must also be configured for SSO. Cognos also supports both Kerberos and Reverse Proxy.
Note: The Single Sign-On feature and the UMS Authentication Method are mutually exclusive; neither has an impact on the other.
- Supervisor the user's supervisor.
- Supervisor Phone the supervisor's telephone number.
- Theme - the theme to apply to the user's application, including images, icons, and cursors. The following options are available:
- default - Default
- metal - Metal
- wine - Wine
- highcontrast - High Contrast
Note: The high contrast theme supports users with vision impairments. When this theme is selected, the color contrast of some of the text on a page is increased, thereby improving visibility.
This field can be maintained through the user's profile.
You must log out of the application portal, and then log back in to see the change take effect.
- Time Zone Code - the time zone code. Default value set to the server's time zone. May be overridden.
- If a different time zone is selected, the value of timestamp columns is recalculated with the users time zone.
- The value of this field may be modified only when the system supports multiple time zones (i.e. the general.multi.time_zone.support property is set to 1 in the tecsys.properties file).
- UMS Authentication Method - the UMS authentication method. The following options are available: 0 - UMS (default) and 1 - LDAP.
- A value of 0 - UMS indicates that the user's authentication will be performed against the metadata database.
- A value of 1 - LDAP indicates that authentication will be performed against the LDAP server. In this case, users will not be able to change their password from either the portal login page or their user profile.
- UMS Maximum Login Attempts the maximum number of consecutive unsuccessful login attempts the user has before the account becomes deactivated.
The default value is set to 5.
Once the User Login Attempts is equal to or exceeds the value of this field, the user is deactivated and is no longer able to log in to the system. Once the user is deactivated, they must contact the system administrator.
This field can be maintained through the user's profile.
- User Login Attempts this field is not maintainable. The number of consecutive unsuccessful attempts logging in.
After the maximum unsuccessful attempt is exceeded, the user is automatically deactivated. Upon a successful login, the number of login attempts is reset to zero.
Note: This field will reset to a value of 0 when the Is Active flag is set to Yes.
- User Inactivity Timeout - the session timeout value is used to trigger the expiration of a session for which there has been no user interaction for a given period of time. When the selected value of inactivity is reached, the system automatically releases all locks within the session and forces its expiration.
The following options are available: 0 - User Default (default), 30 - Thirty Minutes, 60 - One Hour, 120 - Two Hours, 240 - Four Hours, 480 - Eight Hours, 720 - Twelve Hours, 1440 - One Day, 2880 - Two Days, 10080 - One Week and 20160 - Two Weeks.
A value of 0 - User Default indicates that the user inactivity timeout set up in the configurations table is to be used.
An inactive session exists when the user closes the browser window instead of the application within the browser window or stops interacting with the system altogether.
When a session is forced into expiration, its Termination Action field is set to Expired Session Terminated, as session records are not deleted.
The cleanup of sessions is performed by the Meta - Clean Up Expired Session Applications (meta_ums_session_cleanup) timer.
- User Name - This field is maintainable in creation mode only. The unique identifier assigned to a given user.
- User Type a flag that indicates the user type. The following options are available: 1 - Standard (default) and 2 - Advanced.
- A value of 1 - Standard indicates that the user is authorized to customize a view's Main subview, as well as any parent-maintained child tables for which the cardinality is many. In other words, in the Sales Order Lines view, the Lot and Serial subviews will also be available. If there are no parent-maintained child tables for which the cardinality is many, then the option to select is not given (i.e. the Main subview is implied).
- A value of 2 - Advanced indicates that the user has access to the same features as the basic user and may also customize the following subviews depending on context: Key Context, Key, and Main Context
For the functionality of each action (i.e. button) available on this view, refer to the About the Actions topic.
|