Manage user accounts

Administrators open this window using Tools menu ➔ User Management... The menu command is shown when the user's role has Manage as administrator marked.

PDXpert software is licensed for a specified number of named user accounts.

A named user account is a unique log-in username that is given to only one person, and which no other person may use.

A workgroup may share a named user account to look up product data on a kiosk computer. The kiosk uses a read-only user account on a single computer at a specified physical location. If you follow the rules (see below), then for licensing purposes you may count the kiosk computer as one person, regardless of how many actual people use the kiosk computer.

A PDXpert software license may not be used with more than one server computer. The PDXpert client may not be used to provide concurrent, shared, floating, enterprise, site or other non-exclusive user access.

A full-function named user account lets users make new part, document and change records; add file attachments to the system library; review, comment on, and approve change forms; and configure the system through the administrator role. You can easily select (and edit) which permissions are applied to each user account by giving the user an appropriate role from the Roles collection.

A read-only named user account lets a user view—but not add or change—data records and attached files.

Whenever you wish, you can give an available full-function user account to a read-only user, and vice versa. You can also delete one person's user account and give it to a different person.

Open the User Management tool (Tools ➔ User Management...) to:

If desired, you can give a read-only role to a user with a full-function user account, which then acts as a read-only user account.

If the number of log-in accounts exceeds the maximum permitted by your license, then only the super administrator account can log into PDXpert. Use the Super Admin account to remove any excess log-in accounts.

To manage user accounts, you must have an administrator role. See the Roles: Manage as administrator help topic. The super administrator always has permissions to add and remove user accounts.

Any change that you make to a user's account may not take effect until after that user closes the PDXpert client.

Add a new user account§

The Batch Importer tool can add persons and their user accounts in a single import file. See the Persons collection import help topic.

A user account is licensed for the exclusive use of one person. The new user account has a role, a username and an optional password, and the default set of user settings.

A new user account row is shown when (1) unused licenses are available, and (2) a Persons collection member doesn't yet have a user account.

Open the User Management tool (Tools ➔ User Management...):

  1. In the Access column, select whether you are adding a Full-function or Read-only user account.

    The total number of licensed user accounts is specified by your PDXpert software license. To open the Software License Key tool, select the Software License Key... command from the Tools menu.

  2. In the Person column, select the person whom you want to have a user account.

    If you don't see the correct person in the list, (1) close this User Management tool, (2) add a new person record in the Persons collection, in the Collection Explorer (Places/Organization/Persons Persons), and (3) re-open the User Management tool. Include the person's email address: when the user account is added, an email is sent to the person with the account name and PDXpert client download link.

  3. In the Role column, select the set of permissions that a user will have within PDXpert.

    Roles are managed in the Roles collection. If you don't see the correct role in the list, (1) close this User Management tool, (2) add a new role record in the Roles collection, in the Collection Explorer (Places/Organization/Persons ⏵ Roles), and (3) re-open the User Management tool.

  4. Enter the Account name that the person should use for the log-in dialog. The log-in name is not case-sensitive: LEE and lee refer to the same user.

    If you want the user authenticated by your organization's Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) service, enter both the domain name and user name as {domain}\{username}. User names are validated within a domain; for example, company\lee and engineering\lee are different accounts. Specify an AD/LDAP server name or IP address and, if needed, include the colon-prefixed port number (usually :389 or :636); for example, 10.1.2.3:389\lee

    The PDXpert server (not client) computer sends the user's credentials for AD/LDAP authentication, and must join the AD/LDAP domain. PDXpert uses standard Windows .NET protocol: username and password are encrypted using Kerberos ("sealing"), and data integrity is verified ("signing").

    This username is used only for account log-in. Within the PDXpert application, users are shown with their Persons member name.

    Use an account name that's clearly related to the person's name. It's impractical to manage software license compliance using a generic account name like quality.

  5. If you wish, enter the Password that the person should use for the log-in dialog. Although a user's password is case-sensitive, this temporary password does not need to meet the requirements you specify in the Password policy system rule. For example, you can provide the user with a blank temporary password even though you specify a minimum password length.

    If you're using AD/LDAP to authenticate the user, this password is not used and should be left blank.

    The password value is hidden after you add the account.

  6. In the Action column, click the Create button to save the new user account.

Your user may now log into PDXpert using the new account name and password.

Add a new kiosk account§

A kiosk account provides read-only access to any number of people in a workgroup on one physical computer. The new kiosk account must have read-only access and an account username that begins with kiosk… characters.

Open the User Management tool (Tools ➔ User Management...):

  1. Add a new member in the Persons collection using the kiosk computer's network name, such as SERVICE02. If necessary, close the User Management tool, add the member, and then re-open the User Management tool.

  2. In the Access column, select the Read-only user account.

    If you don't see a Read-only user account, you can select a Full-function user account. The role that you select in Step 4 (below) must have the Restrict access to read-only checkbox marked.

  3. In the Person column, select the kiosk computer's name that you added in Step 1.

  4. In the Role column, select the set of viewing permissions that kiosk users will have within PDXpert.

  5. Enter the Account name that kiosk users should enter for the log-in dialog. The username must begin with kiosk, such as kiosk2 or kiosk-service.

    If you want the kiosk user authenticated by your organization's Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) service, read the Enter the Account name topic note in the section above.

  6. If you wish, enter the Password that the person should use for the log-in dialog. The password should meet the requirements you specify in the Password policy system rule.

    If you're using AD/LDAP to authenticate the user, this password is not used and should be left blank.

    The password value is hidden after you add the account.

  7. In the Action column, click the Create button to save the new user account.

Set a person as the super administrator§

The system's super administrator handles unusual situations: the PDXpert Server can reset this user's password, and this user can delete excess user accounts to comply with the license. The super administrator can also act as an analyst and edit item data after the item is released, regardless of the role assigned to the user. See the Persons: Default member of collection and Administrator override help topics.

Set the super administrator as the default member of the Persons collection:

  1. In the Collection Explorer, go to the Persons collection (within the Places/Organizations/Persons group).

  2. Select the person who will be given the super administrator permissions.

    This person must have a user account with full-function access.

  3. Right-click the person's name in the list, and select Set as Super Admin on the context menu.

    Set as Super Admin

Change the default Admin name§

The first time you use PDXpert, you use the default user account.

This user account has:

  • A Persons collection member called Admin.
  • A user account log-in name admin with a blank (empty) password. This user account has full-function access and an administrator role.

This topic tells how to change both of these to something more useful.

Change the Admin name in the Persons collection§

Your data should always show the real name of the person managing your data. Update the Persons collection's Admin record to something useful.

  1. Log into PDXpert using any administrator account, typically admin (see the Log into PDXpert help topic).

  2. Select the Collection Explorer. The Collection Explorer will typically be shown along the left side of the PDXpert main window. If it isn't shown, select the Open Collection Explorer menu item from the Window menu.

  3. Go to the Persons collection within the Places/Organizations/Persons group, and expand the Persons collection.

  4. Open the Admin member by double-clicking the node.

  5. Change the Admin value in the Name to your name (or whomever is the application administrator). Add whatever other information you'd like.

  6. Save your changes.

Renaming the record has no effect on the account log-in name, which remains admin until the account is changed. See the next section.

Changing the admin log-in name§

If you don't want to log into PDXpert with the admin user name, replace the admin user account with a new user account that has the correct log-in name.

To do these steps, your license must have two or more full-function user accounts.

  1. Set another Persons collection member as the super administrator.
  2. Close PDXpert, and then log in using the super administrator user account.
  3. Open the User Management tool (Tools ➔ User Management...), find the user account with the Account name of admin, and click the Delete button.
  4. Use the correct log-in name to add your new user account.
  5. Set the super administrator to the correct Persons collection member.

Modify an existing user account§

You can give a user a different role, reset a log-in password, and modify an out of office agent.

Give a new role to a user§

Open the User Management tool:

  • Select the role from the dropdown list box in the Role column. Your selection is saved immediately.

    The new assigned role takes effect after the user closes, and then re-opens, the client.

Reset (clear) a forgotten password§

Open the User Management tool:

  • Click on the X button in the password textbox. You can leave the password blank or enter a new password, and then click the button to save it.

    An administrator cannot see the user's password. PDXpert hides an existing password before you clear it, and immediately after you save the new password.

Add, modify or remove a user's out of office agent§

Only persons with a full-function user account are listed as agents.

The agent is a temporary setting. If the user should always have another user's permissions, add the user to reviewing groups or assign to the user a different role.

Open the User Management tool:

  • Select the agent from the dropdown list box in the Agent column. Your selection is saved immediately.

  • To remove a user's agent, select the blank value from the dropdown list. Your selection is saved immediately.

Convert a user account between full-function and read-only access§

The system identifies a user account by its account access and account name. To change a user's access, the system must build a new user account using the new Access value.

  1. To remove the existing access and free the log-in name, delete the existing user account.
  2. Add the new user account.

Modify a user account name§

The system identifies a user account by its account access and account name. To change a user account log-in name, the system must build a user account using the new Account name.

  1. To remove the existing user account log-in name, delete the existing user account.
  2. Add the new user account.

Set a person's status to inactive§

When users leave your PDXpert system, keep their history of making and revising items, assigning and completing tasks, adding file attachments, and reviewing change forms. Don't delete or rename the Persons collection member. Instead, set the person as inactive.

Before removing the user account, give an agent control of the user's in-work items and tasks; released and canceled items may be ignored. During this period, keep the user's account or convert to a read-only user account, and set the user's Agent value in the Tools menu ➔ User Management tool. The assigned agent needs a full-function user account with sufficient permissions.

To set the person's status to inactive in the Persons collection:

  1. If the person is set as the system's Super Administrator (that is, the person is shown in bold in the Collection Explorer's Persons collection), then select a different person as the Super Administrator by right-clicking the other person's name, and selecting Set as Super Admin.

  2. If the person participated in your change workflow:

    1. In all Groups collection members, remove the person from each group's Persons list. If this is the only person listed, then add an active user as the group's reviewer.

    2. In all Change Forms collection templates: On the Attributes page, if the person is the change form's Default analyst, select a different person. On the Participants page, remove the person from Observing groups and persons list.

  3. On this Persons collection member window:

    1. On the General page, unmark the Active: users can select checkbox. When the record is saved, the user account is automatically deleted.

      Setting a person as inactive deletes that person's search history, recent items list, favorites, and user settings. If you make a new user account for that person, then user settings (such as Enable local views and Out of office agent) are set to their default values, and may need to be adjusted.

    2. On the Address page, delete the person's Primary email address.

  4. Close or lock the window to save your changes.

Delete a user account§

Deleting a user account prevents the person from opening PDXpert, and lets a different person have the user account. This is also used when switching the person's access from a read-only to a full-function user account, or the reverse.

To keep the person's activity history, set the Persons collection member's status to inactive. Do not rename the Persons record to show a new user.

If the person is the super administrator, a different person must be set as the super administrator before the user account can be deleted. On the Collection Explorer tree, within the Persons collection, select the name of the new super administrator, right-click to open the context menu, and select the Set as Super Admin command.

Deleting a user account deletes that person's search history, recent items list, favorites, and user settings. If you make a new user account for that person, then user settings (such as Enable local views and Out of office agent) are set to their default values, and may need to be adjusted.

If the former user has selected an out of office agent, deleting the user account also removes the agent's permissions to the user's items and tasks.

Open the User Management tool:

  • To remove a person's log-in credentials and release the license, click the Delete button on the appropriate row.

1093

Help Guide Contents [as PDF]