- Configuring users and groups
- Handling users and groups
- Special case: the "Visitor" user
- Setting rights
- Retrieving data
- Integrated mode settings
- Enable password encryption
User Groupware: Configuring the site
Once the User Groupware is configured, the configuration of users and accesses is performed at runtime, by connecting with a "supervisor" account.
During the first start, you must use the "Supervisor" user and choose a password for this user.
After identification, a user who is the groupware supervisor will have the ability to start the application or to configure the groupware.
The "Configure the groupware" option is used to access the options for managing the User Groupware. You can:
Configuring users and groups
Handling users and groups
The User Groupware allows you to define groups and users according to simple rules:
- a user can belong to several groups (or to no group).
- a group can have several sub-groups,
- a group has a single "parent" group.
To create a user:
- In "Rights management", go to the "Users" tab.
- Click "Add a user". A window appears, allowing you to enter the details of a new user.
- Enter the user details.
- During input, the password will be hidden.
- The new user can be set as "supervisor". In this case, he can also create users and configure their rights.
- The new created user can be an enabled user. This option is taken into account for the User Groupware in integrated mode. For more details, see "Configuring the integrated mode".
- Click "Save". The new user is automatically added to the list of users.
The "Modify" and "Delete" buttons are used to handle the different users found in the list.
To create a group:
- In the "Manage rights", go to the "Groups" tab.
- Click "Add a group". The screen for entering a new group is displayed.
- Enter the name of the group.
- Click "Save". The new group is automatically added to the list of groups.
The "Modify", "Delete" and "Move" buttons are used to handle the different groups found in the list.
To associate a user with a group:
- Select the user in the list of users.
- Check the box at the beginning of the row: the buttons "User groups" and "Delete user" appear.
- Click "User groups".
- In the popup that appears, select the desired group and confirm.
- The association is completed. The group appears in the list of users.
To position a group as sub-group of another group:
- Select the group in the list of groups.
- Click the "Move" button.
- In the popup page that is displayed, select the destination group and validate.
Creating a "groups/users" hierarchy allows you to define an inheritance in the access rights. For example, in this configuration:
- the "Assistant" group will inherit from the rights granted to the "Sales" group,
- the usernamed "Louise" will benefit from the access rights granted to the "Assistant" group.
Special case: the "Visitor" user
If the site uses the integrated User Groupware, a specific user is created beside the supervisor. This user is named "Visitor (not connected)".
This user is used to manage the rights of the unidentified users. Indeed, on a public Internet site (in AWP mode in most cases), it may be interesting to restrict the rights granted to the unidentified users. The rights of this account are used as long as the Web user does not identify himself (via a specific connection link for example).
The User Groupware of WEBDEV is used to associate this user with one or more groups and to grant rights to him.
You can set rights for groups and users.
Tip: To easily set access rights, start by setting the rights of "parent" groups, then sub-groups, and finally the users.
To set the rights:
- Select a user or group to set their rights. Click the "Manage rights" icon.
- The definition of rights starts by allowing or denying the access to the pages and reports found in the site:
The list of elements appears. The pages and reports of the components used by the site also appear in this list.
- Select the desired element.
- Click the "Access" combo box and choose the corresponding permission: "Allow access"," Forbid access" or "Reset default access".
Important: if you deny the access to a page, don't forget to block all the means of access (disable buttons, menu options, etc.). If a user is able to open a page to which they do not have access, a fatal error will be displayed.
- A symbol indicates the access rights for the current page or report.
- If access to an element is explicitly authorized ("Allow access") for a group, it can be denied for a sub-group or a user of the group.
- You have the ability to allow an element that is denied in the "parent" group.
- If a page or a report is allowed for the group or for the user, you can define the state of each control, button, menu, menu option, ... Simply select the page.
- The element can have the default state defined in the site, or a specific state:
- The state of a control defined in a group is automatically applied to the sub-groups and to the users of the group.
Important: if a user belongs to two groups that have two different states for the same control, then the least restrictive state is applied. From least to most restrictive, the states are:
- "Default" (value set in the UI or in the parent group),
For example, a control defined as "Grayed" (in group 1) and as "Invisible" (in group 2) will be "Grayed".
- Validate ("Save" button) when the settings are defined.
Remark: If your project corresponds to a mixed AWP/Standard site, rights can be defined for the Active WEBDEV Pages and for the standard pages. In this case, the connection from an AWP page will be automatically transmitted to the standard section.
The "Statistics" option is used to get statistics about the connection to one of the applications using the database of user groupware, for a given period.
If the User Groupware was already included in a project before the versions 19, you have two possibilities:
- you want to keep the User Groupware as is. All you have to do is check "Mode compatible with versions 18 and earlier" in the "Integration" tab of the groupware description.
- you want to benefit from the new features of the new groupware, without losing your existing data. All you have to do is retrieve the data.
To import existing data:
- Connect with a user who is supervisor (the "SUPERVISOR" user for example).
- In the page for groupware management, click "Retrieve the data".
- Select the type of the database that contains the groupware information to import.
- the password of groupware files to import. The password is "PCSGPW2001" if it was not modified.
- the information for file location (the directories for the files in HFSQL Classic format or the parameters for connecting to the server in the other cases).
The "Configure the integrated mode" option is used to configure the management of the new users for the integrated groupware.
Remark: In order for this setting to be taken into account, the User Groupware in integrated mode must have been defined in the project corresponding to the site. A specific link used to manage the identification of users must have been included in one of the site pages. For more details, see User Groupware options
Configuring the integrated mode consists in:
- Choosing the activation rule for the new users. This activation can be:
- automatic: the users will be automatically enabled after their subscription.
- performed by email: the users will receive an email containing an activation link. In this case, you must:
- configure the outgoing and incoming email addresses (the incoming address is used to send a copy of the email).
- configure the SMTP server used to send the emails
- Enabling the secure mode for the different identification forms. The secure mode uses an SSL certificate. This certificate must be enabled on the Web server.
Enable password encryption
Starting with version 20, passwords are encrypted by default.
Starting with version 200057, password encryption is automatically included when the User Groupware is implemented.
For a project in version 20 that already uses the user groupware, the application must be recompiled and deployed, and password encryption must be enabled by a user logged in as administrator.
CAUTION: When setting up password encryption on an existing project:
- The existing passwords will be migrated.
- This operation cannot be undone.
- If the files of user accounts are shared with other applications or sites, all the sites and applications must be updated with version 200057 (or later). Otherwise, you will not be able to connect to the application or to the site.