Professional Documents
Culture Documents
7 SP1
User Administration
DISCLAIMER
SmartStream Technologies makes no representations or warranties regarding the contents of this document. We
reserve the right to revise this document or make changes in the specifications of the product described within it at
any time without notice and without obligation to notify any person of such revision or change.
COPYRIGHT NOTICE
2000 - 2009 Copyright of SmartStream Technologies. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any form or by any means - electronic, mechanical,
photocopying, recording, or otherwise - without the prior written permission of SmartStream Technologies.
INTELLECTUAL PROPERTY WARNING
The contents of this document and the software it describes are the intellectual property of SmartStream
Technologies. The ideas contained in this document must not be disclosed to any third party.
TRADEMARK NOTICE
TLM Is a registered trademark of SmartStream Technologies. All rights reserved.
Other trademarks recognised and property of their respective owner.
DOCUMENT INFORMATION
Doc Ref: 259-2710-01
Edition 2
August 09
Contents iii
Contents
About this guide .................................................................................. 1
Who should read this guide? ......................................................................................... 1
What does this guide cover? ......................................................................................... 1
How is this guide organised? ........................................................................................ 1
What's not included? ..................................................................................................... 2
Related information ...................................................................................................... 2
Conventions used in this guide ..................................................................................... 2
iv Contents
Adding a user................................................................................................ 33
Modifying user details .................................................................................. 34
Changing user passwords ............................................................................. 36
Changing the authority id ............................................................................. 37
Changing a Users access and limits ............................................................ 38
Allocating message types ............................................................................. 39
Allocating Roles ........................................................................................... 40
Authorising User Maintenance ................................................................................... 40
Maintaining Roles in WebConnect ............................................................................. 43
Viewing roles in WebConnect .................................................................................... 43
Viewing role details...................................................................................... 44
Adding or modifying a role ........................................................................................ 45
Allocating universes ..................................................................................... 46
Allocating Business Logic tools ................................................................... 47
Allocating users to roles ............................................................................... 48
Allocating attributes ..................................................................................... 49
Allocating row-based constraints ................................................................. 50
Allocating search restrictions ....................................................................... 51
Deleting a role............................................................................................................. 51
Managing Users in Design Studio describes the types of users within Design
Studio and how to configure them.
Details of how to create and maintain workflow tools. See the TLM
Reconciliations Business Processing Guide or the TLM Control Process
Designer Guide.
Related information
The following guides provide additional information:
If your site uses the SWIFT messaging system, see also the relevant SWIFT
documentation
Describes
<Enter>
<Ctrl + Home>
Click
Right-click
Double-click
Click [Cancel]
The options displayed depend on user authorities (page 4). Some may be
dimmed (not available) or might not be displayed.
If an authority is set for a higher level in the tree and if authorities for levels
below are set to no access, the higher level (parent) of the tree is displayed
with no children.
If an authority is set for a lower level (child) in the tree, but the authorities
for levels above (parents) are set to no access, the child level is not
displayed in the tree until all parent level authorities are set to at least view
access.
If you set up a user with no access for user authorities which govern options on
the Admin tree context (right-click) menus, these options are either not available
(dimmed) or are missing altogether.
In the Admin tree, right-click the Users node and select Filter >
Custom.
If this is the first time you have accessed the Users node since launching
Design Studio, you can just expand the Users node in the Admin tree.
2.
3.
To filter by user type, select the required type of user from the User
Type dropdown list.
To filter by a string contained within the User ID, enter the required
string in the User ID field. Select the Match whole word checkbox if
you want to match exactly the string you enter.
If you have created any predefined (page 7) user filters, you can select
one from the dropdown list next to the User ID field.
To display all users (that is, with no filter applied) leave all fields blank.
Click [OK].
The Users branch of the Admin tree expands, filtered according to the
criteria you entered. For example, if you selected Full in the User Type
drop-down menu and entered the string Test in the User ID field, only
users IDs with the full user type that contain the string Test are
displayed. For example:
In the Admin tree, right-click the Roles node and select Filter >
Custom.
If this is the first time you have accessed the Roles node since launching
Design Studio, you can just expand the Roles node.
2.
3.
To filter by a string contained within the role name, enter the required
string in the Rome Name field. Select the Match whole word checkbox
if you want to match exactly the string you enter. Select the Match Case
checkbox if you want to match the case you entered the text in.
If you have created any predefined (page 7) role filters, you can select
one from the dropdown list next to the Role name field.
To display all roles (that is, with no filter applied) leave all fields blank.
Click [OK].
If you click [OK] without entering any filter criteria, all information under
that branch is displayed.
The Roles branch of the Admin tree expands, filtered according to the
criteria you entered. For example, if you entered the string 'Config' only
those roles that contain 'Config' are displayed. For example:
2.
3.
4.
5.
If you want this to be the default filter, select the Default checkbox.
6.
Click [OK].
If required, you can create a number of filters.
7.
1.
If you have specified a default filter, it is marked with a tick (so in this case
'CONFIGURER ROLES' is the default).
2.
The Show All option in the context menu displays the entire list of objects for
that node, with no filter applied.
In the Admin tree, right-click on the node for which you want to configure a
default filter, and select Filter > Configure.
The Pre-defined Filter configuration window is displayed, and shows a list
of the currently predefined filters. The Default column displays which filter,
if any, is currently specified as the default filter. For example:
2.
3.
Click [Modify].
The Pre-defined filter details window is displayed. For example:
4.
5.
Click [OK].
The Pre-defined Filter configuration window is displayed. The Default
column is updated to show the selected filter as the default. For example:
6.
Click [OK].
To use a default filter
1.
Right-click the Users or Roles node and select Filter > Custom.
2.
The Filter window is displayed with the default filter already filled in, for
example:
3.
Click [OK].
The default filter is applied to the treeview.
To allow active contents to run for this instance, click the yellow bar and
select Allow Blocked Content from the menu.
To disable this security block for all local content (local content is generally
a lot safer than Internet content), in Internet Explorer go to the Tools >
Internet options > Advanced window and in the Security options, select
the Allow local content to run in files on My Computer checkbox.
Searches are not case-sensitive, so you can type your search in uppercase or
lowercase characters.
You can search for any combination of letters (a-z) and numbers (0-9).
Punctuation marks, such as the period (.), colon (:), semicolon (;), comma
(,), and hyphen (-), are ignored during a search.
You can group the elements of your search using double quotes (".. ") or
parentheses ('.. ') to set apart each element. You cannot search for quotation
marks.
If you search for a file name with an extension, group the entire string in
double quotes ("file name.ext").
You can use the AND, OR, and NOT operators to refine your search by
creating a relationship between search terms. If you do not specify an
operator, AND is used. For example:
Specifying "Security OR alias" finds topics that contain either the term
"security" or the term "alias" or both.
Specifying "balance" NOT "trial" finds topics that contain "balance" but
not "trial."
Any type of user can be created using Design Studio, however each user has
access to different admin tree options. In a SmartData-only installation, you can
select from only the following user types:
Dstudio
Full
System
Each user must be assigned to a particular role (page 21) before they can access
Design Studio or TLM WebConnect.
The following table shows the maximum level of access available to each user
type (i.e. with access and limits (page 17) set to all High). This table also
includes the TLM Reconciliations user types; Casing, Coac and Enquiry:
Tree node
Dstudio
Full
System
Casing
Coac
Enquiry
Users
Create
and
modify
Create
and
modify
Create
and
modify
View
only
Create
and
modify
View
only
Roles
Create
and
modify
Create
and
modify
Create
and
modify
No
access
No
access
No
access
SmartStudio
Create
and
modify
Create
and
modify
No
access
Create
and
modify
No
access
View
only
Customisation Modify
Modify
Modify
No
access
Modify
No
access
Adding a user
A user profile holds information about a users access to the system and any
changes to the password. Other profile data, such as the user's name, telephone
and fax numbers and the employment position within the organisation's
hierarchy, are used for reporting purposes.
You can add another users details to the system if you have the appropriate
authority. Once the user profile has been created, the relevant user authorities
can be added.
When you set up a new user, their first password defaults to their user ID.
Adding a user is governed by the SYST setting ALLOW_CREATE_USER:SYST switch set to 1 (the default): A corresponding database user is created by
Design Studio with a password the same as the User ID. The user must change
this password when they log on for the first time.- SYST switch set to 0 (zero):
12 Adding a user
The corresponding database user is NOT created. This means a user cannot log
on. A System Administrator must set up the corresponding database user using
the Security Admin Tool.
To add a user
1.
If the Admin tree is not displayed, click in the work area and deselect Hide
Treeview.
2.
Expand Security.
3.
Right-click Users and select Insert to open the Add User Details window
(page 13).
4.
Enter a User ID. (Mandatory) The User ID is used to log on to the system.
Up to eight characters are available.
Several boxes are set by default but can be changed. For example:
Sign On Status is set to Signed Off and User Creation Date is todays
date (the latter cannot be changed).
The Next Password Change Date defaults to the day the user is added.
Password Change Days is set to 30 by default. You can change this.
When the user first logs on to Design Studio, the password is the same
as the User ID and they will be prompted to change this password. After
30 days, or whatever number you set, this password will expire.
5.
If you want the user to be a Web only user (i.e. to have no access to the
configuration applications) check the WebConnect only checkbox. (This
option is not available to the Dstudio and System user types).
6.
If required, enter the name, location, and contact details for the user.
7.
Select the Start and End times when the user is allowed access to the system
using the format hh:mm. (Mandatory.)
8.
If you want a user to have temporary access to the system, you can set an
expiry date in User Expiry Date (optional). After this date that user cannot
log on to Design Studio.
9.
Click [OK] to save and close or [Apply] to save the new user profile.
Description
User ID
User Status
Indicates the current status of the user. Select from User Status list:
The ID for the set of authorities that this user is to follow. When a new
user is set up, their own ID is the default for Authority ID. It can only
be changed using the User Authority option available from the User
Control menu.
Sign On
Status
The current status of the user. Select from Sign On Status list:
If the system has failed for any reason, and the status of the user has
been left signed on in error, it is possible to update the status directly
here. The user cannot log in successfully until this has been done.
If you change the Sign On Status of a user, this will affect any of the
following applications that the user is logged on to:
User Type
SmartStudio
Design Studio
Recon Admin
WebConnect
Cannot be changed once the user has been created. One of the
following:
Title
Surname
First Name
Job Title
Section
Department
Location
Phone
Field
Description
E-mail Id
Fax
Export Rule
Export Code
User
Creation
Date
The date on which the user was added to the system. This is
automatically generated by the system for information purposes.
Cannot be changed.
User Expiry
Date
The date after which the user is denied access to the system. It may be
left blank for full time employees, but if temporary staff are employed
from time to time, their profiles may be set up so that entry to the
system is only allowed for the term of their employment.
Password
Change Days
Next
Password
Change Date
The date that the current password becomes invalid. Changed by the
system each time the password is changed, based on the number of
days in Password Change Days. Can also be changed manually,
effectively overriding the number of days in Password Change Days.
Mon to Sun
Start/End
Mandatory. The times within which a user may log on to the system.
This defaults to 08:30 to 17:30 for each day, but may be changed to
suit your organisations working practices. Enter in format hh:mm,
where HH is 24 hour format. Note that this is for entry to the system
and that provided you log on before the end time, you can continue to
use the TLM system after that. If you log off, however, you are not be
able to log on again until the next Start time.
User Status
Sign on Status
Authority ID
User Id - if the User Id is incorrect, you must delete the user profile and
create a new one.
User Type
If you want to remove a user's access to the system temporarily, set the User
Status to Inactive in the User Details window.
User Status
You can change the status for another users access to the system if you have the
appropriate authority.
If you set a User Status to Inactive, the user will not be able to log on to Design
Studio not any associated application, such as Recon Admin. The user can be
reinstated at any time by resetting the User Status to Active. In addition, if a user
fails to log in correctly more than the number of times stated in the SYST value
Max failed logins (by default set to 3), the users set is set to Inactive status.
Sign on Status
The Sign on Status indicates whether the user is currently logged on or logged
off. If the system shuts down unexpectedly while a user is running the
application, the user may not be able to log on again because the system regards
the user as Signed On. If this occurs, an Administrator (or a user with the
appropriate authority) must log on and update the Sign on Status to Signed Off.
To update the licences that might be lost if the system is shut down
unexpectedly, contact your in-house support desk.
If the Admin tree is not displayed, click in the work area and deselect Hide
Treeview.
2.
Expand Security.
3.
Expand Users, right-click the user you want and select Modify.
4.
5.
6.
Changes to a user profile take effect the next time the user logs on.
To delete a user
You can delete another users profile if you have the appropriate authority. You
cannot delete your own user profile or a user profile whose authorities are being
used by others as a lead user.
1.
If the Admin tree is not displayed, click in the work area and deselect Hide
Treeview.
2.
3.
4.
Click [Yes].
Changing passwords
If you have the appropriate authority you can change a user's (or your own) login
password at any time. The new password must be used when the user next logs
on. The password expiry date is reset to todays date, therefore, when a new user
logs on for the first time, the user must change this password.
When you set up a new user, their first password defaults to their user ID.
Using Change Password you can type and confirm the new password. Change
Password is displayed automatically when a user logs on to Design Studio for
the first time and when their password expiry date is reached.
TLM software does not adhere to any system password policies that you might
have in place, due to the TLM password encryption algorithm. You can enforce
you own password policies, however TLM cannot validate the passwords against
your policy.
16 Changing passwords
If the Admin tree is not displayed, click in the work area and deselect Hide
Treeview.
2.
Expand Security.
3.
Expand Users, right-click the user you want, point to User Control, and
select Change Password.
An information message is displayed informing you that you are about to
change a password.
4.
5.
6.
Click one of the following: [OK] to save the new password or [Cancel] if
you want to leave the password unchanged.
7.
8.
Click [OK].
If you incorrectly type the new password, you are asked to re-type it.
If you want to keep the old password, click [Cancel].
Attribute Maintenance
Workflow
User Universes
If the Admin tree is not displayed, click in the work area and deselect Hide
Treeview.
2.
Expand Security.
3.
Expand Users, right-click the user you want, point to User Control, and
select Lead User Authority to open the User Authority window.
4.
5.
Access and Limits enables you to set up and maintain a users access to options
in the online application.
A users Authority ID is set by default in Add User Details to their own User ID.
If you have the authority, you can set the Authority ID for a given user to that of
any other user using the User Authority window.
User Limits and User Confirmation Limits
Two sets of limits allow users within a reconciliation department to authorise
each others imperfect matches.
To set access and limits for a user
1.
If the Admin tree is not displayed, click in the work area and deselect Hide
Treeview.
2.
Expand Security.
3.
Expand Users, right-click the user you want, point to User Control, and
select Access and Limits.
The User Access and Limits window is displayed for the user you selected.
4.
Use the list for each authority to select the type of access allowed to that
user for that task.
5.
You can use the [All High] or [All Low] buttons to set all the authorities to
Update Access/Yes or No Access/No respectively.
6.
If an authority is set for a higher level in the tree and if authorities for levels
below are set to no access, the higher level (parent) of the tree is displayed
with no children.
For example, if you set a user to have update/view access to Categories but
no access to Sets or Message Feed, the tree displays the Categories level
only for that user.
If an authority is set for a lower level (child) in the tree, but the authorities
for levels above (parents) are set to no access, the child level is not
displayed in the tree until all parent level authorities are set to at least view
access.
For example, if you set a user to have update/view access at Message Feed
level and Categories level but no access to Sets, the tree displays the Sets
level only for that user.
If you set up a user with no access for user authorities which govern
options on the Admin tree context (right-click) menus, these options are
either not available (dimmed) or some may be missing altogether.
Any user with access to the User level can determine who is logged on to the
TLM database from the Admin tree. A person icon ( ) replaces the folder icon
if a user is logged on.
Right-click the user you have created, point to User Control, and select
User Roles.
The User Roles window is displayed:
2.
Select the user role you want to assign to this role from the Available list
and click
. To assign more than one role, press and hold the <Ctrl>
button, select all the roles that you want to assign, and click
3.
Click [OK].
You can also use the Role Details window to assign the role to a user.
All other permissions remain with the lead user mechanism.
2.
3.
1.
2.
Allocating universes
You can control the access a user has to data using User Universes. Universes
are assigned to a role to determine the data that is available to the users assigned
to that role. For example, universe access controls the nodes that are displayed
when specifying universe levels within objects such as Rules, Constraints, and
Roles.
To assign universes
1.
From the Add Role window select the Role Details tab:
2.
Select the universes that you want to assign to this role from the Available
Universes list and click
role.
3.
, or click
Click [OK].
When assigning or removing universes from a role's allocation, if you select one
of the standard TLM universes (Item, Message Header, or Message Type) the
other two are automatically selected for you.
From the Role Details window select the Business Logic Tools tab:
2.
Select the tool that you want to assign to this role from the Available list and
click
3.
, or click
Select the tool that you want to apply the constraint to and click Add.
2.
Select the constraint that you want to apply to the tool for that role and
click
3.
4.
Click [OK].
Click [OK].
2.
Select the user that you want to assign to this role from the Available list
and click
3.
Click [OK].
, or click
Allocating attributes
You can control which attributes in the system a user can edit, and add
constraints to those attributes, if an appropriate constraint has already been
configured. For example, you can restrict a user to being able to change a Source
Code and Security Description for an Our Positions item. Or you can restrict a
user to only changing a Senders Reference and a Position Value for a Their
Positions item.
To control attributes
1.
From the Role Details window select the Editable Attributes tab:
2.
The Universes listed in the first pane are those you allocated previously
from the Role Details tab. Expand the universe that you want to work with
and select a level. For a given level, the attributes displayed in the Available
Attributes pane are common to lower levels on the same branch of the tree.
For example, if the Securities Positions level is selected from the Item
Universe, the attributes displayed in the Attributes pane for that level are
also common to the Our Position and Their Position levels. (Our Position
and Their Position may also have further attributes applicable at that level
only.)
3.
Using the arrows, select the attributes you want a user to be able to edit. The
attributes are displayed in the Selected Attributes pane.
Use the
or
or
4.
Similarly, expand the other Universes and select the attributes you want to
allocate to the user.
5.
Select the attribute that you want to apply the constraint to and click
Add.
2.
Look for the constraint that you want to apply to the attribute for that
role and click
6.
Click [OK].
From the Role Details window select the Row Based Constraints tab:
The Universes listed in the first pane are those you allocated previously
from the Role Details tab. Expand the universe that you want to work with
and select a level.
The constraints configured for that level are displayed in the Available
Constraints pane.
2.
Select the constraint that you want to apply to that level and click
3.
Click [OK].
From the Role Details window select the Search restrictions tab:
The Universes listed in the first pane are those you allocated previously
from the Role Details tab. Expand the universe that you want to work with
and select a level.
The list of available search restrictions that have already been configured at
or above that level, is displayed.
2.
Select the search restriction that you want to apply and click
click [OK].
, then
Deleting a role
If you have Update Access to Roles, you can delete roles. Update Access is
controlled by your user authorities (page 4).
Depending on your system configuration, you might require authorisation for
this action; if this is the case, the authorising user must enter their User Name
and Password.
To delete a role
1.
2.
Right-click the role that you want to delete and select Delete.
A message is displayed:
3.
Click [Yes].
Using the WebConnect User Maintenance function you can create and delete
WebConnect-only users, however, you can update the details for any user.
Using the WebConnect Role Maintenance function you can create, edit and
delete user roles.
All new users must be assigned to a role before they can access any dashboards
in WebConnect.
If you want to use the WebConnect User and Role Maintenance functions, they
must first be installed. This requires that you have at least the following software
already installed:
SmartData Services
TLM Control
Configuration Import
2.
3.
4.
5.
The following sections describe how to perform each task, to configure the User
and Role Maintenance functions for use with WebConnect.
Logon to the Configuration Import (CI) utility as the dbo user of the TLM
database.
2.
3.
2.
2.
3.
4.
Click [Finish].
2.
If you require that all user maintenance changes are authorised by a second
user, set the USER_MAINT_AUTH option to 1. If you do not require that
the changes are authorised before they are committed, leave this setting as 0.
2.
3.
4.
5.
Modify the details for non-WebConnect-only users. This does not include
the ability to change the password.
2.
3.
If you want to search for all users, leave the search fields blank.
Alternatively, populate any of the following search fields with the required
search criteria to search for specific users:
User Details Profile enter the type of user you want to view, such as
Full or DStudio.
User Details User Id the user ID of the user you want to view. You
can optionally enter part of the ID and then use an asterisk (*) as a
wildcard.
Click [Search].
The Users dashboard is displayed and lists the users returned by the search.
For example:
The Users dashboard displays the following information about each user:
Authority ID- the ID of the user whose authorities the user is to follow.
When a new user is set up, their own ID is the default for Authority ID.
Profile the user type, which determines the users permissions. Can be one
of the following:
Full user can change all functions available at the User Access and
Limits window
Dstudio user can use Design Studio for configuration tasks, but not
the Recon Admin Client
Firstname up to 40 characters
Surname - up to 20 characters
Adding a user
A user profile holds information about a user and their access to the system.
If you have the authority to do so, you can add users of type WebConnect only
to the system. All other user types must be added using Design Studio.
When you set up a new user, a system generated password is emailed to the
address defined in their profile.
2.
3.
Enter a User Id (mandatory) that will be required by the user to login to the
system. Up to eight characters are available.
4.
5.
The following fields are set to default values but can be changed as required:
6.
If you want the user to have temporary access to the system, you can set an
expiry date in the User Expiry Date (optional) field. After this date that user
cannot log on to WebConnect.
7.
If you want to specify the times within which a user can login to the system,
you can do so within the Monday to Sunday Start and End fields (Optional).
The login times default to 08:30 to 17:30 for each day, but may be changed
to suit your organisations working practices. Enter in format hh:mm, where
hh is 24 hour format. Note that this is for entry to the system and that
provided you log on before the end time, you can continue to use the TLM
system after that. If you log off, however, you will not be able to log on
again until the next Start time.
8.
9.
Click [Submit] to save and close, or [Cancel] to discard the user profile.
Changes to a user profile take effect the next time the user logs on.
If you want to remove a user's access to the system temporarily, you must set the
User Status to Inactive in the User Status field.
A user cannot update their own user type or update a user with the same
Authority ID.
The user being changed cannot follow a lead user or cannot be followed by
another user. That is, following and lead users have the same user type.
Any user authorities for the user that exceed the maximum value for the new
user type will be reduced to be the same as the maximum value for the new user
type.
When logging on after a user type has been changed the new user type is counted
for licensing purposes.
Changing the User Status
If you set a User Status to Inactive, the user will not be able to log on to Design
Studio, Recon Admin or WebConnect. The user can be reinstated at any time by
resetting the User Status to Active. In addition, if a user fails to log in correctly
more than the number of times stated in the SYST value Max failed logins (by
default set to 3), the users set is set to Inactive status.
Changing the Sign on Status
The Sign on Status indicates whether the user is currently logged on or logged
off each of the applications: Design Studio, Recon Admin and WebConnect. If
the system shuts down unexpectedly while a user is running any of the
applications, the user cannot log on again because the system regards the user as
Signed On. If this occurs, an Administrator (or a user with the appropriate
authority) must log on and update the Sign on Status to Signed Off.
To modify a users profile
1.
2.
Right-click on the user that you want to modify, and select Modify User.
The Modify User dashboard is displayed. For example:
3.
4.
2.
Ensure that the user whose password you want to change has a valid email
address defined on their user profile.
3.
Right-click on the user whose password you want to change, and select
Change Password.
The Change Password window is displayed, prompting you to confirm
whether you want to change the users password. For example:
4.
to proceed.
Attribute Maintenance
Workflow
User Universes
2.
Right-click on the user that you want to modify and select Modify
Authority Id.
The User Authority search prompt is displayed. For example:
3.
Edit the Authority Id to be that of the Authority user that you want to assign.
4.
Click [Save] to save the changes, or [Save and Keep Time] to save the
changes and a record of the time at which you saved them.
2.
Right-click on the user that you want to modify and select Access and
Limits.
The Access and Limits dashboard is displayed. For example:
3.
4.
2.
Right-click on the user to which you want to assign messages and select
Message Maintenance.
The Message Maintenance dashboard is displayed. For example:
3.
Select the messages that you want to assign to the user in the Message Type
list.
If you want to assign multiple messages, do so by selecting the first
message, and then press <Ctrl> whilst you select the additional required
messages.
to move your selection to the Current
4.
5.
Allocating Roles
User Roles control the assignment of permissions to users. When you create a
new user, they must be assigned a role before that user can access Design Studio,
TLM WebConnect or any associated TLM application. A user can be assigned
multiple roles. Each role has its own data access rights and permissions, and the
user inherits the most favourable permissions from all of their roles.
The procedure assumes that at least one suitable role has already been configured
(page 43).
To assign roles
1.
2.
Right-click on the user to which you want to assign a role and select User
Roles.
The User Roles dashboard is displayed. For example:
3.
Select the roles that you want to assign to the user in the Available list.
If you want to assign multiple roles, do so by selecting the first role, and
then press <Ctrl> whilst you select the additional required roles.
to move your selection to the Selected list.
4.
5.
From the main menu, select User Maintenance > Pending Authorization
Users.
The Updated Users search prompt is displayed. For example:
2.
3.
If you want to search for all changes pending authorisation, leave the search
fields blank. Alternatively, you can populate them with any of the following
search criteria:
Update Users User Id the User ID of the user affected by the change.
You can optionally enter part of the ID and then use an asterisk (*) as a
wildcard.
Updated Users Edit User the User ID of the user responsible for the
change. You can optionally enter part of the ID and then use an asterisk
(*) as a wildcard.
Updated Users Operation select the type of changes that you want to
view from the list of those available. For example, you can select Delete
to view a list of any delete changes that are pending authorisation.
Click [Search].
The Pending Authorization Users dashboard is displayed, showing the type
of change that has been made and the user who made the change. For
example:
4.
Right-click on the change that you want to authorise, and select the
corresponding operation from the context menu. For example, if you want to
authorise an Insert change, right-click on the applicable row and select
Insert User. For example:
Delete roles
2.
3.
If you want to search for all roles, leave the fields blank. Alternatively
populate any of the following search fields with the required search criteria
to search for specific role:
Role name if you know the name of the role you want to view, enter it
into this field.
Click [Search].
The roles grid is displayed and lists the roles returned by the search. For
example:
The Roles dashboard displays the name and description of roles returned
from the search.
2.
Right-click on the role that you want to view and select View from the
context menu.
The View dashboard is displayed. For example:
The role details are presented in a series of tabs on the View dashboard.
user universes
attribute editability
row-based constraints
search restrictions
You can also use the Users tab to assign the role to users.
The Shortcuts tab does not work, as shortcuts are no longer used. To assign roles
to dashboards so that users can access them, use the Menu Structure
configuration page in SmartStudio.
To add a role
1.
2.
3.
Follow the role tasks in each tab, as described in the following sections, to
configure the new role.
4.
5.
When you have finished configuring the role, click [OK] to exit the Insert
role dashboard.
To modify an existing role
1.
2.
Select the role that you want to modify, right-click and select Modify from
the context menu.
The Modify dashboard is displayed.
3.
4.
Click [Apply] to save your changes, then [OK] to close the dashboard.
Allocating universes
You can control the access a user has to data using User Universes. Universes
are assigned to a role to determine the data that is available to the users assigned
to that role. For example, universe access controls the nodes that are displayed
when specifying universe levels within objects such as Rules, Constraints, and
Roles.
To assign universes
1.
From the Insert dashboard, ensure the Role Detail tab is selected.
2.
In the Available universes list, select the universe that you want to apply to
the role.
3.
4.
Repeat steps 2 and 3 for any additional universes that you want to assign to
this role.
5.
When assigning or removing universes from a role's allocation, if you select one
of the standard TLM Reconciliations universes (Item, Message Header, or
Message Type) the other two are automatically selected for you.
Available lists the business logic tools that can be added to your role
Selected lists any business logic tools that have already been selected for
your role
Constraints lists any constraints that have been configured for use with the
business logic tool.
For example:
From the Insert dashboard, select the Business Logic Tools tab.
2.
In the Available list, select the tool that you want to assign to the role.
3.
4.
Repeat steps 2 and 3 for any additional tools that you want to assign to this
role.
5.
In the Selected list, select the tool that you want to apply the constraint
to.
Any available constraints are displayed in the Constraints list.
2.
In the Constraints list, select the constraint that you want to apply to the
selected tool.
3.
Click [Add].
4.
From the Insert dashboard, select the Business Logic Tools tab.
2.
In the Selected list, select the tool that you want to un-assign from the role
and click the right arrow button.
The tool is removed from the Selected list.
3.
1.
From the Insert dashboard, select the Business Logic Tools tab.
2.
In the Selected list, select the tool from which you want to remove the
constraint.
Any constraints associated with the tool are displayed in the Constraints list.
3.
In the Constraints list, select the constraint that you want to remove from the
tool.
4.
5.
This dashboard is divided into two sections: Available and Selected. Users in the
available section can be assigned to your role. The Selected section lists any
users already configured for use with the role.
2.
In the available list, select the user that you want to assign to the role.
3.
Click the right arrow button to move the selected user to the Selected list.
4.
Repeat steps 2 and 3 for any additional users that you want to assign to this
role.
5.
Allocating attributes
You can control which attributes in the system a user can edit, and add
constraints to those attributes, if an appropriate constraint has already been
configured. For example, you can restrict a user to being able to change a Source
Code and Security Description for an Our Positions item, or restrict a user to
only changing a Senders Reference and a Position Value for a Their Positions
item.
Attributes are allocated from the Editable Attributes tab in the Insert Role
dashboard.
To control attributes
1.
From the Insert role dashboard, select the Editable Attributes tab.
The Editable Attributes configuration screen is displayed. For example:
2.
In the universe tree, select the level from which you want to add an editable
attribute.
The editable attributes available at that level are displayed in the Available
list.
3.
4.
5.
Repeat steps 2 to 4 for any additional attributes that you want to assign to
this role.
6.
In the Selected list, select the attributes that you want to apply the
constraint to.
Any available constraints are displayed in the Constraints list.
2.
In the Constraints list, select the constraint that you want to apply to the
selected attributes.
3.
Click [Add].
4.
From the Insert dashboard, select the Business Logic Tools tab.
2.
In the Selected list, select the attribute that you want to un-assign from the
role and click the right arrow button.
1.
From the Insert dashboard, select the Business Logic Tools tab.
2.
In the Selected list, select the attribute from which you want to remove the
constraint.
Any constraints associated with the attribute are displayed in the Constraints
list.
3.
In the Constraints list, select the constraint that you want to remove from the
attributes.
4.
5.
From the Insert dashboard, select the Row Based Constraints tab.
For example:
2.
In the universe tree, select the level from which you want to select a
constraint.
Any constraints available at the selected level, which have not already been
assigned to the role, are displayed in the Available list.
3.
4.
Click the right arrow button to move your selection to the Selected list.
5.
Repeat steps 2 to 4 for any additional constraints that you want to assign to
this role.
6.
From the Insert Role dashboard, select the Search Restrictions tab.
The Search Restrictions configuration screen is displayed. For example:
2.
In the universe tree, select the level from which you want to select a search
restriction.
Any search restrictions available at the selected level, which have not
already been assigned to the role, are displayed in the Available list. Select
the required search restriction from those in the Available list.
3.
Click the right arrow button to move your selection to the Select list.
4.
Repeat steps 2 to 4 for any additional search restrictions that you want to
assign to this role.
5.
Deleting a role
If you have Update Access to Roles, you can delete roles. Update Access is
controlled by your user authorities.
You can only delete roles that are not allocated to any users.
To delete a role
1.
2.
3.
Right-click on the grid and select Delete from the context menu, or click the
Delete tool in the business logic toolbar.
52 Deleting a role
4.
The User Access and Limits dashboard allows you to set up and maintain a
user's access to options in the on-line application.
For many options, a user's access can be set to one of the following:
Lead Users
When you assign a user to follow a lead user, the `following' user inherits the
same settings as the lead user with respect to Access and Limits.
KEY
BIG - Business Infrastructure Guide
OPS - Operations Guide
BPG - Business Processing Guide
UAG User Administration Guide
WSG WebConnect Studio Guide
User Authority
Custom Filters
User
Type
Description
Full
Allows a user to create their own predefined filters for the following nodes:
Casing
Users
Enquiry
Roles
Full
Global Dashboard
Views
Casing
Customisation Parameters
Not supported.
Enquiry
Full
System
If the user has an id of `SETUP', some settings within this area have major implications
on the way in which the system performs and are normally set up by SmartStream
Technologies implementation staff following consultation with the users of the system.
It is recommended that SmartStream Technologies is notified of any intended change to
these settings, and that the access to the system by this user is restricted. Any other user
on the system can be given access to the same area, but the list of settings that will be
displayed or available for change is limited.
Applies to: Customisation > Parameters
References: BIG - Appendix A - Customising the Display;
Customisation - Screen
Legends
Full
System
Allows a user to change entries in the Window Display Configuration. This would
normally be made available only if the system was required to display information in a
language other than English. If this option is taken, it will affect all users of the system,
and in addition, the number of characters input for the non-English version cannot be
more than the English version, otherwise the contents of frames/windows on the system
can be compromised.
Window trims and button labels can be customised globally using the Screen Legends
option on the Admin tree. You can change the most commonly used words within the
TLM application, and use this option to change the language of the TLM user interface.
This functionality is only available to a System user.
Applies to: Customisation > Screen Legends
References: BIG - Appendix A - Customising the Display
User Authority
Customisation System Messages
User
Type
Full
System
Description
Screen titles and on-line messages can be customised globally using the System
Messages option on the Admin tree. You can change the most commonly used words
within the application, and change the language of the TLM user interface.
This functionality is only available to a System user.
Applies to: Customisation > System Messages
References: BIG - Appendix A - Customising the Display
Roles
Full
System
Allows a user to control the assignment of permissions to users. A role must be assigned
to a user before that user can access Design Studio, or any dashboards in WebConnect.
A user can be a member of multiple roles. Each role has its own data access rights and
permissions, and the user inherits the most favourable permissions from all of their roles.
The following permissions are assignable to roles:
User Universes
Attribute editability
Row-based constraints
Full
Enquiry
System
Allows a user to control which attributes in the system a user with the specified role can
edit. Also allows a user to add constraints to those attributes, if an appropriate constraint
has already been configured.
Admin tree: Security > Roles
Reference: UAG Allocating Attributes
Roles Universe
Access
Full
Casing
Enquiry
System
Allows a user to control the access a user with the specified role has to data using User
Universes. Universes are assigned to a role to determine the data that is available to the
users that have this role. For example, universe access controls the nodes that are
displayed when specifying universe levels within objects such as Rules, Constraints and
Roles.
Admin tree: Security > Roles
Reference: UAG Allocating Universes
SmartStudio
Full
Casing
The SmartStudio software allows the dashboard designer to set up customized windows,
known as dashboards, containing a variety of controls, for the display, update and
processing of Workflow data.
Enquiry
Dashboards replace previously hard-coded aspects of the TLM software operations, such
as Item Enquiry, Message Maintenance, Queue Maintenance and the Store Summary.
Although dashboards are designed individually, several can be combined to enable
operators to progress their Workflow. For example, a queue maintenance function could
be created from several dashboards with Treeviews for drilling down through Set
Groups, Sets, Match Queues, and Grids for performing business logic on outstanding
items and match item proposals.
Parent-child relationships can control how many dashboards appear at runtime. The
example described above for Queue Maintenance has one parent dashboard with four
children.
Applies to: SmartStudio
Reference: WSG - Each chapter covers different aspects of dashboard design.
User Authority
User
Type
Description
Users
Full
System
Add User Details holds information about a user's access to the system and any changes
to the password. Other data, such as the user's name, telephone and fax numbers and
their employment position within your organisation's hierarchy, are used for reporting
purposes.
Casing
Enquiry
The user profile, as defined by the User Type, is predefined and determines the user
authorities available for a particular user. For example, a Full User Type can potentially
access more of the TLM system than a Casing User Type. Within the User Type you can
fine tune user access using the User Access and Limits window.
When a user is `following' another user, the authorities options are shared between all
the users following that user. Therefore, if any of the authorities are changed for any user
following a lead user, all the other users following the same authority will inherit all of
the authorities of the profile being followed including the lead user.
A User B cannot follow the authority of User A if:
Full
System
Casing
Enquiry
Admin tree: Drill down from Users; Access and Limits is an option on the User Control
menu
References: UAG User Access and Limits
Full
System
If a user suspects that their password has been compromised, they can change the
password at any time. The next password change date will be amended so that the next
change will be set to the current date plus the next password change days.
Casing
Enquiry
Users - Allocate
Passwords
Allows a user to change the User Access and Limit parameters for another user. Users
cannot make changes to their own parameters or to the parameters of a lead user they are
following.
Full
System
If another user suspects that their password has been compromised, they can ask the user
of this function to change the password for them. However, this change is temporary as
the next password change date will be changed to the current date forcing the owner of
the changed password to change their password again when they next log on.
Admin tree: Drill down from Users; Change Password is an option on the User Control
menu
Reference: UAG - Changing Passwords
User Authority
User
Type
Users - Authority
Full
System
Description
Allows a user to change the Authority level that another user follows - you cannot
change your own authority level.
When you assign a user to follow a lead user, the `following' user inherits the same
settings as the lead user with respect to the following:
Attribute Maintenance
Message Maintenance
Release Workflow
A number of `dummy' Lead users can be set up and then each actual user of the system
will follow the lead set by one of the dummy lead user profiles. For example, set up a
`Manager', `Supervisor', `Team Leader' and `Reconciler' with the appropriate authorities,
and then assign one of these four levels to each user of the system. Any users with very
specific tasks can be assigned their own authorities (follow themselves) if required /
necessary.
Admin tree: Drill down from Users; Lead User Authority is an option on the User
Control menu
Reference: UAG - Setting Up Lead Users
Users - Create or
Delete Global
Searches
Full
Workflow Elements
Constraints
Full
Full
Full
Full
Full
System
Not supported.
Not supported.
Not supported.
Not supported.
Not supported.
Not supported.
Postal Address
Contact Details
Europe
SmartStream
Technologies Ltd
email: ssrsup.uk@smartstreamstp.com
Aztec West
Almondsbury
Bristol, BS32 4RA
UK
North and South
America
SmartStream
Technologies Ltd
61 Broadway
Suite 2824
email: ssrsup.usa@smartstreamstp.com
New York
NY 10006
USA
Australia and Asia
SmartStream
Technologies Ltd
70 Anson Road
email: ssrsup.sea@smartstreamstp.com
Notes
Software type:
test or
production?
Software
version number
Can be found by selecting Help > About from the software menu.
RDBMS Type
& Version
Server
Operating
System Type
& Version
Priority of call
(1 to 4)
Full description
of problem
being
experienced
Can you
reproduce the
problem?
Yes or No.
Has this
problem
occurred
before?
Yes or No.
Customer Call
ref. (optional)
Please provide us with your own call reference if you have one.
Glossary of Terms 61
Glossary of Terms
Access Rule
Type of rule that is appended to runtime searches to restrict the data that is
returned to a user.
Admin tree
On the Design Studio desktop, displays the 'Administrator' functions. Each
branch of the tree can be expanded to show the lower levels or collapsed to hide
the lower levels.
Constraint
Rule that provides conditional control over attribute and tool availability.
Dashboard
Window that displays a graphical view of the items in the database, in the form
of charts, grids, treeviews, and so on, in WebConnect.
Design Studio
Design Studio is the application used to create and maintain roles and to
customise screen legends and custom messages.
Lead user
Authority ID from which a user can inherit the same settings with respect to the
following authorities options
Attribute Maintenance, Access and Limits, Web Shortcuts.
Role
A User Role controls the assignment of permissions to users. A role must be
configured and assigned to a user before that user can access Design Studio,
WebConnect or any associated TLM application. The following permissions
are assignable to roles user universes, business logic tool availability, attribute
62 Glossary of Terms
Search restriction
You use search restrictions to restrict access to data. This functionality is
implemented by the creation of an Access rule that is assigned to a role by way
of a rulelist.
Web User
End user accessing the application via WebConnect.
Index 63
L
Lead Users 17
Index
M
Maintaining user details 14
O
Online Help 10
P
Passwords - changing 15
Roles
adding 21
allocating users 24
assigning 19
deleting 27
search restrictions 26
Search restrictions 26
Sign on Status 15
Software Support 59
C
Changing
password 15
Constraints
allocating 26
D
Deleting
roles 27
Desktop 3
Document information ii
F
Full-text searches 10
G
Getting Started 3
H
Help 10