Smart Data 27 SP1 Usr Adm

SmartData Version 2.
7 SP1
User Administration
DISCLAIMER
SmartStream Technologies makes no representations or warranties regarding the contents of this document. We
reserve the right to revise this document or make changes in the specifications of the product described within it at
any time without notice and without obligation to notify any person of such revision or change.
COPYRIGHT NOTICE
2000 - 2009 Copyright of SmartStream Technologies. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any form or by any means - electronic, mechanical,
photocopying, recording, or otherwise - without the prior written permission of SmartStream Technologies.
INTELLECTUAL PROPERTY WARNING
The contents of this document and the software it describes are the intellectual property of SmartStream
Technologies. The ideas contained in this document must not be disclosed to any third party.
TRADEMARK NOTICE
TLM Is a registered trademark of SmartStream Technologies. All rights reserved.
Other trademarks recognised and property of their respective owner.
DOCUMENT INFORMATION
Doc Ref: 259-2710-01
Edition 2
August 09
Contents iii
Contents
About this guide .................................................................................. 1
Who should read this guide? ......................................................................................... 1
What does this guide cover? ......................................................................................... 1
How is this guide organised? ........................................................................................ 1
What's not included? ..................................................................................................... 2
Related information ...................................................................................................... 2
Conventions used in this guide ..................................................................................... 2
Getting Started with Design Studio .................................................... 3

Design Studio desktop .................................................................................................. 3
The Admin tree ............................................................................................................. 4
User Authorities and the Admin tree .............................................................. 4
Using Admin tree filters ................................................................................. 4
Using Design Studio Help .......................................................................................... 10
Rules for full-text searches ........................................................................... 10
Managing Users in Design Studio .................................................... 11

Adding a user .............................................................................................................. 11
User Details window details ......................................................................... 13
Maintaining user details .............................................................................................. 14
Changing passwords ................................................................................................... 15
Setting a lead user ....................................................................................................... 17
Changing the authority id ............................................................................. 17
Setting user access and limits ..................................................................................... 17
Admin tree options ....................................................................................... 18
Assigning user roles .................................................................................................... 19
Managing Roles in Design Studio .................................................... 21

Adding or modifying a role ........................................................................................ 21
Allocating universes ..................................................................................... 22
Allocating Business Logic Tools.................................................................. 23
Allocating users to roles ............................................................................... 24
Allocating attributes ..................................................................................... 25
Allocating row-based constraints ................................................................. 26
Allocating search restrictions ....................................................................... 26
Deleting a role............................................................................................................. 27
Managing Users and Roles in WebConnect .................................... 29

Installing WebConnect User and Role Maintenance .................................................. 29
Importing jar files to TLM Control .............................................................. 29
Importing the CI package ............................................................................. 30
Importing the TLM Configuration ............................................................... 30
Configuring the required SYST settings....................................................... 31
Ensure that SETUP has an email address ..................................................... 31
Maintaining Users in WebConnect ............................................................................. 32
Viewing users in WebConnect ..................................................................... 32
iv Contents
Adding a user................................................................................................ 33
Modifying user details .................................................................................. 34
Changing user passwords ............................................................................. 36
Changing the authority id ............................................................................. 37
Changing a Users access and limits ............................................................ 38
Allocating message types ............................................................................. 39
Allocating Roles ........................................................................................... 40
Authorising User Maintenance ................................................................................... 40
Maintaining Roles in WebConnect ............................................................................. 43
Viewing roles in WebConnect .................................................................................... 43
Viewing role details...................................................................................... 44
Adding or modifying a role ........................................................................................ 45
Allocating universes ..................................................................................... 46
Allocating Business Logic tools ................................................................... 47
Allocating users to roles ............................................................................... 48
Allocating attributes ..................................................................................... 49
Allocating row-based constraints ................................................................. 50
Allocating search restrictions ....................................................................... 51
Deleting a role............................................................................................................. 51
Appendix A User Authorities ............................................................ 53

Lead Users .................................................................................................................. 53
Admin User Authorities list ........................................................................................ 54
Appendix B Software Support .......................................................... 59

Calling SmartStream Technologies Support ............................................................... 59
Before you call... ......................................................................................................... 60
Glossary of Terms ............................................................................. 61

Index ................................................................................................... 63
About this guide 1
About this guide
Welcome to the TLM 2.7 SP1 User Administration Guide.
Who should read this guide?

The guide is intended for SmartStream Technologies Professional Services
personnel and other suitably qualified users who are responsible for creating and
maintaining users and user roles.
What does this guide cover?

This guide describes how maintain TLM users. There are two ways of doing
this: using Design Studio, or using the WebConnect User and Role Maintenance
functions.
This guide also lists the User Authorities in the order in which they appear on the
User Access and Limits window.
How is this guide organised?

This guide is organised as follows:
Getting Started with Design Studio provides an overview of the Design

Studio desktop and how to interact with it.
Managing Users in Design Studio describes the types of users within Design
Studio and how to configure them.
Managing Roles in Design Studio describes the assignment of permissions

to users and role configuration.
Managing Users and Roles in WebConnect describes how to install the

WebConnect User and Role Maintenance functions, and how to use the
provided dashboards to maintain users and roles.
Appendix A User Authorities describes the user types available in Design

Studio and how to set up and maintain a users access to options in the online application.
Appendix B Software Support lists the contact details of SmartStream

Technologies Support service.
2 What's not included?
What's not included?

For each User Authority described in Appendix A User Authorities, there, is a
cross reference to the appropriate guide where you can find further information.
This guide does not include the following:
Details of how to operate your system. The TLM Reconciliations

Operations Guide describes how to use sample dashboards and their
business logic for Reconciliations.
Details of how to create and maintain dashboards. See the TLM

WebConnect Studio Guide.
Details of how to create and maintain workflow tools. See the TLM
Reconciliations Business Processing Guide or the TLM Control Process
Designer Guide.
Related information
The following guides provide additional information:
WebConnect Studio Guide
TLM Reconciliations Operations Guide
If your site uses the SWIFT messaging system, see also the relevant SWIFT
documentation
Conventions used in this guide

This guide uses the following conventions for menus and shortcuts:
Example
Describes
<Enter>
Pressing the Enter key
<Ctrl + Home>
Holding down the Control key and pressing the

Home key
Current View >

Orientation > Horizontal
Choosing the Horizontal option from the Orientation

submenu of the Current View option
Click
Clicking the left mouse button
Right-click
Clicking the right mouse button
Double-click
Clicking the left mouse button twice in rapid

succession
Click [Cancel]
Clicking the Cancel button displayed in the window
Getting Started with Design Studio 3
Getting Started with Design Studio
Design Studio desktop

When you first log in to Design Studio, the Design Studio Desktop is displayed.
4 The Admin tree
The Admin tree

The Admin tree is located on the left of the work area and includes all the
administrative functions available within Design Studio.
To expand each folder, you can click and display the branch structure and
lower levels of the tree. Conversely, you can collapse a branch by clicking to
close the lower levels of the tree.
The options displayed depend on user authorities (page 4). Some may be
dimmed (not available) or might not be displayed.
User Authorities and the Admin tree

The user authorities, which an Administrator can set in User Access and Limits,
allow (update access) or deny (view access or no access) a user the ability to
perform various functions in Design Studio and govern the availability of
options in the Admin tree, as well as controlling the limits within those areas.
If an authority is set for a higher level in the tree and if authorities for levels
below are set to no access, the higher level (parent) of the tree is displayed
with no children.
If an authority is set for a lower level (child) in the tree, but the authorities
for levels above (parents) are set to no access, the child level is not
displayed in the tree until all parent level authorities are set to at least view
access.
If you set up a user with no access for user authorities which govern options on
the Admin tree context (right-click) menus, these options are either not available
(dimmed) or are missing altogether.
Using Admin tree filters

Often there are so many items under the Users and Roles branches of the Admin
tree that the branches become cumbersome to navigate when expanded. To avoid
this problem, you can use filters to narrow down the information presented under
these branches.
When a filter is applied to a treeview node, the node folder is displayed with a
filter icon, for example:
You can specify filter criteria dynamically as needed, or you can create
predefined filters, one of which can be specified as the default filter.
All filters function in a similar manner, and their use is optional. When a filter is
displayed, clicking [OK] shows all items under that branch of the Admin tree.
Specifying filter criteria dynamically

You can specify filter criteria dynamically each time you expand the Users or
Roles node to narrow down the number of users displayed in the Admin tree.
To filter the Users node
1.
To launch the Filter window, do one of the following:
In the Admin tree, right-click the Users node and select Filter >
Custom.
If this is the first time you have accessed the Users node since launching
Design Studio, you can just expand the Users node in the Admin tree.
The User Filter window is displayed:
2.
3.
Enter the optional filter criteria as follows:
To filter by user type, select the required type of user from the User
Type dropdown list.
To filter by a string contained within the User ID, enter the required
string in the User ID field. Select the Match whole word checkbox if
you want to match exactly the string you enter.
If you have created any predefined (page 7) user filters, you can select
one from the dropdown list next to the User ID field.
To filter by Authority ID (lead user) enter the required ID in the

Authority ID field.
To display all users (that is, with no filter applied) leave all fields blank.
Click [OK].
The Users branch of the Admin tree expands, filtered according to the
criteria you entered. For example, if you selected Full in the User Type
drop-down menu and entered the string Test in the User ID field, only
users IDs with the full user type that contain the string Test are
displayed. For example:
6 The Admin tree
To filter the Roles node

1.
To launch the Filter window, do one of the following:
In the Admin tree, right-click the Roles node and select Filter >
Custom.
If this is the first time you have accessed the Roles node since launching
Design Studio, you can just expand the Roles node.
The Role Filter window is displayed:
2.
3.
Enter the optional filter criteria as follows:
To filter by a string contained within the role name, enter the required
string in the Rome Name field. Select the Match whole word checkbox
if you want to match exactly the string you enter. Select the Match Case
checkbox if you want to match the case you entered the text in.
If you have created any predefined (page 7) role filters, you can select
one from the dropdown list next to the Role name field.
To display all roles (that is, with no filter applied) leave all fields blank.
Click [OK].
If you click [OK] without entering any filter criteria, all information under
that branch is displayed.
The Roles branch of the Admin tree expands, filtered according to the
criteria you entered. For example, if you entered the string 'Config' only
those roles that contain 'Config' are displayed. For example:
Creating and applying predefined filters

You can create a list of predefined filters for both the Users and Roles nodes,
which can be applied directly from the nodes on the Admin tree. You can specify
one predefined filter for each of the two nodes to use as the default filter. The
default is pre-filled into the filter dialog when it is loaded, meaning that if you
click [OK] on the filter dialog, only a subset of the filtered objects is displayed.
To create a predefined filter
1.
Right-click the node and select Filter > Configure.

The Pre-defined Filter configuration window is displayed:
2.
Click [Add] to add a new filter.

The following window is displayed:
3.
Enter a Filter Name.
4.
Enter a text string on which to base your filter.
5.
If you want this to be the default filter, select the Default checkbox.
6.
Click [OK].
If required, you can create a number of filters.
7.
Click [OK] again when you have finished.

To use a predefined filter
1.
Right-click the Users or Roles node and select Filter.

The predefined filters that you have created are displayed in the context
menu. For example:
8 The Admin tree
If you have specified a default filter, it is marked with a tick (so in this case
'CONFIGURER ROLES' is the default).
2.
Select the filter that you want to use.

The filter is applied to the treeview.
The Show All option in the context menu displays the entire list of objects for
that node, with no filter applied.
Specifying a default filter

You can specify the default filter for each node, from the Pre-defined Filter
configuration window.
To specify a default filter
1.
In the Admin tree, right-click on the node for which you want to configure a
default filter, and select Filter > Configure.
The Pre-defined Filter configuration window is displayed, and shows a list
of the currently predefined filters. The Default column displays which filter,
if any, is currently specified as the default filter. For example:
2.
Select the filter that you want to be the default filter.
3.
Click [Modify].
The Pre-defined filter details window is displayed. For example:
4.
Select the Default option.
5.
Click [OK].
The Pre-defined Filter configuration window is displayed. The Default
column is updated to show the selected filter as the default. For example:
6.
Click [OK].
To use a default filter
1.
Right-click the Users or Roles node and select Filter > Custom.
2.
The Filter window is displayed with the default filter already filled in, for
example:
3.
Click [OK].
The default filter is applied to the treeview.
10 Using Design Studio Help
Using Design Studio Help

Press <F1> or select Help > Help from the main menu.
Help on the current window, if available, is displayed; otherwise the complete
Design Studio Help system is displayed in a browser window, and you can
search for the information you need.
From the browser window, you can navigate using the following buttons:
Windows XP security block

If you view the Help in Internet Explorer on Windows XP SP2 or higher, a
yellow bar might be displayed stating that your active content (JavaScript) is
disabled, and the Help will not have the proper layout and wont respond
properly to user interaction.
To allow active contents to run for this instance, click the yellow bar and
select Allow Blocked Content from the menu.
To disable this security block for all local content (local content is generally
a lot safer than Internet content), in Internet Explorer go to the Tools >
Internet options > Advanced window and in the Security options, select
the Allow local content to run in files on My Computer checkbox.
Rules for full-text searches

The rules for full-text searches are:
Searches are not case-sensitive, so you can type your search in uppercase or
lowercase characters.
You can search for any combination of letters (a-z) and numbers (0-9).
Punctuation marks, such as the period (.), colon (:), semicolon (;), comma
(,), and hyphen (-), are ignored during a search.
You can group the elements of your search using double quotes (".. ") or
parentheses ('.. ') to set apart each element. You cannot search for quotation
marks.
If you search for a file name with an extension, group the entire string in
double quotes ("file name.ext").
You can use the AND, OR, and NOT operators to refine your search by
creating a relationship between search terms. If you do not specify an
operator, AND is used. For example:
Specifying "message AND feed" finds topics that contain both

"message" and "feed."
Specifying "Security OR alias" finds topics that contain either the term
"security" or the term "alias" or both.
Specifying "balance" NOT "trial" finds topics that contain "balance" but
not "trial."
Managing Users in Design Studio 11
Managing Users in Design Studio
Any type of user can be created using Design Studio, however each user has
access to different admin tree options. In a SmartData-only installation, you can
select from only the following user types:
Dstudio
Full
System
Each user must be assigned to a particular role (page 21) before they can access
Design Studio or TLM WebConnect.
The following table shows the maximum level of access available to each user
type (i.e. with access and limits (page 17) set to all High). This table also
includes the TLM Reconciliations user types; Casing, Coac and Enquiry:
Tree node
Dstudio
Full
System
Casing
Coac
Enquiry
Users
Create
and
modify
Create
and
modify
Create
and
modify
View
only
Create
and
modify
View
only
Roles
Create
and
modify
Create
and
modify
Create
and
modify
No
access
No
access
No
access
SmartStudio
Create
and
modify
Create
and
modify
No
access
Create
and
modify
No
access
View
only
Customisation Modify
Modify
Modify
No
access
Modify
No
access
Adding a user
A user profile holds information about a users access to the system and any
changes to the password. Other profile data, such as the user's name, telephone
and fax numbers and the employment position within the organisation's
hierarchy, are used for reporting purposes.
You can add another users details to the system if you have the appropriate
authority. Once the user profile has been created, the relevant user authorities
can be added.
When you set up a new user, their first password defaults to their user ID.
Adding a user is governed by the SYST setting ALLOW_CREATE_USER:SYST switch set to 1 (the default): A corresponding database user is created by
Design Studio with a password the same as the User ID. The user must change
this password when they log on for the first time.- SYST switch set to 0 (zero):
12 Adding a user
The corresponding database user is NOT created. This means a user cannot log
on. A System Administrator must set up the corresponding database user using
the Security Admin Tool.
To add a user
1.
If the Admin tree is not displayed, click in the work area and deselect Hide
Treeview.
2.
Expand Security.
3.
Right-click Users and select Insert to open the Add User Details window
(page 13).
4.
Enter a User ID. (Mandatory) The User ID is used to log on to the system.
Up to eight characters are available.
Several boxes are set by default but can be changed. For example:
The default User Type is Casing. (Mandatory)
The default User Status is set to Active.
Sign On Status is set to Signed Off and User Creation Date is todays
date (the latter cannot be changed).
The Next Password Change Date defaults to the day the user is added.
Password Change Days is set to 30 by default. You can change this.
When the user first logs on to Design Studio, the password is the same
as the User ID and they will be prompted to change this password. After
30 days, or whatever number you set, this password will expire.
5.
If you want the user to be a Web only user (i.e. to have no access to the
configuration applications) check the WebConnect only checkbox. (This
option is not available to the Dstudio and System user types).
6.
If required, enter the name, location, and contact details for the user.
7.
Select the Start and End times when the user is allowed access to the system
using the format hh:mm. (Mandatory.)
8.
If you want a user to have temporary access to the system, you can set an
expiry date in User Expiry Date (optional). After this date that user cannot
log on to Design Studio.
9.
Click [OK] to save and close or [Apply] to save the new user profile.
User Details window details

Field
Description
User ID
The unique identifier for the userup to 8 characters in length. Cannot

be changed.
User Status
Indicates the current status of the user. Select from User Status list:
Active - user is able to log in to the TLM system

Inactive - user is unable to log in to the TLM system
This allows users to be given intermittent access to the system. If a

user fails to log in after three attempts the status is automatically set to
Inactive. Before the user can log in again the status has to be set to
Active by a user with the right to change User Profiles.
Authority ID
The ID for the set of authorities that this user is to follow. When a new
user is set up, their own ID is the default for Authority ID. It can only
be changed using the User Authority option available from the User
Control menu.
Sign On
Status
The current status of the user. Select from Sign On Status list:
Signed on - user is currently logged in

Signed off - user is currently logged out.
If the system has failed for any reason, and the status of the user has
been left signed on in error, it is possible to update the status directly
here. The user cannot log in successfully until this has been done.
If you change the Sign On Status of a user, this will affect any of the
following applications that the user is logged on to:
User Type
SmartStudio
Design Studio
Recon Admin
WebConnect
Cannot be changed once the user has been created. One of the
following:
Full - can change all functions available at the User

Access and Limits window. Select this user type for
users who need access to both Design Studio and its
associated application, such as Recon Admin.
Casing - can change certain functions associated with
the exception processing system.
Enquiry - can only view the functions available at the
User Access and Limits window.
System - can change certain system administration
functions.
Coac - can change functions relating to CoAc
workflows.
Dstudio - can change functions within Design studio
only.
Title
The title of the userMr/Mrs/Ms/Dr.and so on. Up to 4 characters.
Surname
The users surname. Up to 20 characters.
First Name
The first names of the user. Up to 40 characters.
Job Title
The title of the job the user performs. Up to 60 characters.
Section
If required, the section in which the user works. Up to 60 characters.
Department
The department in which the user works. Up to 60 characters.
Location
The physical location of the department. Up to 60 characters.
Phone
The user's telephone number, including extension number if available.

Up to 20 characters.
14 Maintaining user details
Field
Description
E-mail Id
E-mail address of the user.
Fax
The number of the facsimile machine used by the user. Up to 20

characters.
Export Rule
User defined reference. Up to 20 characters.
Export Code
User defined reference. Up to 20 characters.
User
Creation
Date
The date on which the user was added to the system. This is
automatically generated by the system for information purposes.
Cannot be changed.
User Expiry
Date
The date after which the user is denied access to the system. It may be
left blank for full time employees, but if temporary staff are employed
from time to time, their profiles may be set up so that entry to the
system is only allowed for the term of their employment.
Password
Change Days
The number of calendar days for which each change of password is

valid. Accepts numbers 0 to 999.
Next
Password
Change Date
The date that the current password becomes invalid. Changed by the
system each time the password is changed, based on the number of
days in Password Change Days. Can also be changed manually,
effectively overriding the number of days in Password Change Days.
Mon to Sun
Start/End
Mandatory. The times within which a user may log on to the system.
This defaults to 08:30 to 17:30 for each day, but may be changed to
suit your organisations working practices. Enter in format hh:mm,
where HH is 24 hour format. Note that this is for entry to the system
and that provided you log on before the end time, you can continue to
use the TLM system after that. If you log off, however, you are not be
able to log on again until the next Start time.
Maintaining user details

Once a user is created, if you have the appropriate authority, you can change the
following:
User Status
Sign on Status
Authority ID
However, you cannot change:
User Id - if the User Id is incorrect, you must delete the user profile and
create a new one.
User Type
User Creation Date
If you want to remove a user's access to the system temporarily, set the User
Status to Inactive in the User Details window.
User Status
You can change the status for another users access to the system if you have the
appropriate authority.
If you set a User Status to Inactive, the user will not be able to log on to Design
Studio not any associated application, such as Recon Admin. The user can be
reinstated at any time by resetting the User Status to Active. In addition, if a user
fails to log in correctly more than the number of times stated in the SYST value
Max failed logins (by default set to 3), the users set is set to Inactive status.
Sign on Status
The Sign on Status indicates whether the user is currently logged on or logged
off. If the system shuts down unexpectedly while a user is running the
application, the user may not be able to log on again because the system regards
the user as Signed On. If this occurs, an Administrator (or a user with the
appropriate authority) must log on and update the Sign on Status to Signed Off.
To update the licences that might be lost if the system is shut down
unexpectedly, contact your in-house support desk.
To change user details

1.
Treeview.
2.
Expand Security.
3.
Expand Users, right-click the user you want and select Modify.
4.
Make your changes as required.
5.
Click [OK] to save and close or [Apply] to save.
6.
Changes to a user profile take effect the next time the user logs on.
To delete a user
You can delete another users profile if you have the appropriate authority. You
cannot delete your own user profile or a user profile whose authorities are being
used by others as a lead user.
1.
Treeview.
2.
Expand Users, right-click the user and select Delete.
3.
A message is displayed asking you to confirm the deletion.
4.
Click [Yes].
Changing passwords
If you have the appropriate authority you can change a user's (or your own) login
password at any time. The new password must be used when the user next logs
on. The password expiry date is reset to todays date, therefore, when a new user
logs on for the first time, the user must change this password.
When you set up a new user, their first password defaults to their user ID.
Using Change Password you can type and confirm the new password. Change
Password is displayed automatically when a user logs on to Design Studio for
the first time and when their password expiry date is reached.
TLM software does not adhere to any system password policies that you might
have in place, due to the TLM password encryption algorithm. You can enforce
you own password policies, however TLM cannot validate the passwords against
your policy.
16 Changing passwords
To change a users password

1.
Treeview.
2.
Expand Security.
3.
Expand Users, right-click the user you want, point to User Control, and
select Change Password.
An information message is displayed informing you that you are about to
change a password.
4.
Click [OK]. The Change Password window is displayed.
5.
Enter a new password.

A System configuration setting specifies the minimum number of characters
for a password.
This password must not be the same as any of the previous five passwords
for the selected user.
6.
Click one of the following: [OK] to save the new password or [Cancel] if
you want to leave the password unchanged.
7.
Confirm the new password when the window reappears.
8.
Click [OK].
If you incorrectly type the new password, you are asked to re-type it.
If you want to keep the old password, click [Cancel].
Setting a lead user

When you create a user profile, the Authority Id defaults to the User Id.
However, you can set the Authority Id to another user - a lead user. The lead
user can be an actual user or a dummy user. A dummy user can be set up purely
to provide a set of parameters to be followed by the live users.
When you assign a user to follow a lead user, the following user inherits the
same settings as the lead user with respect to the following authorities options:
Attribute Maintenance
Access and Limits
Workflow
User Universes
Changing the authority id

User A cannot follow the authority of User B if:
Another user is following the authority of User A.
User B is following the authority of another user.
These rules prevent the creation of authority chains.

To follow a lead authority
1.
Treeview.
2.
Expand Security.
3.
select Lead User Authority to open the User Authority window.
4.
Replace the users current Authority Identification with the ID of another

user, for example a 'lead' user.
5.
Setting user access and limits

You can use User Access and Limits to determine the windows a user can
access, view, or update when they log on to Design Studio as well as control the
limits they have on various functions, such as matching amount differences. This
provides a means of controlling the administration areas available to an
individual and also governs the Admin tree options (page 18) that are available
for that user.
The authority options available in User Access and Limits are governed by the
User Type. For example, if a given user is set up as an Enquiry user, the user
authorities can only be set to No Access or View Access; the Update
Access option is not available.
18 Setting user access and limits
Access and Limits enables you to set up and maintain a users access to options
in the online application.
A users Authority ID is set by default in Add User Details to their own User ID.
If you have the authority, you can set the Authority ID for a given user to that of
any other user using the User Authority window.
User Limits and User Confirmation Limits
Two sets of limits allow users within a reconciliation department to authorise
each others imperfect matches.
To set access and limits for a user
1.
Treeview.
2.
Expand Security.
3.
select Access and Limits.
The User Access and Limits window is displayed for the user you selected.
4.
Use the list for each authority to select the type of access allowed to that
user for that task.
5.
You can use the [All High] or [All Low] buttons to set all the authorities to
Update Access/Yes or No Access/No respectively.
6.
Admin tree options

The user authorities, which an Administrator can set in Access and Limits,
govern the availability of options on the Admin tree.
If an authority is set for a higher level in the tree and if authorities for levels
below are set to no access, the higher level (parent) of the tree is displayed
with no children.
For example, if you set a user to have update/view access to Categories but
no access to Sets or Message Feed, the tree displays the Categories level
only for that user.
If an authority is set for a lower level (child) in the tree, but the authorities
for levels above (parents) are set to no access, the child level is not
displayed in the tree until all parent level authorities are set to at least view
access.
For example, if you set a user to have update/view access at Message Feed
level and Categories level but no access to Sets, the tree displays the Sets
level only for that user.
If you set up a user with no access for user authorities which govern
options on the Admin tree context (right-click) menus, these options are
either not available (dimmed) or some may be missing altogether.
Any user with access to the User level can determine who is logged on to the
TLM database from the Admin tree. A person icon ( ) replaces the folder icon
if a user is logged on.
Assigning user roles

User Roles control the assignment of permissions to users. When you create a
new user, they must be assigned a role before that user can access Design Studio,
TLM WebConnect or any associated TLM application. A user can be assigned
multiple roles. Each role has its own data access rights and permissions, and the
user inherits the most favourable permissions from all of their roles.
The procedure assumes that at least one suitable role (page 21) has already been
configured.
To assign roles to a user
1.
Right-click the user you have created, point to User Control, and select
User Roles.
The User Roles window is displayed:
2.
Select the user role you want to assign to this role from the Available list
and click
. To assign more than one role, press and hold the <Ctrl>
button, select all the roles that you want to assign, and click
3.
Click [OK].
Managing Roles in Design Studio 21
Managing Roles in Design Studio
Roles control the assignment of permissions to users. A role must be configured

and assigned to a user before that user can access SmartStudio or TLM
WebConnect. A user can be a member of multiple roles. Each role has its own
data access rights and permissions, and the user inherits the most favourable
permissions from all of their roles.
Roles are configured from the Security node of the Design Studio admin tree.
The following permissions are assignable to roles:
user universes (page 22)
business logic tool availability (page 23)
attribute editability (page 25)
row-based constraints (page 26)
search restrictions (access rules) (page 26)
You can also use the Role Details window to assign the role to a user.
All other permissions remain with the lead user mechanism.
Adding or modifying a role

If you have Update Access to roles, you can add new roles and modify existing
roles. Update Access is controlled by your user authorities (page 4).
Depending on your system configuration, you might require authorisation for
this action; if this is the case, the authorising user must enter their User Name
and Password.
To modify an existing role
1.
From the Admin tree, right-click Roles and select Modify.
2.
Make your changes as required.
3.

To add a new role
1.
From the Admin tree, right-click Roles and select Insert.
2.
Follow each of the role tasks to configure the new role.
22 Adding or modifying a role
Allocating universes
You can control the access a user has to data using User Universes. Universes
are assigned to a role to determine the data that is available to the users assigned
to that role. For example, universe access controls the nodes that are displayed
when specifying universe levels within objects such as Rules, Constraints, and
Roles.
To assign universes
1.
From the Add Role window select the Role Details tab:
2.
Select the universes that you want to assign to this role from the Available
Universes list and click
role.
3.
, or click
to assign all universes to the
Click [OK].
When assigning or removing universes from a role's allocation, if you select one
of the standard TLM universes (Item, Message Header, or Message Type) the
other two are automatically selected for you.
Allocating Business Logic Tools

You must select the business logic tools that a user assigned to a particular role
can execute. You can also apply constraints to the use of the selected tools, if an
appropriate constraint has already been configured.
To assign business logic tools
1.
From the Role Details window select the Business Logic Tools tab:
2.
Select the tool that you want to assign to this role from the Available list and
click
3.
, or click
If you want to apply constraints to the use of any selected tool:

1.
Select the tool that you want to apply the constraint to and click Add.
2.
Select the constraint that you want to apply to the tool for that role and
click
3.
4.
to assign all tools to the role.
Click [OK].
Click [OK].
Allocating users to roles

A user must be allocated a role before they can access Design Studio or TLM
WebConnect.
To allocate a user to the role
1.
From the Role Details window select the Users tab:
2.
Select the user that you want to assign to this role from the Available list
and click
3.
Click [OK].
, or click
to assign all existing users to the role.
Allocating attributes
You can control which attributes in the system a user can edit, and add
constraints to those attributes, if an appropriate constraint has already been
configured. For example, you can restrict a user to being able to change a Source
Code and Security Description for an Our Positions item. Or you can restrict a
user to only changing a Senders Reference and a Position Value for a Their
Positions item.
To control attributes
1.
From the Role Details window select the Editable Attributes tab:
2.
The Universes listed in the first pane are those you allocated previously
from the Role Details tab. Expand the universe that you want to work with
and select a level. For a given level, the attributes displayed in the Available
Attributes pane are common to lower levels on the same branch of the tree.
For example, if the Securities Positions level is selected from the Item
Universe, the attributes displayed in the Attributes pane for that level are
also common to the Our Position and Their Position levels. (Our Position
and Their Position may also have further attributes applicable at that level
only.)
3.
Using the arrows, select the attributes you want a user to be able to edit. The
attributes are displayed in the Selected Attributes pane.
Use the
or
or
button to select or deselect all attributes, or use the
button to select or deselect a single attribute
4.
Similarly, expand the other Universes and select the attributes you want to
allocate to the user.
5.
If you want to apply constraints to any of the selected attributes:

1.
Select the attribute that you want to apply the constraint to and click
Add.
2.
Look for the constraint that you want to apply to the attribute for that
role and click
6.
Click [OK].
Allocating row-based constraints

You can restrict whether records (rows) in grids or forms can be edited by
applying constraints to a universe level, if an appropriate constraint has already
been configured. If no row-based constraints are applied, all rows are available
for editing.
To allocate row-based constraints
1.
From the Role Details window select the Row Based Constraints tab:
and select a level.
The constraints configured for that level are displayed in the Available
Constraints pane.
2.
Select the constraint that you want to apply to that level and click
3.
Click [OK].
Allocating search restrictions

You can use search restrictions to restrict access to data, for example where you
have different groups that are each responsible for a particular region or line of
business.
This functionality is implemented by creating a search restriction and adding
access rules to it. You can assign multiple search restrictions to a role. Multiple
search restrictions are ANDED together. When a user launches a dashboard
search, all search restrictions applied to that users role that are above the level
of the search are appended to the search. Where a user has more than one role
assigned to them the search restrictions for different roles are ORed together.
Before carrying out this procedure, you must have already created appropriate
access rules and search restrictions in SmartStudio.
To allocate search restrictions

1.
From the Role Details window select the Search restrictions tab:
and select a level.
The list of available search restrictions that have already been configured at
or above that level, is displayed.
2.
Select the search restriction that you want to apply and click
click [OK].
, then
The search restriction is displayed in the list of selected Search Restrictions,

together with its level.
Deleting a role
If you have Update Access to Roles, you can delete roles. Update Access is
controlled by your user authorities (page 4).
Depending on your system configuration, you might require authorisation for
this action; if this is the case, the authorising user must enter their User Name
and Password.
To delete a role
1.
From the Admin tree expand Roles.
2.
Right-click the role that you want to delete and select Delete.
A message is displayed:
3.
Click [Yes].
Managing Users and Roles in WebConnect 29
Managing Users and Roles in

WebConnect
Using the WebConnect User Maintenance function you can create and delete
WebConnect-only users, however, you can update the details for any user.
Using the WebConnect Role Maintenance function you can create, edit and
delete user roles.
All new users must be assigned to a role before they can access any dashboards
in WebConnect.
If you want to use the WebConnect User and Role Maintenance functions, they
must first be installed. This requires that you have at least the following software
already installed:
SmartData Services
TLM Control
Configuration Import
Installing WebConnect User and Role

Maintenance
To install the User and Role Maintenance functions, you must perform the
following tasks:
1.
Import the required jar files into TLM Control.
2.
Import the CI package.
3.
Import the TLM Control configuration file.
4.
Configure the required SYST settings.
5.
Ensure that that SETUP user has a valid email address.
The following sections describe how to perform each task, to configure the User
and Role Maintenance functions for use with WebConnect.
Importing jar files to TLM Control

The user maintenance function requires that TLM Control has been installed, and
that the SmartData DB JNDI entry has been correctly configured for your
database. See the TLM Control Installation Guide for details of how to install
and configure TLM Control.
30 Installing WebConnect User and Role Maintenance
To import the required jar files to TLM control
Do one of the following:
If you are installing TLM Control specifically for this User

Maintenance feature, to import the Java Jar files, when the TLM
Control installation wizard displays the Java Code Step Jarfiles Import
window, browse to the Control\TLM_Tools_jcs.jar file within the
TLM_HOME installation directory. For example:
If you have already installed TLM Control, open the

TLMControl\<Version>\engine\tcengine.war file for editing (using a
program such as Java Ant), and add the TLM_Tools_jcs.jar file under
the WEB-INF\lib directory. After updating the tcengine.war file,
deploy it on the application server. See the TLM Control Installation
Guide for details.
Importing the CI package

The CI package contains the SETUP user which is assigned to the Configurer
Role. The Configurer Role contains the dashboards and associated artifacts for
the User and Role Maintenance functions.
CI package must be imported into your TLM database using CI Version 3.4.
To import the User Maintenance dashboards
1.
Logon to the Configuration Import (CI) utility as the dbo user of the TLM
database.
2.
Open the TLM_Dashboards_1_1_3.xml file from the CI directory within the

TLM_HOME installation directory.
3.
Import the package into your database.
Importing the TLM Configuration

To import the TLM Configuration
1.
Logon to TLM Control.
2.
Perform the modular input of TLM Control configuration from file

TLM_Tools.tcm as follows:
1.
Select File > Import > Modular Import.
2.
Browse to the Control\TLM_Tools_1_1_3.tcm file in the TLM_HOME

installation directory and click [Next].
The Modular Import window is displayed. For example:
3.
Click [Select All].
4.
Click [Finish].
Configuring the required SYST settings

To configure the required SYST settings
1.
In the SYST table, ensure that the AUTOSAVE_PREWORKFLOW option

is set to 0.
2.
If you require that all user maintenance changes are authorised by a second
user, set the USER_MAINT_AUTH option to 1. If you do not require that
the changes are authorised before they are committed, leave this setting as 0.
Ensure that SETUP has an email address

To enable the creation of users, the SETUP user must have a valid email address.
The following step is also a good test of whether the User and Role Maintenance
dashboards have been correctly installed, however you could alternatively use
SQL to add the email address to the USRR table.
To add an email address for the SETUP user
1.
Log into WebConnect as SETUP.
2.
Launch the User Maintenance > User dashboard.
3.
Select the SETUP user, right-click and select Modify User.
4.
Enter a valid email address in the Email Id field.
5.
Click [Submit] to save your changes.
32 Maintaining Users in WebConnect
Maintaining Users in WebConnect

The WebConnect User Maintenance function enables you to perform the
following tasks:
Search for and view existing users.
Create, modify and delete WebConnect-only users, including the ability to

change user passwords.
Modify the details for non-WebConnect-only users. This does not include
the ability to change the password.
Manage any users permissions through the assignment of messages and

roles.
Authorise user changes, if second user authorisation has been applied.
Viewing users in WebConnect

The list of TLM users configured to use the system is displayed in WebConnect
within the Users dashboard. You can use this dashboard to view users, and to
access the user maintenance functions.
To view users in WebConnect
1.
From the main menu, select User Maintenance > Users.

The Users search prompt is displayed. For example:
2.
3.
If you want to search for all users, leave the search fields blank.
Alternatively, populate any of the following search fields with the required
search criteria to search for specific users:
User Details Profile enter the type of user you want to view, such as
Full or DStudio.
User Details User Id the user ID of the user you want to view. You
can optionally enter part of the ID and then use an asterisk (*) as a
wildcard.
User Details Authority Id the authority id of the user you want to

view. You can optionally enter part of the ID and then use an asterisk
(*) as a wildcard.
Click [Search].
The Users dashboard is displayed and lists the users returned by the search.
For example:
The Users dashboard displays the following information about each user:
User the User ID.
Authority ID- the ID of the user whose authorities the user is to follow.
When a new user is set up, their own ID is the default for Authority ID.
Profile the user type, which determines the users permissions. Can be one
of the following:
Full user can change all functions available at the User Access and
Limits window
Dstudio user can use Design Studio for configuration tasks, but not
the Recon Admin Client
Casing user can change certain functions associated with the

exception processing system
Enquiry user can only view the functions described earlier
System user can change certain system administration functions
Coac user can change only functions relating to CoAc workflows
Firstname up to 40 characters
Surname - up to 20 characters
Email - E-mail address of the user
Adding a user
A user profile holds information about a user and their access to the system.
If you have the authority to do so, you can add users of type WebConnect only
to the system. All other user types must be added using Design Studio.
When you set up a new user, a system generated password is emailed to the
address defined in their profile.
To add a new user

1.
Launch the Users dashboard.
2.
Right-click on the Users dashboard, and select Insert User.

The Insert User dashboard is displayed. For example:
3.
Enter a User Id (mandatory) that will be required by the user to login to the
system. Up to eight characters are available.
4.
In the Email Id field, enter the users email address (mandatory).
5.
The following fields are set to default values but can be changed as required:
User Type is set to Archive.
User Status is set to Active.
6.
If you want the user to have temporary access to the system, you can set an
expiry date in the User Expiry Date (optional) field. After this date that user
cannot log on to WebConnect.
7.
If you want to specify the times within which a user can login to the system,
you can do so within the Monday to Sunday Start and End fields (Optional).
The login times default to 08:30 to 17:30 for each day, but may be changed
to suit your organisations working practices. Enter in format hh:mm, where
hh is 24 hour format. Note that this is for entry to the system and that
provided you log on before the end time, you can continue to use the TLM
system after that. If you log off, however, you will not be able to log on
again until the next Start time.
8.
Populate the remaining optional fields as required.
9.
Click [Submit] to save and close, or [Cancel] to discard the user profile.
Modifying user details

If you have the authority to do so, you can change most of the information within
a users profile, with the exception of the User ID and User Creation Date which
cannot be changed, and the users Authority Id which can be changed using the
Authority Id dashboard.
If the User Id is incorrect, you must delete the user profile and create a new one.
Changes to a user profile take effect the next time the user logs on.
If you want to remove a user's access to the system temporarily, you must set the
User Status to Inactive in the User Status field.
Changing the User Type

You can change the User Type after a new user profile has been created provided
that neither of the following situations applies:
A user cannot update their own user type or update a user with the same
Authority ID.
The user being changed cannot follow a lead user or cannot be followed by
another user. That is, following and lead users have the same user type.
Any user authorities for the user that exceed the maximum value for the new
user type will be reduced to be the same as the maximum value for the new user
type.
When logging on after a user type has been changed the new user type is counted
for licensing purposes.
Changing the User Status
If you set a User Status to Inactive, the user will not be able to log on to Design
Studio, Recon Admin or WebConnect. The user can be reinstated at any time by
resetting the User Status to Active. In addition, if a user fails to log in correctly
more than the number of times stated in the SYST value Max failed logins (by
default set to 3), the users set is set to Inactive status.
Changing the Sign on Status
The Sign on Status indicates whether the user is currently logged on or logged
off each of the applications: Design Studio, Recon Admin and WebConnect. If
the system shuts down unexpectedly while a user is running any of the
applications, the user cannot log on again because the system regards the user as
Signed On. If this occurs, an Administrator (or a user with the appropriate
authority) must log on and update the Sign on Status to Signed Off.
To modify a users profile
1.
2.
Right-click on the user that you want to modify, and select Modify User.
The Modify User dashboard is displayed. For example:
3.
Update the user profile as required using the fields provided.
4.
Click [Submit] to save your changes or [Cancel] to discard them.
Changing user passwords

You can change a WebConnect-only users login password at any time. The new
password must be used when the user next logs on. The password expiry date is
reset to todays date, therefore, when a new user logs on for the first time, the
user must change this password.
You cannot change the password for any non-WebConnect-only users.
You cannot change your own password in User Maintenance, as this
functionality is already available as a special command on the WebConnect
menu.
TLM software does not adhere to any system password policies that you might
have in place, due to the TLM password encryption algorithm. You can enforce
you own password policies, however TLM cannot validate the passwords against
your policy.
To change a users password

1.
2.
Ensure that the user whose password you want to change has a valid email
address defined on their user profile.
3.
Right-click on the user whose password you want to change, and select
Change Password.
The Change Password window is displayed, prompting you to confirm
whether you want to change the users password. For example:
4.
Click the green tick icon
to proceed.
A system-generated password is emailed to the user, using the email address

specified in their user profile.
If you attempted to change the password of an non-WebConnect-only user,
an error message is displayed, and the password is not changed.
Changing the authority id

When you create a user profile, the Authority Id defaults to the User Id.
However, you can set the Authority Id to another user - a lead user. The lead
user can be an actual user or a dummy user. A dummy user can be set up purely
to provide a set of parameters to be followed by the live users.
When you assign a user to follow a lead user, the following user inherits the
same settings as the lead user with respect to the following authorities options:
Access and Limits
Workflow
User Universes
User A cannot follow the authority of User B if:
Another user is following the authority of User A.
User B is following the authority of another user.

To change a users authority id
1.
2.
Right-click on the user that you want to modify and select Modify
Authority Id.
The User Authority search prompt is displayed. For example:
3.
Edit the Authority Id to be that of the Authority user that you want to assign.
4.
Click [Save] to save the changes, or [Save and Keep Time] to save the
changes and a record of the time at which you saved them.
Changing a Users access and limits

You can use User Access and Limits to determine the functions that a user can
access, view, or update when they log on to TLM software, as well as control the
limits they have on various functions, such as matching amount differences. This
provides a means of controlling the administration areas available to an
individual and also governs the Admin tree options (page 18) that are available
for that user.
The authority options available in User Access and Limits are governed by the
User type. For example, if a given user is set up as an Enquiry user (User Type is
set to Enquiry in Add User Details) the user authorities can only be set to No
Access or View Access; the Update Access option is not available.
To change a users access and limits
1.
2.
Right-click on the user that you want to modify and select Access and
Limits.
The Access and Limits dashboard is displayed. For example:
3.
Modify the required access and limit options.
4.
Click [Apply] to save the changes.
Allocating message types

There is a finite number of licences for each message type. Therefore, it is
important that you allocate to a user only those message types they are going to
use.
You can control which message types a user can access. For example, you might
want to give a user access to Cash messages only while other users might only
need to access Treasury Confirmations. There might be some users who need to
access all message types.
Users with no message type allocation can only access data in universes which
have been assigned to them. However, for the standard TLM Reconciliations
universe allocation, at least one message type must be allocated to enable users
to log on.
To allocate message types to a user
1.
2.
Right-click on the user to which you want to assign messages and select
Message Maintenance.
The Message Maintenance dashboard is displayed. For example:
3.
Select the messages that you want to assign to the user in the Message Type
list.
If you want to assign multiple messages, do so by selecting the first
message, and then press <Ctrl> whilst you select the additional required
messages.
to move your selection to the Current
4.
Click the right arrow button

Selection list.
5.
40 Authorising User Maintenance
Allocating Roles
User Roles control the assignment of permissions to users. When you create a
new user, they must be assigned a role before that user can access Design Studio,
TLM WebConnect or any associated TLM application. A user can be assigned
multiple roles. Each role has its own data access rights and permissions, and the
user inherits the most favourable permissions from all of their roles.
The procedure assumes that at least one suitable role has already been configured
(page 43).
To assign roles
1.
2.
Right-click on the user to which you want to assign a role and select User
Roles.
The User Roles dashboard is displayed. For example:
3.
Select the roles that you want to assign to the user in the Available list.
If you want to assign multiple roles, do so by selecting the first role, and
then press <Ctrl> whilst you select the additional required roles.
to move your selection to the Selected list.
4.
Click the right arrow button
5.
Authorising User Maintenance

If you have applied second user authorisation on your system, each change
described in the Maintaining Users in WebConnect section is not fully
implemented until it has been authorised.
User changes cannot be authorised by the same user that made the original
change; this must be done by a different user with the appropriate role and
authority.
User changes are authorised using the Pending Authorization Users dashboard.
To authorise user changes

1.
From the main menu, select User Maintenance > Pending Authorization
Users.
The Updated Users search prompt is displayed. For example:
2.
3.
If you want to search for all changes pending authorisation, leave the search
fields blank. Alternatively, you can populate them with any of the following
search criteria:
Update Users User Id the User ID of the user affected by the change.
You can optionally enter part of the ID and then use an asterisk (*) as a
wildcard.
Updated Users Edit User the User ID of the user responsible for the
change. You can optionally enter part of the ID and then use an asterisk
(*) as a wildcard.
Updated Users Operation select the type of changes that you want to
view from the list of those available. For example, you can select Delete
to view a list of any delete changes that are pending authorisation.
Click [Search].
The Pending Authorization Users dashboard is displayed, showing the type
of change that has been made and the user who made the change. For
example:
4.
Right-click on the change that you want to authorise, and select the
corresponding operation from the context menu. For example, if you want to
authorise an Insert change, right-click on the applicable row and select
Insert User. For example:
42 Authorising User Maintenance
The authorisation dashboard is displayed.

5.
Click [Authorize] to approve the change, or click [reject] to discard the

change.
The changes are then committed.
Maintaining Roles in WebConnect

Roles must be configured and assigned to users before they can access
SmartStudio or TLM WebConnect, and each user can be a member of multiple
roles, each role having its own data access rights and permissions. The user
inherits the most favourable permissions from all of their roles.
You can use the WebConnect Role Maintenance function to perform the
following actions:
Search for and view existing roles in the system
Control access to role maintenance functions
Create new roles
Assign users to roles, as well as permissions to business logic tools, search

restrictions, universes, editable attributes, row based constraints and
dashboard shortcuts.
Delete roles
Viewing roles in WebConnect

The list of roles configured to use the system is displayed in WebConnect within
the Roles dashboard. You can use this dashboard to view roles, and to access the
role maintenance functions.
To view roles in WebConnect
1.
From the main menu, select Role Maintenance > Roles.

The Roles search prompt is displayed. For example:
2.
3.
If you want to search for all roles, leave the fields blank. Alternatively
populate any of the following search fields with the required search criteria
to search for specific role:
Role name if you know the name of the role you want to view, enter it
into this field.
Role description if you know any keywords or phrases that could be

part of the role description, enter them into this field. You can
optionally enter part of the description and then use an asterisk (*) as a
wildcard.
Click [Search].
The roles grid is displayed and lists the roles returned by the search. For
example:
44 Viewing roles in WebConnect
The Roles dashboard displays the name and description of roles returned
from the search.
Viewing role details

You can drill down from the Roles dashboard to view the configuration
information of individual roles.
To view role details
1.
Launch the Dashboard_RoleDetails dashboard
2.
Right-click on the role that you want to view and select View from the
context menu.
The View dashboard is displayed. For example:
The role details are presented in a series of tabs on the View dashboard.
Adding or modifying a role

If you have the authority to do so, you can add roles to the system using the
Insert dashboard, from which you can assign the following permissions to your
role:
user universes
business logic tool availability
attribute editability
row-based constraints
search restrictions
You can also use the Users tab to assign the role to users.
The Shortcuts tab does not work, as shortcuts are no longer used. To assign roles
to dashboards so that users can access them, use the Menu Structure
configuration page in SmartStudio.
To add a role
1.
Launch the Dashboard_RoleDetails dashboard.
2.
Right-click anywhere on the Dashboard_RoleDetails dashboard and select

Insert from the context menu.
The Insert dashboard is displayed:
3.
Follow the role tasks in each tab, as described in the following sections, to
configure the new role.
4.
Click [Apply] after configuring each tab to save your changes.
5.
When you have finished configuring the role, click [OK] to exit the Insert
role dashboard.
To modify an existing role
1.
Launch the Dashboard_RoleDetails dashboard.
2.
Select the role that you want to modify, right-click and select Modify from
the context menu.
The Modify dashboard is displayed.
3.
Make the required changes.
4.
Click [Apply] to save your changes, then [OK] to close the dashboard.
Allocating universes
You can control the access a user has to data using User Universes. Universes
are assigned to a role to determine the data that is available to the users assigned
to that role. For example, universe access controls the nodes that are displayed
when specifying universe levels within objects such as Rules, Constraints, and
Roles.
To assign universes
1.
From the Insert dashboard, ensure the Role Detail tab is selected.
2.
In the Available universes list, select the universe that you want to apply to
the role.
3.
Click the right arrow button.

The selected universe is moved to the Selected list. For example:
4.
Repeat steps 2 and 3 for any additional universes that you want to assign to
this role.
5.
Click [Apply] to save your changes.
When assigning or removing universes from a role's allocation, if you select one
of the standard TLM Reconciliations universes (Item, Message Header, or
Message Type) the other two are automatically selected for you.
Allocating Business Logic tools

You must select the business logic tools that a user assigned to this role can
execute. You can also apply constraints to the use of the selected tools, if an
appropriate constraint has already been configured.
You can allocate the tools to your role from the Business logic section of the
Insert dashboard, which is divided into the following three sections:
Available lists the business logic tools that can be added to your role
Selected lists any business logic tools that have already been selected for
your role
Constraints lists any constraints that have been configured for use with the
business logic tool.
For example:
To assign business logic tools to your role

1.
From the Insert dashboard, select the Business Logic Tools tab.
2.
In the Available list, select the tool that you want to assign to the role.
3.

The selected tool is added to the Selected list.
4.
Repeat steps 2 and 3 for any additional tools that you want to assign to this
role.
5.
If you want to apply constraints to any selected tool:

1.
In the Selected list, select the tool that you want to apply the constraint
to.
Any available constraints are displayed in the Constraints list.
2.
In the Constraints list, select the constraint that you want to apply to the
selected tool.
3.
Click [Add].
4.
To un-assign a business logic tool from a role

1.
2.
In the Selected list, select the tool that you want to un-assign from the role
and click the right arrow button.
The tool is removed from the Selected list.
3.

To remove a constraint from a selected tool
1.
2.
In the Selected list, select the tool from which you want to remove the
constraint.
Any constraints associated with the tool are displayed in the Constraints list.
3.
In the Constraints list, select the constraint that you want to remove from the
tool.
4.
Click the [Remove] button.

The selected constraint is removed from the tool and is no longer displayed
in the Constraints list.
5.
Allocating users to roles

A user must be allocated a role before they can access Design Studio or TLM
WebConnect.
You can allocate users to roles from the Users configuration tab of the Insert role
dashboard. For example:
This dashboard is divided into two sections: Available and Selected. Users in the
available section can be assigned to your role. The Selected section lists any
users already configured for use with the role.
To allocate a user to a role

1.
From the Insert role dashboard, select the Users tab.

The User configuration screen is displayed:
2.
In the available list, select the user that you want to assign to the role.
3.
Click the right arrow button to move the selected user to the Selected list.
4.
Repeat steps 2 and 3 for any additional users that you want to assign to this
role.
5.
Allocating attributes
You can control which attributes in the system a user can edit, and add
constraints to those attributes, if an appropriate constraint has already been
configured. For example, you can restrict a user to being able to change a Source
Code and Security Description for an Our Positions item, or restrict a user to
only changing a Senders Reference and a Position Value for a Their Positions
item.
Attributes are allocated from the Editable Attributes tab in the Insert Role
dashboard.
To control attributes
1.
From the Insert role dashboard, select the Editable Attributes tab.
The Editable Attributes configuration screen is displayed. For example:
2.
In the universe tree, select the level from which you want to add an editable
attribute.
The editable attributes available at that level are displayed in the Available
list.
3.
In the Available list, select the required editable attribute.
4.

The selected attribute are added to the Selected list.
5.
Repeat steps 2 to 4 for any additional attributes that you want to assign to
this role.
6.
If you want to apply constraints to any selected attributes:

1.
In the Selected list, select the attributes that you want to apply the
constraint to.
Any available constraints are displayed in the Constraints list.
2.
In the Constraints list, select the constraint that you want to apply to the
selected attributes.
3.
Click [Add].
4.
To un-assign an attributes from a role

1.
2.
In the Selected list, select the attribute that you want to un-assign from the
role and click the right arrow button.
The attribute is removed from the Selected list.

3.

To remove a constraint from a selected attribute
1.
2.
In the Selected list, select the attribute from which you want to remove the
constraint.
Any constraints associated with the attribute are displayed in the Constraints
list.
3.
In the Constraints list, select the constraint that you want to remove from the
attributes.
4.
Click the [Remove] button.

The selected constraint is removed from the attribute and is no longer
displayed in the Constraints list.
5.
Allocating row-based constraints

You can restrict whether records (rows) in grids or forms can be edited by
applying constraints to a universe level, if an appropriate constraint has already
been configured. If no row-based constraints are applied, all rows are available
for editing.
To allocate row-based constraints
1.
From the Insert dashboard, select the Row Based Constraints tab.
For example:
2.
In the universe tree, select the level from which you want to select a
constraint.
Any constraints available at the selected level, which have not already been
assigned to the role, are displayed in the Available list.
3.
Select the required roles from those in the Available list.
4.
Click the right arrow button to move your selection to the Selected list.
5.
Repeat steps 2 to 4 for any additional constraints that you want to assign to
this role.
6.
Click [OK] to save your changes.
Allocating search restrictions

You can use search restrictions to restrict access to data, for example where you
have different groups that are each responsible for a particular region or line of
business.
This functionality is implemented by creating a search restriction and adding
access rules to it. You can assign multiple search restrictions to a role. Multiple
search restrictions are ANDED together. When a user launches a dashboard
search, all search restrictions applied to that users role that are above the level
of the search are appended to the search. Where a user has more than one role
assigned to them the search restrictions for different roles are ORed together.
Before carrying out this procedure, you must have already created appropriate
access rules and search restrictions in SmartStudio.
To allocate search restrictions
1.
From the Insert Role dashboard, select the Search Restrictions tab.
The Search Restrictions configuration screen is displayed. For example:
2.
In the universe tree, select the level from which you want to select a search
restriction.
Any search restrictions available at the selected level, which have not
already been assigned to the role, are displayed in the Available list. Select
the required search restriction from those in the Available list.
3.
Click the right arrow button to move your selection to the Select list.
4.
Repeat steps 2 to 4 for any additional search restrictions that you want to
assign to this role.
5.
Click [OK] to save your changes.
Deleting a role
If you have Update Access to Roles, you can delete roles. Update Access is
controlled by your user authorities.
You can only delete roles that are not allocated to any users.
To delete a role
1.
Launch the Roles dashboard
2.
Select the role that you want to delete.
3.
Right-click on the grid and select Delete from the context menu, or click the
Delete tool in the business logic toolbar.
52 Deleting a role
A window is displayed, prompting you to confirm whether you want to

delete the selected role. For example:
4.
Click [Yes] to proceed.

If the roles is not allocated to any users, it is deleted from the system. If the
roles is still allocated to some users, an error is displayed and the role is not
deleted from the system.
Appendix A User Authorities 53
Appendix A User Authorities
The User Access and Limits dashboard allows you to set up and maintain a
user's access to options in the on-line application.
For many options, a user's access can be set to one of the following:
No Access - Cannot access
Update Access - Can add, change, and view
View Access - Can view only
Some options are simply set to:
Yes - Allows user to perform function
No - User not permitted to perform function
Lead Users
When you assign a user to follow a lead user, the `following' user inherits the
same settings as the lead user with respect to Access and Limits.
54 Admin User Authorities list
Admin User Authorities list

In the following table, the Admin User Authorities are described and grouped in
the order in which they appear on User Access and Limits for Design Studio
version 2.7.
KEY
BIG - Business Infrastructure Guide
OPS - Operations Guide
BPG - Business Processing Guide
UAG User Administration Guide
WSG WebConnect Studio Guide
User Authority
Custom Filters
User
Type
Description
Full
Allows a user to create their own predefined filters for the following nodes:
Casing
Users
Enquiry
Roles
These filters can then be used in place of the general filters.

Users can define one predefined filter per business object node as the default. This
default filter is pre-filled into the filter dialog when it is loaded, meaning that if the users
clicks [OK] on the filter dialog, only a subset of the total configuration data is displayed.
Applies to: Any of the nodes listed above
Reference: UAG - Creating predefined Admin tree filters
Customisation
Full
Global Dashboard
Views
Casing
Customisation Parameters
Not supported.
Enquiry
Full
Allows a user to change entries in the System Configuration settings.
System
If the user has an id of `SETUP', some settings within this area have major implications
on the way in which the system performs and are normally set up by SmartStream
Technologies implementation staff following consultation with the users of the system.
It is recommended that SmartStream Technologies is notified of any intended change to
these settings, and that the access to the system by this user is restricted. Any other user
on the system can be given access to the same area, but the list of settings that will be
displayed or available for change is limited.
Applies to: Customisation > Parameters
References: BIG - Appendix A - Customising the Display;
Customisation - Screen
Legends
Full
System
Allows a user to change entries in the Window Display Configuration. This would
normally be made available only if the system was required to display information in a
language other than English. If this option is taken, it will affect all users of the system,
and in addition, the number of characters input for the non-English version cannot be
more than the English version, otherwise the contents of frames/windows on the system
can be compromised.
Window trims and button labels can be customised globally using the Screen Legends
option on the Admin tree. You can change the most commonly used words within the
TLM application, and use this option to change the language of the TLM user interface.
This functionality is only available to a System user.
Applies to: Customisation > Screen Legends
References: BIG - Appendix A - Customising the Display
User Authority
Customisation System Messages
User
Type
Full
System
Description
Screen titles and on-line messages can be customised globally using the System
Messages option on the Admin tree. You can change the most commonly used words
within the application, and change the language of the TLM user interface.
This functionality is only available to a System user.
Applies to: Customisation > System Messages
References: BIG - Appendix A - Customising the Display
Roles
Full
System
Allows a user to control the assignment of permissions to users. A role must be assigned
to a user before that user can access Design Studio, or any dashboards in WebConnect.
A user can be a member of multiple roles. Each role has its own data access rights and
permissions, and the user inherits the most favourable permissions from all of their roles.
The following permissions are assignable to roles:
User Universes
Business logic tool availability
Attribute editability
Row-based constraints
Search restrictions (access rules)
Applies to: Security > Roles

Reference: UAG Managing Roles
Roles - Editable
Attributes
Full
Enquiry
System
Allows a user to control which attributes in the system a user with the specified role can
edit. Also allows a user to add constraints to those attributes, if an appropriate constraint
has already been configured.
Admin tree: Security > Roles
Reference: UAG Allocating Attributes
Roles Universe
Access
Full
Casing
Enquiry
System
Allows a user to control the access a user with the specified role has to data using User
Universes. Universes are assigned to a role to determine the data that is available to the
users that have this role. For example, universe access controls the nodes that are
displayed when specifying universe levels within objects such as Rules, Constraints and
Roles.
Admin tree: Security > Roles
Reference: UAG Allocating Universes
SmartStudio
Full
Allows a user to create and design dashboards.
Casing
The SmartStudio software allows the dashboard designer to set up customized windows,
known as dashboards, containing a variety of controls, for the display, update and
processing of Workflow data.
Enquiry
Dashboards replace previously hard-coded aspects of the TLM software operations, such
as Item Enquiry, Message Maintenance, Queue Maintenance and the Store Summary.
Although dashboards are designed individually, several can be combined to enable
operators to progress their Workflow. For example, a queue maintenance function could
be created from several dashboards with Treeviews for drilling down through Set
Groups, Sets, Match Queues, and Grids for performing business logic on outstanding
items and match item proposals.
Parent-child relationships can control how many dashboards appear at runtime. The
example described above for Queue Maintenance has one parent dashboard with four
children.
Applies to: SmartStudio
Reference: WSG - Each chapter covers different aspects of dashboard design.
56 Admin User Authorities list
User Authority
User
Type
Description
Users
Full
Allows a user to add, change or delete User Details.
System
Add User Details holds information about a user's access to the system and any changes
to the password. Other data, such as the user's name, telephone and fax numbers and
their employment position within your organisation's hierarchy, are used for reporting
purposes.
Casing
Enquiry
The user profile, as defined by the User Type, is predefined and determines the user
authorities available for a particular user. For example, a Full User Type can potentially
access more of the TLM system than a Casing User Type. Within the User Type you can
fine tune user access using the User Access and Limits window.
When a user is `following' another user, the authorities options are shared between all
the users following that user. Therefore, if any of the authorities are changed for any user
following a lead user, all the other users following the same authority will inherit all of
the authorities of the profile being followed including the lead user.
A User B cannot follow the authority of User A if:
Another user, User C, is following the authority of User B.
User A is following the authority of another user.

Users cannot make amendments to the details of an authority level that a user might
follow if update access is allowed to this function, but they can assign a previously set
authority level if that function has been allocated to the user.
Applies to: Users
Reference: UAG - Setting up a Lead user
Users - Access and
Limits
Full
System
Casing
Users - Allocate Own

Password
Enquiry
Admin tree: Drill down from Users; Access and Limits is an option on the User Control
menu
References: UAG User Access and Limits
Full
Allows a user to set their own passwords.
System
If a user suspects that their password has been compromised, they can change the
password at any time. The next password change date will be amended so that the next
change will be set to the current date plus the next password change days.
Casing
Enquiry
Users - Allocate
Passwords
Allows a user to change the User Access and Limit parameters for another user. Users
cannot make changes to their own parameters or to the parameters of a lead user they are
following.
Reference: UAG Changing Passwords
Full
Allows a user to change Passwords for other users of the system.
System
If another user suspects that their password has been compromised, they can ask the user
of this function to change the password for them. However, this change is temporary as
the next password change date will be changed to the current date forcing the owner of
the changed password to change their password again when they next log on.
Admin tree: Drill down from Users; Change Password is an option on the User Control
menu
Reference: UAG - Changing Passwords
User Authority
User
Type
Users - Authority
Full
System
Description
Allows a user to change the Authority level that another user follows - you cannot
change your own authority level.
When you assign a user to follow a lead user, the `following' user inherits the same
settings as the lead user with respect to the following:
Message Maintenance
Access and Limits
Release Workflow
A number of `dummy' Lead users can be set up and then each actual user of the system
will follow the lead set by one of the dummy lead user profiles. For example, set up a
`Manager', `Supervisor', `Team Leader' and `Reconciler' with the appropriate authorities,
and then assign one of these four levels to each user of the system. Any users with very
specific tasks can be assigned their own authorities (follow themselves) if required /
necessary.
Admin tree: Drill down from Users; Lead User Authority is an option on the User
Control menu
Reference: UAG - Setting Up Lead Users
Users - Create or
Delete Global
Searches
Full
Workflow Elements
Constraints
Full
Workflow Elements Rules
Full
Workflow Elements Rules - Modify

Without Confirmation
Full
Workflow Elements Tools
Full
Workflow Elements Workflow Tools Modify Without

Confirmation
Full
System
Not supported.
Not supported.
Not supported.
Not supported.
Not supported.
Not supported.
Appendix B Software Support 59
Appendix B Software Support
More information about SmartStream Technologies software can be found in the

other documentation supplied with the product. If you are unable to find the
answer to your question in any of these resources, contact SmartStream
Technologies Support. Details are given below.
Calling SmartStream Technologies Support

Before you call, you should consult the checklist given below, to ensure that you
have all relevant information to hand.
Area
Postal Address
Contact Details
Europe
SmartStream
Technologies Ltd
tel: +44 (0) 1454 888485
1690 Park Ave
email: ssrsup.uk@smartstreamstp.com
Aztec West
fax: +44 (0) 1454 888486
Almondsbury
Bristol, BS32 4RA
UK
North and South
America
SmartStream
Technologies Ltd
tel: +1 212 763 6505
61 Broadway
fax: +1 212 763 6501
Suite 2824
email: ssrsup.usa@smartstreamstp.com
New York
tel (US internal): 877 215 8227
NY 10006
USA
Australia and Asia
SmartStream
Technologies Ltd
tel: +65 6224 7689
70 Anson Road
email: ssrsup.sea@smartstreamstp.com
26-01, Apex Tower

Singapore
079905
fax: +65 6222 4039
60 Before you call...
Before you call...

You will be
asked...
Notes
Your name and

your company
name
You must have already been registered with SmartStream

Technologies Support Desk by your main support contact, otherwise
the call will not be accepted
Software type:
test or
production?
If this is a test issue, it will be treated as a chargeable call unless a

software bug is proven.
Software
version number
Can be found by selecting Help > About from the software menu.
RDBMS Type
& Version
Confirm RDBMS Type (Sybase/Oracle/SQLServer) and Version.
Server
Operating
System Type
& Version
Confirm operating system (UNIX or Windows) and Version.
Priority of call
(1 to 4)
Based on business criticality.

1 Unable to process any transactions.
2 Partially inoperable transactions restricted
3 Operational but functionally impaired
4 Cosmetic problem or enquiry
Full description
of problem
being
experienced
Please provide as much detail as possible Any supporting screen

shots, reports or server logs that may help identify your problem
This information should be sent to your nearest support centre as
listed above. Please ensure that the Heat call reference that you will
be provided with is clearly indicated on any emails and faxes.
Can you
reproduce the
problem?
Yes or No.
Has this
problem
occurred
before?
Yes or No.
Customer Call
ref. (optional)
Please provide us with your own call reference if you have one.
Glossary of Terms 61
Glossary of Terms
Access Rule
Type of rule that is appended to runtime searches to restrict the data that is
returned to a user.
Admin tree
On the Design Studio desktop, displays the 'Administrator' functions. Each
branch of the tree can be expanded to show the lower levels or collapsed to hide
the lower levels.
Constraint
Rule that provides conditional control over attribute and tool availability.
Dashboard
Window that displays a graphical view of the items in the database, in the form
of charts, grids, treeviews, and so on, in WebConnect.
Design Studio
Design Studio is the application used to create and maintain roles and to
customise screen legends and custom messages.
Lead user
Authority ID from which a user can inherit the same settings with respect to the
following authorities options
Attribute Maintenance, Access and Limits, Web Shortcuts.
Role
A User Role controls the assignment of permissions to users. A role must be
configured and assigned to a user before that user can access Design Studio,
WebConnect or any associated TLM application. The following permissions
are assignable to roles user universes, business logic tool availability, attribute
62 Glossary of Terms
maintenance and editability, row-based constraints, and search restrictions

(access rules).
Search restriction
You use search restrictions to restrict access to data. This functionality is
implemented by the creation of an Access rule that is assigned to a role by way
of a rulelist.
Web User
End user accessing the application via WebConnect.
Index 63
L
Lead Users 17
Index
M
Maintaining user details 14
O
Online Help 10
P
Passwords - changing 15
access and limits 17

Adding
roles 21
user profile 11
Admin tree
options 18
user authorities 4
Allocating constraints 26
Attribute Maintenance 25
authority id 17, 37
Roles
adding 21
allocating users 24
assigning 19
deleting 27
search restrictions 26
Search restrictions 26
Sign on Status 15
Software Support 59
Business logic tools

allocating to roles 23
C
Changing
password 15
Constraints
allocating 26
D
Deleting
roles 27
Desktop 3
Document information ii
F
Full-text searches 10
G
Getting Started 3
H
Help 10
Universes, allocating to roles 22

User Attribute Maintenance 25
User Authorities and admin tree 4
User Details window 32
User profile 11
User Status 14
Users
adding 11
adding to roles 24
assigning to roles 19

Smart Data 27 SP1 Usr Adm

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Smart Data 27 SP1 Usr Adm

Uploaded by

Copyright:

Available Formats

SmartData Version 2.

Getting Started with Design Studio .................................................... 3

Managing Users in Design Studio .................................................... 11

Managing Roles in Design Studio .................................................... 21

Managing Users and Roles in WebConnect .................................... 29

Appendix A User Authorities ............................................................ 53

Appendix B Software Support .......................................................... 59

Glossary of Terms ............................................................................. 61

About this guide 1

About this guide

Welcome to the TLM 2.7 SP1 User Administration Guide.

Who should read this guide?

What does this guide cover?

How is this guide organised?

Getting Started with Design Studio provides an overview of the Design

Managing Roles in Design Studio describes the assignment of permissions

Managing Users and Roles in WebConnect describes how to install the

Appendix A User Authorities describes the user types available in Design

Appendix B Software Support lists the contact details of SmartStream

2 What's not included?

What's not included?

Details of how to operate your system. The TLM Reconciliations

Details of how to create and maintain dashboards. See the TLM

WebConnect Studio Guide

TLM Reconciliations Operations Guide

Conventions used in this guide

Pressing the Enter key

Holding down the Control key and pressing the

Current View >

Choosing the Horizontal option from the Orientation

Clicking the left mouse button

Clicking the right mouse button

Clicking the left mouse button twice in rapid

Clicking the Cancel button displayed in the window

Getting Started with Design Studio 3

Getting Started with Design Studio

Design Studio desktop

4 The Admin tree

The Admin tree

User Authorities and the Admin tree

Using Admin tree filters

Getting Started with Design Studio 5

Specifying filter criteria dynamically

To launch the Filter window, do one of the following:

The User Filter window is displayed:

Enter the optional filter criteria as follows:

To filter by Authority ID (lead user) enter the required ID in the

6 The Admin tree

To filter the Roles node

To launch the Filter window, do one of the following:

The Role Filter window is displayed:

Enter the optional filter criteria as follows:

Getting Started with Design Studio 7

Creating and applying predefined filters

Right-click the node and select Filter > Configure.

Click [Add] to add a new filter.

Enter a Filter Name.

Enter a text string on which to base your filter.

Click [OK] again when you have finished.

Right-click the Users or Roles node and select Filter.

8 The Admin tree

Select the filter that you want to use.

Specifying a default filter