Users and Groups

Users and Groups is the Configuration Studio model for managing users and groups. It can be found in the View menu or in the toolbar.

User represents an end user of the system.

Guest user is a user that is assigned Guest access. In a default installation there is no limit to the number of guest users that can be created, but the customer's license may contain a limit. Very few menu options are available to them, such as Show as graph/table choosing Benchmarking views.

Group is a grouping of users. A Group can have one or more users as members. By using Groups you can perform a task on several users in one single operation.

In Users and Groups you can:

create new users
change existing users
give users membership in groups or assign members to groups
assign access to users and groups

How to create or change a user

Users are stored in a table in the User panel. This table contains users' first and last names, and e-mail addresses where available. Users can be sorted by any column in the table by clicking the heading of the column you want to sort by.

You can also search for all users with a certain text or number sequence in the ID or user name by entering the search text in the Search field, or you can filter the user table to only show members of certain groups by clicking at the top and selecting the group(s) you want.

To create a new user right click directly in the User panel and choose Add -> User.

To edit a user's information double click on the user or right click it and choose Edit. You can also use the Properties panel on the right. You can give the user a new User ID and add or change personal information such as e-mail, telephone, and address.

User properties

User ID - a unique ID you use when logging in. By default users are given numeric IDs where the next available number is used automatically. E.g. if you have a user with the ID "102", the next user you create will be given the ID "103". Change the ID to the desired login user name. User IDs may contain numbers and letters.
Password - Enter a password in the Password field. You do not need the old password to change a password.

The password must be at least five characters long.

General

The following optional information can be registered:

First name
Last name
E-mail - used when resetting password as well as by Forms and Reporter
Language - choose the user's preferred language from the drop-down list. This will determine the system language for the user. If no language is selected here, or if the user's language is cleared, the language selected in Locale options will be used.
Telephone
Mobile
Membership - select the group(s) the user should belong to by clicking the icon to the right and choosing from the list

The Everyone group exists by default, and all users belong to it automatically.
Default page - select the user's default page, i.e. the page that will be displayed when the user logs on

Address

The following optional address information can be registered:

Address 1
Address 2
City
Zip code
State
Country

Last modified

Last logon - the date and time of the last time this user logged on to the system

Image

User picture - (optional) click the down arrow to upload or change the display image for the user.

On Web, Corporater BMP displays the image in the User menu and next to each comment of that user.

To be valid, the image must have a file extension that matches one of the extensions in Valid extension (for file upload) on Control Center's Security tab.

Audit

Modified by - the name of the last user to make changes to the object.
Last modified - the date and time when the object was last changed.
Created by - the name of the user who created the object.
Created - the date and time when the object was created.

Advanced

Access

Admin - grants the user unlimited access to all sections of the Application, and the user can read, write and remove all objects in the system. Users with this access are referred to as “super administrators”. Note that users with this access are automatically granted all privileges, and need not be assigned any other access. Use Admin access with care!
Guest - signifies that the user or group has very limited access to the Application. By default Guest users cannot modify any elements, including their own user preferences, and granting additional access rights to Guest will have no effect.

Guest users automatically become members of the Everyone group, and specific rights that are granted to that group will also apply to Guest users.
Inactive - users or groups with this access are denied access to the system. This should be assigned to users who should no longer be allowed to access the Application but cannot be deleted in order to preserve historical data. Note that the Inactive access overrides any other accesses or permissions set for a user. Even users with the Admin access can be set to inactive.

Inactive users are not removed from drop-down lists where users can be selected, e.g. Tasks or Strategic initiatives.
Locked - users with this access are not able to login to the system until this flag is cleared. This is to prevent repeated invalid login attempts. The number of login attempts allowed can be configured in Control Center.
Web - grants the user or group access to log on to the Web. The Everyone group has this access as default, resulting in all users having access to the Web. All normal users and groups in the BMP system should have the Web access.
Configuration Studio - grants a user or group access to log on to the Configuration Studio. Note that this access alone will not give access to change or add elements. The user's other access rights determine what objects can be added or changed, and which models the user has access to.
Web Search - grants the user or group access to the Search field on the web page. Without this access the Search field will not be visible.

Users must be assigned either Guest, Web, or Admin access in order to access the Web pages. Users without one of these accesses will be denied access to the Web.
Users will need Admin access in order to change object properties on web pages. Object owners Object owners and users with Unrestricted Property access will also have rights to edit certain objects on the web.
To access the Configuration Studio, the user needs either Configuration Studio or Admin access. Users with Configuration Studio access can view (read) model objects, but the user's total access rights determine which objects can be modified or added.
To have any effect Forms, Transformer, Reporter, Workflow, Strategic Initiative and Risk accesses as well as Resources and Unrestricted property access must be combined with either Configuration Studio or Admin access.

Resource Access

Resource access - gives a user access to the Resources in Configuration Studio, making it possible for this user to upload and modify file data.
Unrestricted property access - grants non-admin users full access to edit all properties listed in Property management, Type Management, also those that are usually hidden to normal users. A user must have this access in order to edit hidden properties on the web.

model Access

Forms - grants a user access to the Forms model in Configuration Studio
Transformer - grants a user access to the Transformer model in Configuration Studio
Reporter - grants a user access to the Reporter model in Configuration Studio
Strategic initiative - grants the user access to the Strategic Initiative model in the Configuration Studio
Risk - grants the user access to the Risk model in the Configuration Studio
Workflow - grants a user access to the Workflow model in Configuration Studio

If any of these models are not displayed it may be because your license needs to be updated.

How to create or change a group

To create a new group right click in Group panel and choose Add -> Group.

The Everyone group exists by default, and all users belong to it automatically. It is not possible to remove users from this group or explicitly add users to it. It is not possible to delete the Everyone group or to change its ID/name ("Everyone"). This group is commonly used to perform tasks on all users in the system in a single operation. Default access for the Everyone group is Web.

To edit a group's information right click it and choose Edit, or use the Properties panel on the right.

Group properties

ID - a unique ID. By default groups are given numeric IDs where the next available number is used automatically. E.g. if you have a group with the ID "102", the next group you create will be given the ID "103". IDs may be changed, and they may contain numbers and letters. IDs should NOT contain special characters such as ) ( . * } { + < > [ ] etc.

General

Name - the name "Group" is generated automatically but it should be changed
Description - an optional text describing the group
Default page - select the group's default page, i.e. the page that will be displayed when the users logs on.

If Default page is set for a user, that setting will override the Default page of groups. If a user is a member of more than one group, the first group's Default page will be used. We recommend setting the Default page directly on the user when a user belongs to more than one group.

Configuration

Members - click the icon on the right to select the members the group should have
Origin - specify whether the group's origin is INTERNAL, LDAP or SSO

When a user logs in with SSO, his/her group memberships will be changed based on what SSO says the memberships should be. If a user has changed group accesses in AD then this will be reflected when the user logs into BMP.

These changed memberships will only apply to groups with Origin = "SSO".

If, for example, you create a group bmp ( Origin = "Internal" or Origin = "LDAP") that does not exist in AD and give user1 membership to it, when user1 logs in, user1 will not lose membership in group bmp.

If the bmp group had Origin = "SSO", the user would lose membership in bmp because the SSO login states that user1 does not have membership in group bmp.

Note that the behavior of Origin = LDAP and INTERNAL is the same, in this respect.

Audit

Modified by - the name of the last user to make changes to the object.
Last modified - the date and time when the object was last changed.
Created by - the name of the user who created the object.
Created - the date and time when the object was created.

Advanced

The properties in the Advanced tab are the same as for User.