The Users pane of the Security Center lists all users. The Search field in this tab allows you to search the name and description fields for users. Simple wildcard searches are supported. The full range of features that manage users is available only to Managers. Group Administrators can see the Security Center, but can only assign existing users to groups. Basic Users, Advanced Users, and Developers cannot see the Security Center, nor can they create, update, or delete users or assign users to groups.
The toolbar above the User pane allows Managers to perform the following actions:
Users are those individuals who have access to the WebFOCUS Business User Edition (BUE). Managers and Group Administrators can assign users with similar responsibilities to one of the user type groups that the BUE automatically creates within a domain. This assignment allows users to take advantage of those features and content that supports their daily activities, but prevents them from using features or content that are beyond the range of their responsibilities and authority. The four user types are:
Each user in the repository is defined by a unique name and may also be assigned a description, an email address, and a password. The user must be placed in a group at account creation and assigned a status. By default, the user is placed in the EVERYONE group, which is the group of all users in the system, and assigned the Active status.
Any of these characteristics, except the unique user name, may be edited later by an administrator.
Because user names are defined within the repository, they need to conform to the format rules and character limitations it imposes. If your installation supports external authentication, such as that provided by Microsoft Active Directory, user names also exist in an external repository, and must conform to the format rules defined in it.
The set of characters you can use to create user names is defined by the current character encoding setting established in the application server and the Client Code pages assigned to your NLS setting. For example, if the application server is configured to support UTF-8 encoding, and the NLS Setting is also configured to support the US Unicode (UTF) code page, you can use characters in the double-byte character set (DBCS) to create user names.
To support those installations that rely on external LDAP or Active Directory authentication, WebFOCUS user names support all of the characters supported by the sAMAccountName standard. Note that the range of allowable characters for WebFOCUS User Names is broader than the range for the sAMAccountName standard, and administrators must be careful to avoid including characters allowed by WebFOCUS but prohibited by the sAMAccountName standard in User Names.
Given these considerations, when creating user names, take the following rules into account:
Note: To prevent sign-in issues, and to conform to sAMAccountName best practices, replace characters that contain accents or other diacritical marks in user names with characters that exclude them. For example, convert Müller into Muller.
Note: if your user names must conform to sAMAccountName standards, you must independently ensure that user names also exclude the following characters: [ ] : = + < > \
If you support external authentication, avoid including characters in user names that your external authentication repository does not support. For more information about which characters to avoid, contact Customer Support Services.
Note: Only a Manager can create a user.
The New User dialog box opens, as shown in the following image.
If you do not enter a description, the description defaults to the name. If you do not select a group and status for the user, the user will be created in the EVERYONE group and assigned the Active status by default.
The Import User command automatically creates new user accounts by importing user information from a comma-separated values (.csv) text file and transferring those records to the user accounts database in the repository. This operation streamlines the creation of multiple user accounts by eliminating the necessity to open the New User dialog box, type, and save the details for each new user account, individually.
The import does not overwrite records of existing users, nor can you use it to delete existing user records. If a record in the user import file matches an existing user account, the import generates a message identifying the record that could not be imported, as shown in the following image.
You can create a new user import file by typing user information into any text editor and saving it as a comma-separated values (.csv) file. If you are exporting user information from an external source, you can create a user import file by reorganizing and reformatting the exported information, as necessary, and then saving the exported user information in a .csv file. Regardless of the method you use, you must ensure that all user import files you create conform to the format and layout requirements described in this topic and that the information within those user records conforms to the requirements described in Understanding User Record Field Format Requirements.
The user import file must not contain a header or column heading line. The first line in the file must contain the first user record. From that point on, each line within the user import file contains the record for a single new user. Multiple user records must not be placed on the same line. Because the import will end when it encounters the first blank line, do not include any blank lines between user records.
User import files that contain only those NLS characters used in the U.S. English or Western Europe code page 137 require no special encoding. However, user import files containing NLS characters from other code pages require UTF-8 encoding, without a byte order mark (BOM). To encode a user import file for UTF-8, open it in a third-party editor, change the appropriate setting to specify that the file uses UTF-8 encoding, and save it with that value.
Each user record contains the following fields: user name, password, description, email address, user status, and groups, as shown in the following image.
Within a user record, each field is separated by a comma. If the value assigned to a field includes a comma, the value in that field must be enclosed within quotation marks ("). For example the following new user record contains a comma in the third field, the description field, and is enclosed in quotation marks ("):
testadv,password,"Getting Started, Advanced User",firstname.lastname@example.org,ACTIVE,Getting_Started/AdvancedUsers
If a field in a user record contains no information, the record must still define a placeholder for the blank field by leaving two commas with no characters between them in the appropriate place in the record. For example, the following new user record omits the password typically found in the second field of a user entry:
testbas,,Getting Started Basic User,email@example.com,ACTIVE,Getting_Started/BasicUsers
When creating a user record, ensure that the values you assign to individual fields conform to the following requirements:
The format for a group name is the domain name, followed by a slash mark (/), and the group name. For example, the following new user record adds a user to the AdvancedUsers group of the Getting_Started domain, as shown in the last field in the record.
testadv,password,Getting Started Advanced User,firstname.lastname@example.org,ACTIVE,Getting_Started/AdvancedUsers
You can include more than one group name in this field. If you choose to do so, separate each group name with a semi-colon. For example, the following new user record adds a user to the Developers group and to the GroupAdmin group within the Getting_Started domain, as shown in the last field in the record.
testdevgrp,password,Getting Started Dev-Grp Admin,email@example.com,ACTIVE,Getting_Started/Developers;Getting_Started/GroupAdmins
To prevent a user record from failing to load, any group that you identify in it must already be defined within WebFOCUS BUE. You cannot use the import user operation to load new groups as well as users simultaneously.
Before you begin, ensure that all groups that are identified in the user import file already appear in the Groups pane of the Security Center, and create any groups or domains that do not appear.
The import operation creates new user accounts for the users specified in the file records, and assigns the new users to the groups specified in each record.
Only a Manager can edit user details.
Note: If you select Must Change Password, users will be prompted to change their password when they attempt to sign in.
Only a Manager can delete a user. The action of deleting a user also deletes that user's private content. Be sure to publish or share any private content assigned to that user if it supports ongoing activities.
A confirmation dialog box opens. Click Yes to delete the user.