Security Users (Reference)

Security → Tutorial | Concept | How-to Guide |  Standards Compliance | Reference

Pre-Defined Users

Three system users are configured by default:

<ac:structured-macro ac:name="warning"> ac:rich-text-body Do not delete or modify the row IDs of these built-in users. Do not create duplicate users with these names. </ac:rich-text-body> </ac:structured-macro>

Configuration Properties

Guest Access

The Guest user provides anonymous access:

• Active when no user logged in
• Default after logout
• No password capability
• Cannot be deleted
• Permissions define anonymous access level

Configure Guest permissions carefully to secure anonymous access.

Administrator Privileges

Exclusive Administrator capabilities:

• Delete users permanently
• Block/unblock accounts
• Set database passwords
• Delete audit trails
• Modify security policies
• Override permission inheritance

User Lifecycle Management

Creating Users

1. Navigate to Security → Users
2. Click first row to add
3. Required fields:
   • Name: Unique identifier
   • Permissions: At least one group
4. Optional security:
   • Password: Meet policy requirements
   • Policy: Assign security level

Disabling Users

Three methods for removing access:

Password Management

csharp

// Set password programmatically
@Security.SetPassword("username", "newPassword");

// Force password change
@Security.Users["username"].MustChangePassword = true;

// Check password expiration
if (@Security.Users["username"].PasswordExpired)
{
    // Prompt for new password
}

Runtime Authentication

Login Methods

Form-Based Login:

csharp

bool success = @Security.Login(username, password);
if (success)
{
    @Info.Trace("User logged in: " + @Client.UserName);
}

Windows Authentication:

csharp

@Security.UseWindowsAuthentication = true;
string windowsUser = @Client.WindowsUserName;

External Authentication:

csharp

// LDAP/Active Directory
@Security.AuthenticationMode = "LDAP";
@Security.LDAPServer = "domain.local";

Permission Integration

Users inherit permissions from assigned groups:

User: John
Permissions: Operator, Maintenance
Result: Combined permissions from both groups

See [Security Permissions] for group configuration.

Security Policies

Policies enforce password and session rules:

User: Mary
Policy: Enhanced
Result: Strong password, 90-day expiration, session timeout

See [Security Policies] for policy configuration.

User Properties Access

Runtime Properties

csharp

// Current user info
string currentUser = @Client.UserName;
string permissions = @Client.Permissions;
int level = @Client.Level;

// Check specific permission
bool canEdit = @Security.HasPermission("EditDisplays");

// User session
DateTime loginTime = @Client.LoginTime;
string ipAddress = @Client.IPAddress;

User Management

csharp

// Get user details
var user = @Security.Users["username"];
string company = user.Company;
string group = user.UserGroup;

// Modify user
user.ContactInfo = "john@example.com";
user.Level = 50;

Best Practices

1. Set Administrator password - Immediately on deployment
2. Use permission groups - Don't assign individual permissions
3. Apply security policies - Enforce password standards
4. Audit user changes - Track modifications
5. Review Guest permissions - Minimize anonymous access
6. Document user roles - Clear responsibility matrix
7. Regular cleanup - Remove inactive users

Troubleshooting

Cannot login:

• Verify username/password
• Check account not blocked
• Confirm permissions assigned
• Review policy restrictions

Password issues:

• Check policy requirements
• Verify not expired
• Confirm complexity rules
• Test password hint

Permission denied:

• Review group assignments
• Check permission inheritance
• Verify user level
• Confirm not Guest user

Account locked:

• Check failed login attempts
• Review policy lockout rules
• Administrator unlock required
• Check LockState property

In this section...