All activity in Dynamic AI is verified against permissions and rights defined on the user account being used during login to a Dynamic AI session.
The following section describes in details the settings that can be set on a user account.
Users with the right “User maintenance” can add, delete and modify user accounts. Typically this user right should only be assigned to a restricted group of administrators, the network security group or other central functions that have the authority to give access / permissions to information within the organization.
Next to “Users” you will see to figures. The first figure will show the number of registered users. The next (in green) will show how menu users logged in at the moment.
When clicking on “Users” in the navigation menu the users will be shown by User ID and User Name (maximum of 24). Any users that currently are logged into Dynamic AI will be shown with the color green. Above the user names you will find a search box to search for users and a “New user” menu item that should be used when you want to create a new user.
Below the user names you will see two administrative reports (User list and user alias/roles/rights) that will give a good overview of the users and the opportunity to maintain several user accounts at the same time via list edit functionality.
Any users that are locked out due to “to many failed logins” will be shown above the user list.
All access to Dynamic AI requires the authentication of a valid user account. The user account is a personal account that controls the individual users preferences, default settings, available functionality etc.
It is an essential part of the Dynamic AI application architecture, that all application objects (connections, Reports as well as assigned application actions, such as the ability to connect to a new database, to administrate users and groups etc., always are dedicated to a user or a group of users.
The user account is central to functionality and data access binding in Dynamic AI. The user account can be protected with a number of subsequent security features that will all minimize the possibility of un-intended use of Dynamic AI.
To maintain a user account simply click on the Username in the Administration menu or from the administrative user reports (user list and user alias/roles/rights) click the button to the left of the record you want to maintain. When doing that the user will be presented as shown below:
The user account maintenance is divided into the following sections:
· Identification
· Password
· Account
· Groups
· Options
· Other
Identification and password is handled in the top of the screen and below them its possible to shift between Account, Groups, Options, Other and All (which will show all settings in one page).
Below please find each individual section described in more detail.
In this part of the user maintenance screen you will find the following information:
|
Field: |
Sample value: |
Description: |
|
Username |
HSM |
User ID (part of login authentication). |
|
Full name |
Helen Smith |
The full name of the user. |
|
|
helenSmith@testcompany.com |
Default shown when sending Dynamic AI E-mail reports. |
|
Account Starts
To |
1-1-2007
31-12-2007 |
An individual user account can be opened for a specific limited time-interval. Only within this period of time the account will be available for successful login. |
|
Organization ID |
CINTAC |
If used in combination with client certificates the Organization ID will be verified against the presented certificate during login. |
In order for a Dynamic AI user account to be valid, a password must be assigned to the individual account. Dynamic AI offers a number of features to increase password security:
· Minimum password length
· Minimum number of numeric characters in password
· Minimum number of alphabetical characters in password
Additionally the following features are available:
· Passwords can be set to expire after n number of days
· Passwords can be forced not to equal any of the last 5 used passwords
Dynamic AI offers the additional features to make “hacking” of the passwords more difficult:
· Accounts can be locked after n unsuccessful logins
· Accounts can be forced to check for the existence of a client certificate and a specific organization ID to be available on the certificate
· Login from specified ranges of IP addresses can be forced to use SSL (HTTPS) when accessing the Dynamic AI application server.
Please refer to the section “Error! Reference source not found.” for details on Security settings.
|
Field: |
Sample value: |
Description: |
|
New Password |
fgY6hK |
To change password type new password here |
|
Re-type |
fgY6hK |
And retype the new password here |
|
Force user to change password at next login |
Checked Unchecked |
When checked, the user will be forced to change password upon next login |
|
Failed Login Attempts |
3 |
Number of failed login attempts. If the maximum failed login attempts before closing account is exceeded, the field “Failed Login Attempts” must be reset (set to 0) if user has been locked out. |
On this tab the users Alias, Roles, Language and format settings are maintained.
|
Field: |
Sample value: |
Description: |
|
Alias 1-10 |
|
Please see below this table |
|
Roles A-J |
|
Please see below this table |
|
Language |
Default English Deutsch Dansk |
This setting will set the language used for generic Dynamic AI presentation. The default option will set the language based on the regional settings set on the browser used by the user. |
|
Default . (period) , (comma) |
. = 1,000.12 (US format) , = 1.000,12 (European format) The default option will set the number format based on the regional settings set on the browser used by the user. |
|
|
Date |
Default mm-dd-yyyy dd-mm-yyyy yyyy-mm-dd yyyy-dd-mm dd.mm.yyyy |
The default option will set the date format based on the regional settings set on the browser used by the user. |
|
Navigation |
By Common/Own By user group By author By type By owner group By DB Connection By Style History changes |
By Common/Own The navigation menu will be organized in common and own Reports. By user group The navigation menu will be organized based on the user groups assigned as “Users” on the available Reports. By author The navigation menu will be organized based on the original author of available Reports. By type The navigation menu will be organized based on the type (list, form, graph etc.) on the available Reports. By owner The navigation menu will be organized based on the owners assigned on the available Reports. By DB Connection The navigation menu will be organized based on the database connection ID of the available Reports. |
|
Graph output |
PNG format JPEG format GIF format No output TChart ActiveX |
Output format when graphs are used reports for this user account. |
|
START page |
Listing of Reports that the user have access to |
Defines the Report that will automatically open after login on this user account. The “forced” start page can be used in combination with hiding or disabling the normal Dynamic AI navigation and eventually combined with drop-down menus change the Dynamic AI user interface away from the standard. |
|
Use style from user |
Listing of available user accounts |
Use this option to link user accounts to central account profiles used to set specific colors and fonts. Using this option will override the default system option and instead refresh colors, fonts and sizes from the indicated user account. |
Dynamic AI offers the feature to assign up to 10 different aliases to a user account. Aliases (in the form @alias1, @alias2, @alias3, etc.) can be used directly on connections and reports to filter parse individual user information, filter for a specific user organization, company id, domain etc. etc.
Aliases can also be used in combination with the Dynamic AI data-source dictionary in order to centrally force a user-level filter to be assigned across all underlying reports and forms on that specific table/query specified in the dictionary.
E.g. when the “forced-filter” alias method is used across the dictionary, it is recommended to set the global settings ALIASxREQUIREDONUSER in order to enforce that accounts must be set with specific alias values to be valid.
Dynamic AI offers the feature to divide users into 10 different roles (role A..J) or combinations thereof.
Roles are used in combination with the Dynamic AI data-source dictionary in order to centrally control which data-column is displayed on reports/forms/in customize and Quick Customize for a specific user.
Use the group membership’s option to assign the user to specific user groups. Refer to the “Groups” chapter to find more information on the use of groups in Dynamic AI.
Use sharing with group’s option to specify the groups that the user can share information to. The selected groups will be the exclusive list of optionally groups that the user can select from when setting the user and owner groups on customized Reports. Refer to the “Groups” chapter to find more information on the use of groups in Dynamic AI.
On this tab the user rights for Dynamic AI functionality is set.
The different rights are grouped by General, Data/Export Rights, Design Rights and Tools and Maintenance which are described below.
|
Field: |
Description: |
|
Show navigation menu |
The user will get access to the normal Dynamic AI navigation. This option isn’t selected a forced Dynamic AI start page must be set in order to be functional. |
|
Allow change navigation look |
Check this option if the user should be allowed to set and change in between above mentioned Navigation look option via the user profile. |
|
Explore Owner Rights |
The user can explore Reports where the user is part of the owner group but not necessarily part of the user group. Reports will be shown in the reports menu, when grouping it “By owner-group”. This option is relevant for administrators and developers. |
|
Access to PROFILE |
User has access to his/her own profile where user is free to change colors, fonts, regional settings as well as startup-page, password etc. |
|
Access to Help |
User has access to online standard help functionality. |
|
Field: |
Description: |
|
Explore Databases |
The user can explore database connections and see all available tables, views, synonyms and Dynamic Views available through assigned database connections. |
|
Data Ins/upd/del |
The user will be able to input, modify or delete data when allowed on Database connection and on the report. |
|
Export Fixed |
The user can export a list in Fixed length format |
|
Export XML |
The user can export a list in XML format |
|
Export CSV |
The user can export a list in CSV format |
|
Export PDF |
The user can export a Report in PDF format. Requires that WebGrabber and ActivePDF Server are installed on the Dynamic AI server |
|
Export to Outfolder |
The use can export a report to the defined Outfolder via calling the ai.asp with specific parameters.
http://localhost/dynamic/ai.asp?dai_r=111&UID=xxx&PW=yyy&DEVICE=CSV&DEST=SERVER (Where 111 is the report number, xxx is the username and yyy is the password. Read more about this in the section Integration into other frameworks |
The options “Export Fixed”, “Export XML”, “Export CSV”, “Export PDF” and “Export to Outfolder” will control which options that the user are allowed in the Tools menu on individual List Reports or via direct links when integrating Dynamic AI into other applications.
Export to Excel has not been included as a User Right as a simple Copy / Paste action from the report into Excel can not be controlled.
|
Field: |
Description: |
|
Add new URL PAGES |
The user can add and share URL links e.g.: http://www.dynamicai.com via the Dynamic AI Navigation |
|
Add new PAGES |
User can create menu pages, presentation slides, documentation, portal pages etc. This type of Report isn’t bound to a specific database connection. |
|
Add new PACKAGES |
User can create new short-cut and/or drop-down menu’s to supplement or replace the standard Dynamic AI navigation. |
|
Design Database based Reports |
The user will get a “Design” option on database based Reports and will have access to create, update and eventually delete Reports as well as share Reports in accordance with specific rights set on individual Reports and groups that the user can share information to. |
|
Change type |
Users that are having the “Change Report Type” will have access to change report type whether or not the user is a member of the Owner Group – obviously only in combination with already implemented and existing design rights and restrictions. |
|
Access to Ad-hoc Change |
The user will have access to a reduced set of design on list Reports that allows for Ad-hoc Change. Access to Ad-hoc Change will allow the user to change and run a changed report in that session. The user will not have access to save, change, insert or delete the stored Report. |
|
Save Ad-hoc Reports |
With this option in combination with “Access to Ad-hoc Change” the user can save/delete/insert new Reports based on existing Reports. |
|
Edit SQL variables |
The user has access to maintain Global SQL columns |
|
Allow SUB selects Free SQL |
By default Dynamic AI will NOT allow the use of the following SQL commands:
SELECT, JOIN, FROM
Only the insert and update of such statements are being restricted.
Execution of defined Reports where e.g. sub selects etc. are being used in FREE WHERE, Dynamic AI Views and SQL variables are still allowed. |
|
Allow show SQL |
The user is allowed to see the SQL statement executed on a report by checking Show SQL in the tools menu. |
|
Access to Documentation |
The user has access to full report documentation in the Tools menu and versioning and history changes in design mode. |
|
Field: |
Description: |
|
Connection maintenance |
The user will get access to Connection maintenance and can create, modify and delete Dynamic database connections. This is a typical administrator function. |
|
Dynamic SQL View |
The user will get the option to create new Dynamic SQL View definitions and JOINS. |
|
Dictionary |
The user will get access to the maintain dictionary function. This is a typical administrator function. |
|
Relation maintenance |
User has access to define, change and delete relationships in-between data-sources (Tables, views and queries) on available Dynamic AI database connections. This is a typical administrator function. |
|
User maintenance |
The user has access to user administration. This is a typical administrator function. |
|
Group maintenance |
The user has access to group administration. This is a typical administrator function. |
|
Style maintenance |
User has access to add, change and delete available styles for lists, reports and forms. This is a typical administrator function. |
|
Maintain system parameters |
The user will have access to maintain and input new central system parameters. This is a typical administrator function. |
|
Import/Export |
The user will get access to import and export Dynamic AI Reports as well as import updated system Reports. This is a typical administrator function. |
|
Log Administration |
The user has right to view logged activities and reload deleted reports. This is a typical administrator function. |
|
USE Dynamic AI Informer |
The user will be allowed to define alarms and get access to a personal watch / alarm list. |
Here you will find information on last login, total logins and the IP address during last login. You can also see which browser that was used.
The Field Free 1 – 3 can be used for input of user attributes. Custom captions can be set by manipulating the System Text numbers, 853,854 and 855.
Alias captions 1-10 and e.g. Roles captions can be set in a similar fashion:
System text numbers are:
Alias1 825 Alias2 826 Alias3 827 Alias4 828
Alias5 829 Alias6 830 Alias7 831 Alias8 832
Alias9 833 Alias10 834
Role A 835 Role B 836 Role C 837 Role D 838
Role E 839 Role F 840 Role G 841 Role H 842
Role I 843 Role J 844
To add a new user, click on the “New user” button on the Administration Menu under “Users”.
A blank definition form will appear:
Optionally new user accounts can be opened as copies from existing user accounts.
To copy information from an existing user account, find and open the maintenance form for that user and click on the “new Copy” button in the bottom left of the maintenance screen.
Complete the relevant sections of the user account and insert the new user account by clicking the “Save” button.
User accounts settings can freely be modified at any time, and will automatically cascade to related Dynamic AI definitions.
Be aware however, that changes to the username will require that the password is being re-defined. The username is part of password encryption protection.
Changes to the account will have impact from the next login by the user.
To change an existing account, locate the account in the user account list, click on the record selector next to the relevant user and the account will be opened for modifications.
After updating relevant settings, save the changes by clicking the “Save” button at the bottom of the screen.
To delete an existing user account, locate the account in the user account list, click on the record selector next to the relevant user and the account will be opened.
Remove the account by clicking the Delete button at the bottom of the screen.
Dynamic AI will automatically remove the user account from any groups that the user account might have participated in as well as removing Reports from the “Own” section of the navigation menu for the specified account.
If restrictions on a specific number of failed logins have been set as part of Dynamic AI system security settings, user might sometimes lock their accounts when passwords are typed wrong or forgotten. When an account is locked the user will get the message to contact systems administration to unlock the account.
To unlock an account that has been locked due to exceeding the number of accepted failed logins, open the account from the “Locked accounts” found in the Administration menu and reset the number of failed login attempts to 0. After updating the account, the user can start a fresh browser session and login again.
If the user can’t remember the account password, create a new password, inform the user, and optionally check the “Force user to change password at next login”.
If a user account has been locked because of account expiration, open the account from the User & Group maintenance main screen and set a new valid account period. After update the account will be valid for login again.