|To use the User Management page, you must use ViewpointLoginModule as your authentication module, and not LDAP or SSO.|
The User Management page (NavigationID = "UserManagement") allows you to add, modify, or change the passwords of users. It has a table for displaying users, a set of controls above the table for operating on a user selected in the table, and a panel for displaying the details of an individual user.
The roles a user is associated with grant them permissions to view pages and perform actions in Viewpoint when ViewpointLoginModule is used for Viewpoint security. The ViewpointLoginModule and user roles are configured in core.xml.
The User Management page allows you to set passwords, so it is important to configure this page to be hosted under an SSL connection. For more information on how to protect a site with SSL, see the Tomcat documentation here.
It is vital that only trusted administrators have access to the user management page. Therefore, in order to view or use the User Management page, a user must have these permissions:
Do not grant any of the user.* permissions to average users. Instead, define an administrator role in this way:
<config> ... <security> ... <permissions-map> <principal type="ViewpointRolePrincipal" name="user"> <role name="user" /> </principal> <principal type="ViewpointRolePrincipal" name="admin"> <role name="admin" /> </principal> </permissions-map> <role-definitions> <definition name="user"> <permission name="node.create" /> <permission name="node.read" /> <permission name="node.update" /> <permission name="node.delete" /> ... </definition> <definition name="admin"> <permission name="user.*" /> <role name="user" /> </definition> </role-definitions> ... </security> ... </config>
When creating a menu item for the User Management page in core.xml, you should require a user.readall permission. You can add a link to User Management in an Administration menu by adding the following in core.xml:
<nav-menu> ... <menu label="Administration"> ... <link href='page://UserManagement' target='thisWindow' label='User Management'> <permission name="user.readall" /> </link> ... </menu> ... </nav-menu>
Users can be filtered using the filter widget above the table. The column names that can be used to filter users are:
The buttons above the table perform actions based on the selected user. Buttons include:
When you double click a user, a details pane appears showing detailed information about the user. The details pane contains these buttons:
The following SQL statement inserts a new user with both user and administrator roles into the Viewpoint database. The password for this user is changeme.
INSERT INTO `SecurityUser` (username, pwHash, pwHashAlgorithm, pwSalt) VALUES('admin','q5ixLKxkknS3FhWuN2AXqmYhflKtq1zLjQIV8IjX52v20P2lyN5COUc5riNIX89ou5JuelnVK9URJ2H4ToIVOA==','SHA_512','5088698167202632306'); INSERT INTO `SecurityUser_roles` (SecurityUser_username, name) VALUES ('admin','user'),('admin','admin');