Managing Viewpoint Users
 |
To use the User Management page, you must use ViewpointLoginModule as your authentication module, and not LDAP or SSO. |
The User Management page (NavigationID = "UserManagement") allows you to add, modify, or change the passwords of users. It has a table for displaying users, a set of controls above the table for operating on a user selected in the table, and a panel for displaying the details of an individual user.
The roles a user is associated with grant them permissions to view pages and perform actions in Viewpoint when ViewpointLoginModule is used for Viewpoint security. The ViewpointLoginModule and user roles are configured in core.xml.
Security
The User Management page allows you to set passwords, so it is important to configure this page to be hosted under an SSL connection. For more information on how to protect a site with SSL, see the Tomcat documentation here.
It is vital that only trusted administrators have access to the user management page. Therefore, in order to view or use the User Management page, a user must have these permissions:
- user.readall - Needed to see the User Management page.
- user.add - Needed to add a new user.
- user.updateall - Needed to modify a user or to change a user's password.
Do not grant any of the user.* permissions to average users. Instead, define an administrator role in this way:
<config>
...
<security>
...
<permissions-map>
<principal type="ViewpointRolePrincipal" name="user">
<role name="user" />
</principal>
<principal type="ViewpointRolePrincipal" name="admin">
<role name="admin" />
</principal>
</permissions-map>
<role-definitions>
<definition name="user">
<permission name="node.create" />
<permission name="node.read" />
<permission name="node.update" />
<permission name="node.delete" />
...
</definition>
<definition name="admin">
<permission name="user.*" />
<role name="user" />
</definition>
</role-definitions>
...
</security>
...
</config>
When creating a menu item for the User Management page in core.xml, you should require a user.readall permission. You can add a link to User Management in an Administration menu by adding the following in core.xml:
<nav-menu>
...
<menu label="Administration">
...
<link href='page://UserManagement' target='thisWindow' label='User Management'>
<permission name="user.readall" />
</link>
...
</menu>
...
</nav-menu>
Filtering
Users can be filtered using the filter widget above the table. The column names that can be used to filter users are:
- username - The user's username.
- roles - Roles the user is associated with.
Buttons
The buttons above the table perform actions based on the selected user. Buttons include:
- add user - Adds a user (requires the user.add permission).
- change password - Changes the password of the selected user (requires the user.updateall permission).
- modify user - Modifies the roles associated with the selected user (requires the user.updateall permission).
Details Pane
When you double click a user, a details pane appears showing detailed information about the user. The details pane contains these buttons:
- change password - Change the password of the selected user (requires the user.updateall permission).
- modify user - Modify the roles associated with the selected user (requires the user.updateall permission)
Forgot Your Viewpoint Administrator Password?
The following SQL statement inserts a new user with both user and administrator roles into the Viewpoint database. The password for this user is changeme.
INSERT INTO `SecurityUser` (username, pwHash, pwHashAlgorithm, pwSalt)
VALUES('admin','q5ixLKxkknS3FhWuN2AXqmYhflKtq1zLjQIV8IjX52v20P2lyN5COUc5riNIX89ou5JuelnVK9URJ2H4ToIVOA==','SHA_512','5088698167202632306');
INSERT INTO `SecurityUser_roles` (SecurityUser_username, name) VALUES ('admin','user'),('admin','admin');