You are here: Administration > User Administration > Creating and editing users

Creating and editing users

Users are created in OEDQ from the User Configuration area on the Launchpad:

This topic describes:

Adding a new user;
Editing an existing user, and
Deleting a user.

It also contains detailed information on configuring a user's security settings relative to the central security policy and assigning user groups to users.

Note: OEDQ also supports integration with AD, enabling external management of users and passwords. For more information on this, please refer to the Integrating OEDQ with AD topic.

Adding a user

The User Configuration screen contains a list of the currently configured users and the groups that they have been assigned to. To add a user, click on the Add User button on the User Configuration screen:

The Create New User screen will appear:

The Create User Screen allows you to specify:

A username and password for the new user. The password must be entered twice, to ensure that no typographical errors are introduced;
The personal details of the user;
The groups that the user will be assigned to, and
The security settings for the user's account.

A 'Force Password Change' checkbox is also provided. If this is checked, then the user will be forced to change their password the first time they log in.

Assigning groups to a user and the setting the account security options are covered in further detail below.

Editing a user

To edit a user, navigate to the list of defined users as described in Adding a user. Click on their username in the list of defined users. You will be given the same options as when creating a new user.

Deleting a user

To delete a user, navigate to the list of users page as described in Adding a user. Click on the delete button next to the name of the user you want to delete:

You will be prompted to confirm the deletion before it is finalized.

Note that if you are using Case Management, and want to ensure that a full audit trail of all user activity is maintained even after users leave your organization, it is strongly recommended never to delete any users who have been active in the Case Management user application as it will no longer be possible to see the user name associated with an action if the user is deleted. In this case, it is better permanently to block users that you no longer wish to have access to the OEDQ applications.

Assigning groups to a user

In OEDQ, user permissions of all kinds are controlled via groups. Permissions are assigned to groups, and then groups are assigned to individual users. The a user's are the set of all permissions granted to the user's assigned groups.

Assign groups that the user should belong to by selecting them in the left-hand list and pressing the '>' button to transfer them to the right hand list:

Multiple groups can be selected at once by holding down the Ctrl key.

Groups can be removed from the user by selecting them in the right hand list and pressing the '<' button.

Configuring the account security options

The account security options for the user control the password expiration policy and the action to be taken if the user makes too many invalid attempts to log in.

The security settings are defined relative to the central security policy, which defines the default, generic behavior for users in the system.

Password expiration policy

The password expiration policy offers three settings: Generic, Never expires and Expires when defined.

Generic should be selected if you wish to use the settings from the central security policy. Note that if the central security policy specifies both 'Password never expires' and a value for 'Password expiration days', then 'Password never expires' takes precedence.
Never expires should be selected if the central policy specifies an expiry date but you wish to ignore it for this user.
Expires when defined should be selected when the central security policy specifies both 'Password never expires' and a value for 'Password expiration days'. This setting forces the user's security policy to ignore the 'never expires' option and to use the expiry days instead.

The following table illustrates the interactions between the central security policy and the user settings:

User settings	Password never expires	Password never expires, expiry days set to 21	Password expires, expiry days set to 21
Generic	Never expires	Never expires	Expires after 21 days
Never expires	Never expires (unnecessary setting of user options)	Never expires (unnecessary setting of user options)	Never expires
Expires when defined	Never expires (meaningless setting of user options)	Expires after 21 days	Expires after 21 days (Unnecessary setting of user options)

User settings

Password never expires

Password never expires, expiry days set to 21

Password expires, expiry days set to 21

Generic

Never expires

Expires after 21 days

Never expires

Never expires (unnecessary setting of user options)

Never expires

Expires when defined

Never expires (meaningless setting of user options)

Expires after 21 days

Expires after 21 days (Unnecessary setting of user options)

Response to invalid login attempts

The default response to too many invalid login attempts is specified in the central security policy. The centrally specified action can vary from no action at all through blocking access to the account for varying lengths of time, up to a permanent account block. (Blocked users can be unblocked by an administrative user.)

This action can be overridden on a per-user basis by selecting a different action from the Invalid Attempts drop-down:

Selecting the default option of 'Generic' means that the user will inherit its response from the central security policy.