User Management

Breaking Change since version 26.1

Previous versions of the ZeeBORN system allowed a fine-grained definition of user access rights on user level. As this introduced high complexity and several challenges for monitoring and controlling active user access rights, releases since version 26.1 use a strict role-based assignment of access rights.
Each user gets one of the available user roles assigned and receives by this assignment all user access rights defined for this role. For special cases, additional roles can be assigned to the same user. If more than one role is assigned, the user gets all the access rights in all roles assigned.

User Roles

The ZeeBORN user management uses a role based management of user access rights. Depending on the role assigned to a user, this user will have the user access rights configured for the assigned role.

Managing Roles

Roles can be managed via the Roles tab of the user management module. The Access Rights tree shows the currently assigned access rights. Those rights can be changed by clicking the Edit button in the Rights section of the toolbar. Access rights will be activated by checking the related access right in the tree. After access right modifications button Save must be clicked for applying the access rights to the role and users who have the role assigned.

Special Roles

As some users may require some special additional access rights (e.g. archiving documents in Documents module), special roles can be created that have only this single access right (or more) activated. By using the Additional Roles section of the user details screen, you can assign this special role as an additional role to a user and grant this additional access right.

Each role has a defined set of user access rights and some additional properties:

Users

Managing Users

The minimum information to be set for a user is:

User Name
Role
Password

Those properties define how a user can log in to the system and what access rights will be assigned.

For users who use one or more of the procurement modules, some additional details can be defined:


Display Name	The name to be shown in documents instead of the user name.
Short	Abbreviation for the user to be shown (where suitable)
Phone, Mobile	Contact details.
Purchase Approval Level	Can be set if different from the level defined in the assigned user role.
Assigned Sites	List of sites/vessels assigned to a user. This configuration will also be used for reducing the amount of data shown in each module to the data for the sites/vessels assigned to the user.
E-Mail	E-Mail address to be shown in documents and to be used as sender e-mail address.

Options


Purchase Approval Level	Sets the maximum level for a PO to be approved. If a PO exceeds the given value, the user can no longer approve a PO and another user with higher approval level needs to approve the PO
Invoice Approval Level	Sets the maximum level for an invoice to be approved. If an invoice exceeds the given value, the user can no longer approve an invoice and another user with higher approval level needs to approve the invoice
Use in invoice and purchase	Indicator if a role/user has access to the purchasing and invoicing modules
Password change required	Defines if a password change is required after a certain period

If you see the login screen for the first time, please read First Login. There you will find further information about the default password after a fresh installation of the system and also some general guidelines for managing the Administrator user account.

Usually you will choose your name from the Name list and enter your password. The checking of your account details will start as soon as you press the Login button. If the selected name and the entered password are correct, you will get access to the application or module you have started.

Changing a Password

Before pressing the Login button your may also change your current password by clicking the Change Password button. The program will guide you through the process of changing the password for your user account.

Password Policy

You have the option to configure the password requirements in the system.

The system checks the following variants:

the minimum password length
Password should contain uppercase letters
Password should contain lowercase letters
Password should contain digit
Password should contain special characters (, . / ! @ # $ % ^ & * '' " ; _ ( ) : | )

These can be varied at any time according to requirements. In the User Management, there is the button „Configure Password Policy”. Use this button to define Password Policy.

Furthermore, you can define here how many passwords should be checked for equality.

The minimum is here 1 (this means that the actual password does not conform to the new one), currently the maximum is 10. A password history will be enabled.

Following user right is needed:
Administration -> User Management -> Configure Password Policy

Password Change

Requirements Per Role

The system will contain roles with different settings i.e. some roles need a password change every x months and other roles do not need the password change in the same period.
We have therefore provided the possibility in the system how often the password has to be changed per role. This can be done either per role or per report for all activated roles.

By single Role

Hit button „Edit Role“ to set the requirement pro role and use this function to change customization here.

By Report

To making adjustments for all roles at the same time hit button „Assign Password Change Requirements to Roles“ which you find under Reports. Here you can edit all adjustments for required roles:

Requirement per User

When a new user was created or if there are any other reasons which are necessary to change the password, so you have two options to assign this requirement:

Directly at the user
Per report on all activated users

Directly at the User

In the form „Edit User“ you have to click the check box „Password Change Required“ for require a new password for this user.

Attention

If the check box is clicked and the user has not the right to change the password, a warning message appears.

Per Report on all activated Users

To making adjustments for all activated users at the same time hit button „Assign Password Change Requirements to Users“ which you find under Reports. Here you can edit all adjustments for required users:

For all above adaptions listed in paragraph 2 the user right „Add, edit or delete users/Roles“ is required which you find under Administration -> User Management.