Page History
Security Users (Reference) manages user accounts, authentication, and access control throughout the solution. A SecurityUser defines:
- Named user accounts with credentials
- Permission group assignments
- Security policy enforcement
- Access control levels
- User lifecycle management
The system includes pre-defined users and supports enterprise authentication methods.
In
The software platform offers many features and tools to manage user accounts for access control.
this page:
Table of Contents maxLevel
2 minLevel 2 indent 10px exclude Steps style none
User Configuration
The named Users with authorization to access the Solution are defined in the SecurityUsers table on Security → Users. Security → Tutorial | Concept | How-to Guide | Standards Compliance | Reference
Pre-Defined Users
The following user namesThree system users are configured by default:
Administrator: built-in user that controls the Security System. No password is configured by default. You should set a password for this user.
Guest: used by default to access and when you log off as another user. No password is configured by default.
User: used as a generic login user. No password is configured by default.
Guest access
If the User did not execute any LogOn or Identification procedure, it will be recognized as the pre-defined Guest User, which is equivalent to an anonymous access.
The Guest user is the default user for anonymous logins and does not have a password assigned. It cannot be deleted nor have a password added. When you log off as another user, the Guest user is activated. To restrict access to resources, you may modify the permissions for the Guest user.
Do not create other users with the same names or altering| User | Purpose | Default Password | Notes |
|---|---|---|---|
| Administrator | System control and security management | None | Set password immediately |
| Guest | Anonymous access and default logout | None | Cannot add password |
| User | Generic authenticated access | None | Template for new users |
<ac:structured-macro ac:name="warning"> ac:rich-text-body Do not delete or modify the row IDs of these built-in
platform objects.Administrator Unique Authorizations
The Administrator is the sole user capable of deleting, blocking users, and defining passwords for database interfaces.
users. Do not create duplicate users with these names. </ac:rich-text-body> </ac:structured-macro>
Configuration Properties
| Property | Description | Required |
|---|---|---|
| Name | Unique username for login | Yes |
| Permissions | Permission groups (comma-separated) | Yes |
| Password | Encrypted user password | No |
| PasswordHint | Password recovery hint | No |
| Policy | Security policy assignment | No |
| Deleted | Soft delete flag | No |
| Alias | Alternative identifier | No |
| Company | Organization association | No |
| UserGroup | Department/group assignment | No |
| Attributes | Custom user properties | No |
| Level | Hierarchical access level (0-255) | No |
| Category | User classification | No |
| LockState | Account lock status | Auto |
| ContactInfo | Email, phone, details | No |
Guest Access
The Guest user provides anonymous access:
- Active when no user logged in
- Default after logout
- No password capability
- Cannot be deleted
- Permissions define anonymous access level
Configure Guest permissions carefully to secure anonymous access.
Administrator Privileges
Exclusive Administrator capabilities:
- Delete users permanently
- Block/unblock accounts
- Set database passwords
- Delete audit trails
- Modify security policies
- Override permission inheritance
User Lifecycle Management
Creating Users
- Navigate to Security → Users
- Click first row to add
- Required fields:
- Name: Unique identifier
- Permissions: At least one group
- Optional security:
- Password: Meet policy requirements
- Policy: Assign security level
Disabling Users
Three methods for removing access:
| Method | Effect | Use Case | Reversible |
|---|---|---|---|
| Block | Prevents login | Temporary suspension | Yes |
| Flag Deleted | Blocks + marks deleted | Audit trail preservation | Yes |
| Delete | Permanent removal | Complete cleanup | No |
Password Management
csharp
// Set password programmatically
@Security.SetPassword("username", "newPassword");
// Force password change
@Security.Users["username"].MustChangePassword = true;
// Check password expiration
if (@Security.Users["username"].PasswordExpired)
{
// Prompt for new password
}Runtime Authentication
Login Methods
Form-Based Login:
csharp
bool success = @Security.Login(username, password);
if (success)
{
@Info.Trace("User logged in: " + @Client.UserName);
}Windows Authentication:
csharp
@Security.UseWindowsAuthentication = true;
string windowsUser = @Client.WindowsUserName;External Authentication:
csharp
// LDAP/Active Directory
@Security.AuthenticationMode = "LDAP";
@Security.LDAPServer = "domain.local";Permission Integration
Users inherit permissions from assigned groups:
User: John
Permissions: Operator, Maintenance
Result: Combined permissions from both groupsSee [Security Permissions] for group configuration.
Security Policies
Policies enforce password and session rules:
User: Mary
Policy: Enhanced
Result: Strong password, 90-day expiration, session timeoutSee [Security Policies] for policy configuration.
User Properties Access
Runtime Properties
csharp
// Current user info
string currentUser = @Client.UserName;
string permissions = @Client.Permissions;
int level = @Client.Level;
// Check specific permission
bool canEdit = @Security.HasPermission("EditDisplays");
// User session
DateTime loginTime = @Client.LoginTime;
string ipAddress = @Client.IPAddress;User Management
csharp
// Get user details
var user = @Security.Users["username"];
string company = user.Company;
string group = user.UserGroup;
// Modify user
user.ContactInfo = "john@example.com";
user.Level = 50;Best Practices
- Set Administrator password - Immediately on deployment
- Use permission groups - Don't assign individual permissions
- Apply security policies - Enforce password standards
- Audit user changes - Track modifications
- Review Guest permissions - Minimize anonymous access
- Document user roles - Clear responsibility matrix
- Regular cleanup - Remove inactive users
Troubleshooting
Cannot login:
- Verify username/password
- Check account not blocked
- Confirm permissions assigned
- Review policy restrictions
Password issues:
- Check policy requirements
- Verify not expired
- Confirm complexity rules
- Test password hint
Permission denied:
- Review group assignments
- Check permission inheritance
- Verify user level
- Confirm not Guest user
Account locked:
- Check failed login attempts
- Review policy lockout rules
- Administrator unlock required
- Check LockState property
In this section...
| Page Tree | ||||
|---|---|---|---|---|
|
It's only when logged as Administrator, it is possible to delete the history on TrackChanges and SolutionHistory tables.
Removing Users
You have three ways to disable users:
Blocking: use to block the user’s access. You may want to use this for users who are no longer in your company.
Flagging as deleted: use to block the user’s access and flag the user as deleted, without deleting the user. You may want to use this for users who are no longer in your company.
Deleting: removes the user completely from the system.
The method used varies according to the Security requirements on managing users for your application.
SecurityUsers Configuration Table
Property | Description |
|---|---|
ID | Identifies uniquely the user within the system. |
VersionID | Identifies uniquely the version of the user's record. |
Name | Names the user. |
Permissions | Assigns the user to permission groups (e.g., Administrator, Maintenance, etc.) defined in Security/Permissions. Check out Permissions |
Password | Allows entry of a unique password for the user. Validates the password against configured requirements. Refer to Security Policies (Reference) for configuring password requirements. |
PasswordHint | Provides a hint to help the user remember their password. |
Policy | Assigns the user to a security policy (e.g., Enhanced, Critical, Default) defined in Security/Policies. Check out Security Policies (Reference). |
Deleted | Indicates if the user account is marked for deletion. |
Alias | Offers an alternative name or identifier for the user. |
Company | Associates the user with a specific company or organization. |
UserGroup | Assigns the user to a specific group or department. |
Attributes | Describes additional attributes or characteristics of the user. |
Level | Specifies the user's level or rank within the organization. |
Category | Classifies the user into a category or type (e.g., technical, administrative). Refer to Categories to read more. |
LockState | Shows the current lock state of the user's account (e.g., locked, unlocked). |
DateCreated | Records the date when the user account was created. |
DateModified | Notes the date when the user account was last modified. |
ContactInfo | Lists contact information for the user (e.g., name, email, phone number). |
In this section:
| Page Tree | ||||
|---|---|---|---|---|
|