Adding and Editing Users
By default, the system logs you in as the Guest user when you start Action.NET. The Guest user does not need to enter a user name or password.
If you want to secure access to your projects, you can add users and configure passwords and other settings for each user.
The following sections describe how to configure security:
n Customizing Login Procedures
To add security to your installation of Action.NET, you can add and edit users. Action.NET comes with the following user names configured by default:
n Administrator—Built-in user that controls the Security System. No password is configured by default. You should set a password for this user.
n Guest—Used by default to access Action.NET and when you log off as another user. No password is configured by default.
n User—Use as a generic user. No password is configured by default.
The Administrator-level and Guest-level user IDs have built-in attributes. The Administrator is the only user who can delete or block users and the only user who can define passwords for Database DB interfaces. Guest Users are used for anonymous login users, and do not have passwords assigned to them.
Do not create other users with those names, neither change the row ID of those users, as the system is hard-coded to assume those users exit with the pre-defined IDs.
You cannot delete the Guest user, neither add a password to it. The Guest user must be available as the default user when you log off as another user. You may want to change the Guest user permissions, so that Guest users do not have access to all functions. See Configuring Permissions.
To add and edit users:
1. Go to Edit > Security > Users.
2. Enter or select information, as needed.
|
Column |
Description |
|---|---|
|
Name |
Enter a user name. The system lets you know if the name is not valid. |
|
Permissions |
Select the permission group to use for this user. See Configuring Permissions. |
|
Password |
Enter a password for the user. The system lets you know if the password is not valid. You can configure password requirements. See Configuring Policies. |
|
PasswordHint |
Enter information that can help you remember the user’s password. |
|
Policy |
Select the policy settings to use for this user. See Configuring Policies. |
|
Blocked |
Select to block the user’s access. You may want to use this for users who are no longer with your company. |
|
Deleted |
Select to block the user’s access and flag the user as deleted, without deleting the user. You may want to use this for users who are no longer with your company. |
|
Company |
You can enter the name of a company to which the user belongs |
|
UserGroup |
You can consider user groups. Here you must indicate which group this user belongs to. |
|
Profile |
Enter the user’s email address, phone number, and full name. |
3. Continue adding as many users as you need.
You can configure which functions users can access when editing the project and when using the runtime. You set permissions using Groups.
Action.NET comes with a few predefined groups that you can use, or you can create your own.
To configure permissions:
1. Go to Edit > Security > Permissions.
2. Enter or select information, as needed.
|
Column |
Description |
|---|---|
|
Name |
Enter a name for the group. The system lets you know if the name is not valid. |
|
Edit |
Select the functions users in the group can access when editing a project. |
|
Run |
Select the functions users in the group can access when using the runtime. |
|
Description |
Enter a description for the group. |
3. Continue adding as many groups as you need.
n The permission groups you create are available for use on the Users tab.
EditSecurityPermissions.Run - Disable Windows applications switch
One option on the Run permissions is to disable to Switch Applications. If disabled, the following actions/keys will be inhibited for that use:
l Access to the Start button and the Task Toolbar.
l Windows Logo button
l Ctrl + Alt + Del
l Ctrl + ESC
l Alt + Tab
l lt + F4
l Windows Logo + L
To allow to disable the keyboard short-cuts to switch applications, the file DisableTaskSwitchProtection.bat must be run from the installation directory, in-order to install the keyboard driver necessary to implement this feature.
You can configure settings that you can apply to users.
Action.NET comes with a few predefined policies that you can use, or you can create your own.
To configure policies:
1. Go to Edit > Security > Policies.
2. Enter or select information, as needed.
|
Column |
Description |
|---|---|
|
Name |
Enter a name for the policy. The system lets you know if the name is not valid. |
|
Identification |
Select the password rules for both editing a project and accessing the runtime. |
|
Esign |
For runtime only. Select to enable a timeout for the runtime login. Enter the timeout period in minutes. |
|
Session |
For runtime only. Use to enable a timeout for the runtime session. Select what will cause an automatic logoff, then enter the appropriate values for InactivityMinutes and DurationHours. This setting only logs the user off. The application continues to run. |
|
Description |
Enter a description for the policy. |
3. Continue adding as many policies as you need.
n The policies you create are available for use on the Users tab.
n If needed, right-click a row to cut, copy, paste, or delete the row.
You have three ways to disable users in Action.NET:
n Blocking—Use to block the user’s access. You may want to use this for users who are no longer with your company.
n Flagging as deleted—Use to block the user’s access and flag the user as deleted, without deleting the user. You may want to use this for users who are no longer with your company.
n Deleting—Removes the user completely from the system.
You can use the method that is best for your company.
To remove users:
1. Go to Edit > Security > Users.
2. Click the user you want to remove.
3. Do one of the following:
n To block a user, select the Blocked column.
n To flag a user as deleted, select the Deleted column.
n To completely delete a user, right-click the row and select Delete selected row.
When running the application, the Login procedure will accept all users defined in the Project Configuration, but additional users, defined only by the system can be included.
The Runtime-users are defined in the database RuntimeUsers defined in Datasets. By default, that database is mapped to a SpinDB database. You can select any other database by creating another DB connection and naming it RuntimeUsers (you will need to delete or rename the existing RuntimeUsers row before doing that, as the table does not accept duplicated names).
You can populate that database directly before starting the runtime, or after the project is running, you can create or modify the users with the methods in the Security Name.
See http://www.spinengenharia.com.br/help/an-2016/runtime/index.html for the complete programming reference on runtime objects
When those methods are executed, the new or modified users are automatically saved on the RuntimeUsers database.
Engineering Workspace Interface
When choosing Edit> Security from the Engineering tool main menu, a "Real Time Users" tab is available, with the same columns as the normal users tab, which is used to see users created in real time and even to change data of these users. The figure below shows this tab.
The Refresh button can be used at any time to check the current status of Dataset, RuntimeUsers, which will be rereleased and displayed on the grid.
The Login page is editable, you just need to select the display with name LogOn to edit its layout. As you can see in the code behind of that display, it calls the method Security.Logon() to do the validation of the user. If you want to perform any other user validation, you just need to modify that logic calling your own validation system and then calling the LogOn method, according to the results of your validation.
Another way to customize the logon is to put your own custom logic on the ClientStartup script task. The script is executed on any computer that is connecting to the server application, you can perform verifications based on computer IP, computer name, Windows Active-Directory Logged user, or any other criteria to specify if the user is allowed to start the application and which should be their credentials, after that you can either call client.Shutdown to terminate the application if it was an unauthorized access or Security.Logon() with a user that matches the selected security profile.
By default, when starting the application on a client computer, instead of requesting a login, we start the system with the user GUEST. The user Guest is equivalent to an anonymous login, if you don’t want that on your application, just replace the startup page with a page requesting the Logon information.
The namespace Security has all the runtime information regarding the security system.
The Client object has information about the current user logged at that client station:
Client.Username property is the name of current logged user.
Client.CurrentUser is a reference to a data structure with all the information of the currently logged-in user.
See http://www.spinengenharia.com.br/help/an-2016/runtime/index.html for the complete programming reference on runtime objects.