User Maintenance
User Maintenance is located on the main menu under the Administration tab. It’s visible to the site administrator role and user maintenance only role.
Types of users
- Active Directory or Entra Users
- Passwords are managed by the Active Directory or Entra environment. The client connects to the server and is authenticated against a domain or the configured Entra tenant.
- Database Users
- These users are created and managed by the ESM.net system and stored in the database. Passwords are hashed with a non-reversable encryption.
User Roles
- Site Admin (Security Level 3)
- This is the site administrator. It can access all user pages/data
- User Maintenance Only (Security Level 3)
- Typically used by I.T. To Create Users Within ESM.net. Only the User Maintenance page is visible.
- Power User (Security Level 4)
- By default, has the same security as the site administrator except it does not have access to the administration tab
- Data Analyst (Security Level 5)
- The data analyst can access all cost centres
- Manager (Security Level 6)
- Has access to only cost centres assigned by the site administrator
- Data Entry (Security Level 7)
- General User. Specified cost centres by the site administrator.
- Reporting Only (Security Level 10)
- Read only user. Has access to specified cost centres by the site administrator
Creating A Typical Active Directory or Entra User
- Go to the User Maintenance screen located under the Administration tab of the main menu
- Under the System Users tab (Tab A at the top of the page) there is a grid called System Users
- Click on the plus icon just under this grid to add a row. This navigation/editing toolbar has buttons for new rows, removing rows, editing rows, and saving rows.
- Enter the following:
- User Name (without the domain as this is stored in the server config)
- Name: The display name for the user
- Working Title
- Email Address: For notifications, reports, etc.
- Click on the Check Box to save the new row. You will get a generic prompt saying that you need to specify a role before you can use this user and you need to set a password (only applies to DB users)
- With the new user row selected, you can add information in the bottom grids. This includes:
- User Roles (mandatory). Should only need one role
- Person In Charge (optional)
- Cost Centres
- Only applies to users that have a security level of 6 or higher (Ex: managers)
- If a manager is created and no cost centres are applied, most of the data in the system will not be visible. Only blank or NOTCODED cost centres will be visible
- Security With Tree Nodes
- This only applies when a tree has been defined in reporting groups and a tree has been applied to a user (under the cost centre tree security column)
- This allows for user security to be applied dynamically to a user(s) or a profile
- Cube Groups
- Cube Exclude
- Useful if you want to specify which cubes users cannot see if by default they can see them all because of their assigned role
- Secondary Security
- Only applies to users that have a security level of 6 or higher (Ex: managers)
- By default a user is setup using Secondary Account exclude logic (defined on the table). This means that if “Use Secondary Exclude?” is checked then only secondary accounts listed in this table will be excluded (and that user or profile will see everything else). If include logic is used, it’s the opposite. Only secondary accounts listed will be visible.
- Page Exclude
- This is only used if you want to exclude page access to a user that would normally be able to see that page.
User Profiles
Users can all have their own individual security. However profiles can be used to simplify creating multiple users with the same security. This is done using profiles. When creating profiles (same table as users) just check the box that says: “Is Profile?”. Create the profile as needed. After creating a profile, you can assign that profile to a user using the profile column in the System Users grid. Assigning a profile to a user will replace a users’ previous security setup. This will gray out some of the grids for that user as security will be tied to a profile.