User Management

Overview

Located under the Server Management Console's System tab, the Users section is a where administrators can create, remove, and manage users. Existing users can be assigned specific permissions and views. For instance, certain users may have permission to construct, edit or delete workflows but may not have access to manually execute them, while others can execute workflows but cannot create, edit or delete them. Unlimited users can be created, each with their own set of abilities. User passwords can either be maintained by Automate or authenticate through Windows Active Directory.

A system administrator exists by default and its corresponding icon contains a red security badge to distinguish it from other users. System Administrators are associated with call items and granted all permissions by default. You cannot delete a system administrator, nor modify their permissions.

Related Topics

Creating new users

New users can be created by the administrator or other users with proper permissions. Users can be put into role-based groups and authentication can be performed by way of Automate or Microsoft Exchange. User accounts and roles enable tight control of automation projects throughout their life cycle - from initial development, to testing, to full scale production. Upon creation, the new user can log onto the system by entering proper credentials in the Connections panel.

To create a new user

1. On the Server Management Console's navigation bar, select System.

2. Select the Users folder.

3. Select NEW. The Add a User window appears.

4. In the Username box, enter a name.

5. Select how to authenticate the user's password:

   1. Authenticate with Automate password - In the Password boxes, enter the desired password for the user. To prompt a new or existing user to reset their password the next time they log in to the Server Management Console, select Reset password on next sign in.

   2. Authenticate with Active Directory password - Authenticate the user's credentials against an Active Directory deployment. In the Domain box, enter the name of the Active Directory's domain this user is assigned to or the user's domain username (for example, domain\username or username@domain). Select Use secure connection if your Active Directory deployment uses SSL/TLS.

6. Select OK.

Managing existing users

The properties and credentials of existing users can be modified by an administrator or other users with proper permissions. Existing users can also be disabled/enabled, removed permanently from the system, or moved to another folder/subfolder.

To edit a user's name or password

1. On the Server Management Console's navigation bar, select System.

2. Select the Users folder.

3. Select Edit. The Modify a User window appears.

4. Make changes to the user's name and/or password settings.

5. Select OK.

To view or edit a user's General Properties

1. On the Server Management Console's navigation bar, select System.

2. Select the Users folder.

3. Select the desired user, and then select MORE > Properties. You can also right-click the user's icon, and then select Properties. See the following links for more information:

   1. Details

   2. Notes

   3. Security

More on user security

The Security section secures Automate and its resources by enabling administrators to set permissions that users and groups have on this object. Permissions define the type of access granted to a user or group for a specific object. You can better secure an object, such as a task or workflow, by assigning permissions to allow users or groups to perform specific actions on that object. For example, you can let a specific user view the steps of a task, let another user make changes to the task, and prevent all other users from accessing the task altogether. Object permissions can be set per object (for example, individual workflow, task, condition, user, agent group, etc.) or group of objects (for example, user group, tasks or conditions grouped into folders, etc.).

Behavior

When resolving user permission on an object, the system will determine if the user or any group it belongs to is granted permission on the object. If there is a conflict among the user/group regarding whether the permission is granted or denied, the permission with the least privilege takes precedence. If object permission cannot be resolved by way of user/group, the system inspects the permissions that are set on the folder containing the object. The same logic applies at this level. If no user/group can be resolved at this level, the folder’s parent folder is inspected, and on up the folder structure until either the permission is resolved or the root folder is reached. If the permission hasn’t been resolved once the root folder is evaluated, the permission is denied.

When resolving a system permission for an action a user is attempting to perform, the user and any group that it is assigned to is searched for a "grant" on that permission. If a single grant is found, the action is allowed.

Administrator

A user Administrator is created by default by Automate and cannot be modified or deleted, but it can be added and removed from an item. The Creator system group will only grant permissions to the user that created the item. This group is associated with all items by default, and granted all permissions.

To delete a user

1. On the Server Management Console's navigation bar, select System.

2. Select the Users folder.

3. Right-click the user's icon, and then select Delete.

4. Select Yes on the dialog that appears.

To disable a user

1. On the Server Management Console's navigation bar, select System.

2. Select the Users folder.

3. Right-click the user's icon, and then select Disable.

To re-enable a disabled user

1. On the Server Management Console's navigation bar, select System.

2. Select the Users folder.

3. Right-click the disabled user's icon, and then select Enable.

To categorize users into folders

1. On the Server Management Console's navigation bar, select System.

2. Select the Users folder.

3. Select MORE > New Folder.

4. Enter a name for the folder.

5. Drag and drop the desired user icons onto the folder icon.

User log on

To access the Server Management Console, you must sign in with proper user credentials. Additionally, a user's ability to perform certain actions or view specific sections in the Server Management Console depends on the access level set for that user. This is determined by the permissions that have been assigned manually to the account by way of the Security section. For more information, see Logging in or off the Server Management Console.