Users (USER)
A User object contains the configuration (the necessary personal data, password, rights, and so on) that an Automic Automation user needs to accomplish their tasks. As an administrator, you define User objects and assign them to the Client(s) to which they should have access.
The list of Users in Client 0 is slightly different to the lists in Clients 0001 to 9999 (the production Clients). In Client 0, this list contains all the Users defined in all the Clients in the system. The list of Users in a production Clients contains the Users in that Client only. You define Users in Client 0 and then move them to their respective Client(s). Moving Users is only possible from Client 0; the production Clients do not provide this function.
Users in Client 0
A fresh Automic Automation installation contains a default User in Client 0 that has all the rights and privileges on the system. Its credentials are as follows:
-
Name: UC
-
Department: UC
-
Password: UC
You log in to the system for the first time using these credentials.
Important!
-
Do not delete or rename this User. Without this User, you cannot administrate or operate the system.
-
Change the password for this User immediately after the installation.
Then, you can start creating more Users, moving them to other Clients and defining their authorizations and privileges. For more information, see User Management: Defining and Managing the Authorization System.
Administrator Users in Client 0 can add, edit, disable, rename, delete and duplicate the Users defined in any Client in the system. You can select just one User or you can select multiple Users and perform these actions in bulk.
Users in Clients 0001 to 9999
You can define administrator Users in the production Clients by assigning them the necessary privileges and authorizations (add, modify, delete, rename, duplicate, disable Users, and so forth).
Tip: You may need to work with many objects, lists and monitors simultaneously. To make your work easier, you can open them in different browser windows and arrange them side by side on your screen. For more information about this and other useful functions, see Opening and Arranging Multiple Views.
User Names
The name of a User object consists of the name and the department separated by a slash. The combination of name and department cannot exceed 200 characters.
Object Definition
-
Object class: System object
-
Object type/Short name: USER
This page includes the following:
Defining User Objects
The steps for defining Users are the same as for any other object. A User definition is made up of the following pages:
Standard pages that are always available, no matter what type of object you are defining:
User-specific pages:
-
User page (described here)
-
User Groups page, see Assigning the User to User Groups
-
Automation Engine page
Carry out the following steps to define the User settings in the User object.
Defining Users: General Settings
-
When you create a new User object, you specify its name and department on the Create User dialog. The User name/department combination is displayed in the Name filed, which is read only. You cannot change the User name here, for this purpose, you use the Rename function. For more information, see Renaming Objects and Folders.
-
By default, a newly created User is always active (the User is active checkbox is checked). If you uncheck this option, the User is set to inactive and is not allowed to log in.
When Users enter a wrong password multiple times, they will be locked and cannot log in anymore. You as an administrator configure the maximum number of invalid login attempts in the PWD_ATTEMPTS_MAX variable (see PASSWORD Parameters).
Important! If you deactivate a User under whose name there are still running tasks, those tasks will continue running.
-
The administrator or the LDAP Sync tool can activate the User is locked option to disable the User. This option is useful in the context of LDAP connections where the user in Automation Engine is synced regarding the state with the LDAP server.
-
Select LDAP Connection and Synchronize if your organization is using LDAP. This will synchronize the data with the LDAP server and the User data fields will be populated with the information contained in the directory service. This means that the User login will be authenticated by a directory service, such as the Microsoft Active Directory, rather than by the Automic Automation system.
If you activate this option, most of the fields on the page are disabled because data is retrieved from the directory service. The only fields that you can still specify here are the User Status options and Email 2.
You specify the LDAP connection parameters in the UC_LDAP_EXAMPLE variable (see UC_LDAP_EXAMPLE - LDAP Connection Variable).
Note: You can also activate the LDAP connection directly from the User list. Select one or more Users, right-click and select Activate LDAP Connection from the context menu. If you do so in Client 0, you can activate it for User from different Clients in a go.
-
The Distinguished Name (DN) field is only enabled if you have activated the LDAP connection. If you enter a value here, the distinguished name specified in the UC_LDAP_EXAMPLE variable will be ignored.
-
Optionally, enter the User's First/Last Names; they are displayed in various areas of the user interface.
-
Optionally, enter the E-Mail 1/E-Mail 2 addresses. If you have configure an SNMP connection, the User will receive alerts and notification in these email addresses. Automic Automation uses Email 1 as the primary address and will send alerts and notifications there. If you enter an address in Email 2, it will be used as a cc address.
You can enter up to 50 characters in the Email fields.
Defining Users: Password Policy
When you create a new User, its default password is pass. You must change it immediately after creating it or the user must change it when they first log in to the system.
As an administrator, you define the password policy to be adhered to in the PASSWORD variables (see PASSWORD Parameters). In this variable you define the required password structure, the intervals in which passwords must be changed, the number of failed login attempts that is allowed, the default password for new Users and so forth.
- Activate Change Password to assign the User a new password. This activates the password input fields.
- Enter the new password twice, once in Password and then again in Confirm password.
- Alternatively, activate User must change password at next login. The User will have to login first using the assigned password and change it after that.
- Activate Password never expires if your company's policy does not require regular password changes.
Tip: Avoid special national language characters (umlauts (ä), accents (è), special letters (ß), etc.) if Users are in various international locations. Not all keyboards in all countries support such characters.
Defining Users: Advanced Settings
In this section you can define the following:
-
Time Zone that will be applied to this User. If you leave this option empty, the Client's predefined Time Zone is used.
-
Default Login, which is the Login object that will be assigned to the objects used by this User object. The Login objects contains the credentials that the Agent needs to access the target system. For more information, see Login (LOGIN).
Defining Users: Session Settings
In this section you can restrict the login possibilities for this User.
-
Select Login Restrictions to limit the times and days that this User can log in to the system:
-
From / To
Specify the period of time in hours and minutes within which the User can log in to the system. Outside this time, any login attempt will be denied.
-
If Calendar Conditions Are Met
Select the Calendar and Calendar Event that contain the dates on which the User will be able to log in to the system. Login attempts outside these dates will be denied.
-
-
Max. Parallel Sessions
Select the maximum number of parallel logins you will allow for this User. 0 enables unlimited parallel access.
-
Min. Activity Refresh
Select the minimum time interval (in seconds) for refreshing the following views in the Process Monitoring perspective:
-
The list of Tasks
-
The Schedule Monitor
-
The Workflow Monitor
Process Monitoring users can customize these intervals on the User and session Settings dialog. However, the value that you enter here determines the value that users will see as default in the User and session Settings dialog. This table explains how:
Your parameter in "Min. activity refresh" Affects the "Default" value on the Settings dialog, which is ... And the "User Defined" value on the Settings dialog, which is ... Lower than 90 seconds 90 seconds
Taken over from Min. activity refresh 90 seconds
90 seconds
90 seconds Greater than 90 seconds
Taken over from Min. activity refresh Taken over from Min. activity refresh For more information, see Refresh Interval.
Notes:
-
By default, this value is 90 seconds, the minimum value is 10 seconds.
-
If the User clicks the Refresh button between the defined intervals, the system will ignore the new refresh request and finish processing the previous one. This prevents the system from getting jammed up with multiple refresh requests in rapid succession.
-
Next Steps
Switch to the User Group page, where you can assign the current User to one or more User groups. This will determine the User's rights to objects and privileges.
For more information, see:
Assigning Users to User Groups
User Groups let you collect Users and assign them identical authorizations and privileges. Users can be assigned to as many User Groups as needed.
-
In the Administration perspective go to User Groups and open the one that you want to assign the User to.
-
On the Assigned Users page, click the Assign User button in the toolbar.
-
On the Assign User dialog select the user and assign it to the group.
-
Save your changes.
For more information, see Assigning the User to User Groups.
Duplicating Users
Duplicating User objects is particularly useful when you want to create new Users with the same or very similar authorizations and privileges as already existing ones.
-
Select a User and do one of the following:
- Right-click and select Duplicate
- Click Duplicate in the toolbar
-
On the Duplicate User dialog, define a new Username by entering a new name and department.
-
Click OK.
The new User is now available on the Users list and has the same setup and rights assigned to the original User.
Important! In Client 0, this function is only available for Client 0 Users. It is no possible to duplicate Users from other Clients available in the Users list.
Renaming Users
This function allows you to edit the name of an existing User.
-
Select a User and do one of the following:
- Right-click and select Rename
- Click Rename in the toolbar
-
On the Rename User dialog define a new Username by entering a new name and department.
-
Click Rename.
Refresh the Users list to see the User listed with the new name.
(Client 0 only) Moving Users
When setting up a system, you can create your Users in Client 0 and then move them to their corresponding Clients. You can do so either individually or in bulk.
Important! This function is only available in Client 0 and for Client 0 Users. It is not possible to move Users from other Clients.
-
Select one or more Users and do one of the following:
- Right-click and select Move User
- Click Move User in the toolbar
If you are moving a single User, the User is displayed in a dialog box. If you are moving multiple Users, the dialog only shows the number of Users that you are moving.
- Open the Client dropdown list and select the relevant Client.
- Click Move.
Activating or Deactivating Users
This function allows you to activate or deactivate one or more Users. This option is particularly useful if you want to temporarily set a User to inactive without having to delete it and redefining it at a later point.
You cannot deactivate your own User object. If you have the necessary privileges, you can deactivate other Users. This prevents that you unintentionally block yourself from being able to log in to the system.
-
Select one or more Users and do one of the following:
- Right-click and select Activate/Deactivate
- Click Activate or Deactivate in the toolbar
-
Confirm your action if you are deactivating more than one User. The system displays the number of Users you are about to deactivate.
- Click Deactivate.
Note: In Client 0, you can select and activate and/or deactivate Users from different Clients at the same time.
Activating or Deactivating the LDAP Connection
If LDAP is configured for the Automation Engine, you can activate the LDAP connection for Users. This means that the User login will be authenticated by a directory service, such as the Microsoft Active Directory, rather than by the system.
-
Select and right-click one or more Users.
-
Select Activate/Deactivate LDAP Connection.
Important! Make sure the Users selected have the same LDAP connection status, otherwise this option is not available.
-
Confirm your action:
- If you have selected more than one User, the dialog indicates the number of Users you have selected.
- if you have selected only one, the dialog displays the name of the User selected.
- Click Activate/Deactivate.
Note: In Client 0, you can select and activate/deactivate the LDAP connection for Users from different Clients at the same time.
Tip: Alternatively, activate/deactivate this option in the User definition.
Deleting Users
This function lets you remove Users.
- Select one or more Users and do one of the following:
- Right-click and select Delete
- Click Delete in the toolbar
- Confirm your action:
- If you have selected more than one User, the dialog indicates the number of Users you are about to delete.
- if you have selected only one, the dialog displays the name of the User you are about to delete.
- Click Delete.
See also: