The operator logs represent one of the most useful sources of plant information. It is therefore most important that access to the information is controlled. At the same time, it is important that the information gets to the people who really need it. The jLogBook system incorporates an extensive user management system designed to manage the different requirements of your many users and, at the same time, protect the information that is being accumulated.
Please see the section on Multiple Applications in the installation section in relation to how the users function with multiple applications.
To start up the User Configuration Screen, first call up the main configuration screen by clicking on the "Configure" button on the jLogBook screen. Once you have the main configuration screen, just click on the "Users" button at the top of the screen. You will see the following screen.
The configuration screen is arranged in a form and a grid. I.e. the details of the selected user are shown in the form at the top of the screen.
Click on the Add User Link, add the details in the form and then click on the Add User Button.
Currently there is no way to delete a user (other than using a SQL command). You can simply de-activate the user by setting the "Active" parameter to False.
Click on the User you want to modify in the table in the lower part of the screen. The details will appear in the Form. Make the changes in the form and click on the Modify User button.
Just click on the Print button in your browser.
Once you have added a new user, you need to manually add the new user (if any) to the options for the UserName category if you want the users to be able to select their name from a list. (e.g. for filtering purposes.)
This section describes all the properties that relate to the users. These include such parameters as Passwords, View, Write and Time scope filters.
The primary purpose of the User Configuration is to determine what the user can and can't do when connected to the jLog Application. This relates largely to the permissions that the user is given as defined in the configuration of the user. The diagram below summarizes how the configuration fields affect the ability of the user to view, add, modify or delete records in the database. You can use this diagram to determine how to control the access of the user to the database.
The User Name is the name given to a user or even a group of users. The User Name is the key that determines all the properties for a given user. The user name is used to log a user into the system and is also used to determine how the logs look, whether that user is allowed to do certain functions such as adding and deleting records, modifying records or configuring the system.
Special Users: There are two users that are given special
status.
Admin: When you first take delivery of the system, there will be a user called Admin (with no password) that has all the rights enabled. We strongly recommend that you immediately enter a new password so that unauthorized personnel cannot access your configuration screens.
Additionally, since all the passwords are shown in the configuration screens, we strongly recommend that you only issue configuration rights to a single person. Note that the passwords are actually encrypted in the database so a user who has the ability to look directly into the database will not be able to read the passwords.
This is the password that the user will have to enter to log in to the system. If you do not need the user to have to enter a password, just leave this field blank. Note that this field is encrypted in the tables so casual users of the database cannot see the passwords. On the configuration screen however, the passwords are shown in "clear" mode and can be changed by anyone having access to the user configuration screen.
(Relates to viewing and also to the options selectable in filter mode)
This is a clause, which determines what the user can view. Often, you may wish to enforce that a user to only look in certain areas and you may want to prevent the user from seeing certain sensitive information. To do this, you define a View Scope Clause, which will define the criteria for the information that the user is allowed to see. Examples of this clause include:
Site = 'Central' This restricts the user
so that he or she can only see logs where the "Site" field is set
to Central.
Site IN ('Central', 'South') This restricts the user to be
able to look only at logs where the Site is either Central or
South.
Site = 'Central' AND Area = 'dig' This restricts the user
to logs on the Central site that are in the 'dig'
area.
Note that you may only use Clauses
of the above form. I.e. you may not use nested clauses. You
should also be careful of the capitalization of the clauses. Note
that you should always use the hyphens even if the field is
numeric as defined by the Storage Format. E.g.
Priority In ('1', '2', '3') will limit the user to only
seeing logs with a Priority of 1, 2 or
3.
In General, you may only specify these clauses according to these rules:
Each
sub clause must be in the form
category = 'value' or
category in ('value1',
'value2',.....'valuen').
Additionally sub clauses can only be linked with
the AND link. E.g.
category = 'value' AND category in ('value1',
'value2',..........'valuen').
(Affects Viewing and Filtering)
This clause can be used to restrict which categories a user can
see. Essentially, it consists of a list of fields preceded by a
"+" or a "-" sign. For example the View Fields Modifier may look
like this:
-UserName, -Priority
In this case, the user will not be able to see the UserName or
Priority categories (in either of the Form or the Grid). Note the
special cases of this format are "-*" and "+* " which means the
user can see nothing or everything
respectively.
(Affects Adding)
This clause can be used to restrict which categories a user can add. If this modifier is blank, then the user will be able to add all the categories that are not designated Read Only in the category configuration. See the section 9.1.20above "Read Only" in the Category Property Descriptions
Items in the modifier of the form +<CategoryName> override the Category Read Only designation. I.e. the user will be able to add these categories even if they have been designated Read Only in the category. For example, if there are elements +UserName +LogDateTime, then when the user is adding a record, the user will be able to add these categories even if the UserName and LogDateTime categories are designated as "Read Only".
Items in the modifier of the form -<CategoryName> will result in the user not being able to add the category. For example, if the Add Modifier has an item -Message, then the user will not be able to add a message to the record.
Essentially, the Add Fields Modifier consists of a list of fields
preceded by a "+" or a "-" sign. For example the Add Fields
Modifier may look like this:
-UserName -Priority +LogDateTime
Note the special cases of this format are "-*" and "+* " which means the user can add nothing or everything respectively.
(Affects Modifying)
This clause can be used to restrict which categories a user can modify. If this modifier is blank, then the user will be able to modify all the categories that are not designated Read Only in the category configuration. See the section 9.1.20above "Read Only" in the Category Property Descriptions
Items in the modifier of the form +<CategoryName> override the Category Read Only designation. I.e. the user will be able to modify these categories even if they have been designated Read Only in the category. For example, if there are elements +UserName +LogDateTime, then when the user is modifying a record, the user will be able to modify these categories even if the UserName and LogDateTime categories are designated Read Only.
Items in the modifier of the form -<CategoryName> will result in the user not being able to modify these categories. For example, if the Modify Modifier has an item -Message, then the user will not be able to modify the message in this record.
Essentially, the Modify Fields Modifier consists of a list of
fields preceded by a "+" or a "-" sign. For example the Modify
Fields Modifier may look like this:
-UserName -Priority +LogDateTime
Note the special cases of this format are "-*" and "+* " which means the user can modify nothing or everything respectively.
(Affects Modify and Add modes)This is identical in function to the view scope clause with the exception that it refers to the ability of the user to write logs to certain areas. For example, if you specify a Write Options Clause as Site = 'Central' AND Area = 'dig', then the user will only be able to write a log with the Site category set to Central in the area dig. This effectively blocks operators from writing logs that relate to areas outside their control. Functionally, when the operator adds a log, the system reloads the combo boxes only with the combo elements that meet the Write Options Clause criteria. In the diagram below, the Area combo is only showing one area. I.e. the area 'dig'. Note once again that you may only specify these clauses in the form described in the View Scope examples. I.e. In General, you may only specify these clauses according to these rules:
Each
sub clause must be in the form
category = 'value' or
category in ('value1',
'value2',........'valuen').
Additionally sub clauses can only be linked with
the AND link. E.g.
category = 'value' AND category in ('value1',
'value2'.........'valuen').
(Affects Modifying)
This parameter is similar to the Write Scope Clause but it is used to restrict the ability for the user to modify records. For example, if you specify a Modify Scope Clause as Resp = JSmith and LogType = Order and Status in ('Released', 'OnHold', 'Underway'), then the user will only be able to modify a log if the field Resp is Jsmith, the type of log (LogType) is an Order and the Status of the Order is either 'Released', 'OnHold' or 'UnderWay'. This effectively blocks operators from modifying logs that they do not have the authority to change.
When the operator clicks on a log in the Grid, it will only show the Modify link if the Modify Scope Criteria has been met.
Note once again that you may only specify these clauses in the form described in the View Scope examples. I.e. In General, you may only specify these clauses according to these rules:
Each
sub clause must be in the form
category = 'value' or
category in ('value1',
'value2',........'valuen').
Additionally sub clauses can only be linked with the
AND link. E.g.
category = 'value' AND category in ('value1',
'value2',.............'valuen').
(Affects Deleting)
This parameter is similar to the Modify Scope Clause but it is used to restrict the ability for the user to delete records. For example, if you specify a Delete Scope Clause as Area = 'dig', then the user will only be able to delete a log if the Area category is set to "dig". This effectively blocks operators from deleting logs that they do not have the authority to change.
When the operator clicks on a log in the Grid, it will only show the Delete link if the Delete Scope Criteria has been met.
Note once again that you may only specify these clauses in the form described in the View Scope examples. I.e. In General, you may only specify these clauses according to these rules:
Each
sub clause must be in the form
category = 'value' or
category in ('value1',
'value2',.......'valuen').
Additionally sub clauses can only be linked with the
AND link. E.g.
category = 'value' AND category in ('value1',
'value2',...........'valuen').
If you set this False, then the operator will not be able to add new logs. If it is set True, then the operator will be able to add logs but only according to the constraints defined by the Write Scope Clause property. If you set this value to Password, then the user will be required to re-enter his or her password before entering the log.
If you set this False, then the operator will not be able to modify any of the logs. If it is set True, then the operator will be able to modify logs but only according to the constraints defined by the Modify Scope, Modify Range and Modify Delay properties. For example, the operator may be restricted to only modify logs that were created less than "Modify Delay" seconds ago and also only if the log was created by the same operator who is attempting the modification. If you set this value to Password, then the user will be required to re-enter his or her password before modifying the log.
If you set this False, then the operator will not be able to delete any of the logs. If it is set True, then the operator will be able to delete logs but only according to the constraints defined by the Delete Scope, Modify Range and Modify Delay properties. For example, the operator may be restricted to only delete logs that were created less than "Modify Delay" seconds ago and also only if the log was created by the same operator who is attempting the deletion. If you set this value to Password, then the user will be required to re-enter his or her password before deleting the log.
If you set this False, then the user will not be able to configure the system. If it is set True, then the user will be able to call up the configuration. If you set this value to Password, then the user will be required to re-enter his or her password before going into the configuration system. We strongly recommend that only one user is given this capability and preferably, that this user is required to re-enter his or her password before starting the configuration. Remember too that the user has access to everyone's password and that the user screen shows this information.
If you set this True, then the user will be able to change his or her own password. Generally, you would only set this False if you have a generic password like Engineer used by more than one person.
(Affects whether a user can modify or delete records)
If you set this value to 'MineOnly', then the user may only modify the logs that they created themselves. I.e. they may not modify logs created by someone else. If you set this value to 'All', then this restriction does not apply. In general, we recommend that you always use the 'MineOnly' value except for users who have a Supervisory or Quality Assurance function.
(Affects whether a user can modify or delete records)
This is the number of seconds from the time the user enters the log during which he or she may modify the log. For example, if the log is entered at 9:00 AM exactly and the Modify Delay is set to 600 (i.e. 10 minutes) then, the operator may alter the log up until 9:10 AM (providing they have the Modify Ability set True). After this time, the operator may not modify this particular record.
This is the maximum inactivity
time in seconds by the user, which will result in the system
logging the user off. For example, if the Log Off Delay is set to
300 seconds, (5 minutes) and the user does nothing for 301
seconds, then the next time the user attempts any action, the
log-in message will appear (with the name of the user filled
in).
If the "Log Off Shift" property is set True, it causes the user to automatically be logged off at the end of each shift. Once again, the user is given the opportunity to re-log in when the end of the shift arrives. Note that the point at which the shift is deemed to end is defined by the Start of Shift and Shift Period Properties, which can be seen and set at the top of the User Configuration screen. I.e.
You should enter the shift period as a decimal number of hours. I.e. if your shift period is 7 hours and 45 minutes, then you should enter this value as 7.75 hours.
This is a filter, which is applied when the user first logs on. It is chosen so that the user is presented with the information he or she is likely to be most interested in. In contrast to the View Scope Clause, which is the total amount of information that the user can see, this is a convenience clause so that users do not have to filter the records every time they log on. Like the View Scope Clause, the clause must be a certain format I.e. each sub clause must be in the form
category = 'value' or
category in ('value1', 'value2',..........;'valuen').
Additionally sub clauses can only be linked with the AND link. E.g. category = 'value' AND category in ('value1', 'value2',........'valuen').
This is the initial number of days of logs that the user will be presented with when he or she first logs on. I.e. if you want the user to be able to browse through 7 days of Logs, then set this value to 7. The user can change this value by just re-entering the number of days into the field next to the "Days" button at the top of the form.
If you want the user to initially have access to all the logs in the system, just enter a zero (0) in this field.
The user will only be recognized by the system if the Active field is set to True. This field can be used to quickly remove a user from the system by setting the Active field False and then if necessary, returning the user to the system by setting the Active field back to True.
This is a list of values which define the default values to be placed in the categories when a user adds a new record. These values will override the default values as specified in the Categories configuration. If this field is blank, then the default values as specified in the configuration will be shown in the form when the add link is clicked.
The format of the field is as follows:
<categoryName>:"<default value>", <categoryName>:"<default value>",......<categoryName>:"<default value>"
E.g. Message:"Joe Rubble says: ", Site:"Main Site"
Note that if you are setting default values for combos, it is advisable for them to be one of the options the user is allowed to enter.
Note also that if the category property ModifyAction is an Append type, that the system will use the defaults in modify mode as well as in add mode.
From a licensing point of view, it is important to understand the differences between Users and Licenses.
In the jLogBook context,
A User is the log-in name of a person or group of persons using the jLogBook package. You do not have to purchase a jLogBook package for each user. Each user may use any of the jLogBook systems on (or off) the site and log in with the same user name and password.
A jLog License is the license that must be purchased for a given number of concurrent users or strictly speaking concurrent sessions for a given application. When you purchase a license for a given number of users, the system will allow that number of sessions to be logged in concurrently at any one time. E.g. if you have purchased a 20 user license, then the system will only allow 20 different sessions to be run at any one time. If the 21st user tries to log on, then the system will not allow this. The users are not restricted to log in at a particular computer. I.e. they may log in at any computer provided the total number of users logged in at any one time is not exceeded.
To illustrate these definitions, consider the following example:
A site starts off with a single jLogBook in the control room and there are 9 different operators who use this jLogBook. They all enter data and use the filtering capability of the jLogBook.
Initially, this site requires only one license since there is only one session running at any one time.
Later, the system is expanded as some of the engineers need to be able to log in and look at the logs. In this example, let us assume that there are 8 engineers but we expect there to be only 3 of these engineers logged in at any one time. To support 4 simultaneous systems, the corporation purchases another 3 licenses. Now all 8 engineers have access to the system (but only 3 at any one time.) The engineers may log in from any computer that has access to the jLogBook server.
Note: To get information on pricing, please see our on-line price list atwww.sjsoft.com.