User account management is accomplished by selecting USERS in the main menu. This takes you to the user management functions. If you are not the system administrator of Asset Center, accessibility of this functional area depends on your account's access rights, which are defined within the settings for the user groups of which you are a member.
The user table
The user table lists existing user accounts and their responsibilities. If a user is assigned more than one responsibility, more than one line will be displayed for this user, allowing you to filter the user table for responsibilities.
Entries for external users (such as contractors) are highlighted in yellow.
Prerequisites for user management
Before you can start to add and manage users you need to review user group management because user account management requires that you assign at least one group to each user.
The next thing that you need to do in advance is to review if appropriate context data has been defined that you can use to specify the responsibilities of a given user. Context data is location, physical process, and device group. This data allows you to limit user access, for example, to a specific site, such as a specific factory, building, room, or cabinet. Managing context data is explained in a separate chapter in the Help Center.
Adding and modifying user accounts
In order to add or edit a user account, click on the respective button that takes you to a dialog where you can manage the account settings for that user. The dialog uses four different tabs that show different aspects of that user: Identity, Responsibility, Mobile Computer, and Extended.
In the Identity area you can specify basic information such as user name and affiliation.
- Name is the real name of the user, such as Esra Duz in our example. This name will be shown in the upper right corner after the user has logged on to Asset Center, and will also be shown in device profiles in the Users section.
- Username is the handle of the user which is used for logging on to Asset Center. For security reasons, this name is not shown other than in the logon dialog. If LDAP authentication shall be used, the username is followed by an "@" sign and the domain name.
- Organization is the user's company affiliation.
- Location is the typical location of the user, such as a specific room or building.
- Department is the organizational department to which the user belongs, such as "maintenance".
- Email is the email address of this user.
- Web is a Web address that is associated with this user, for example the web page of the company that the user is working for (in the case of a contractor).
- Mobile phone is a mobile phone number under which this user can usually be reached. This number is displayed in device profiles when hovering over the user's mention.
- Language is the default language for displaying content when this user logs in. The user can change this setting in the personal Settings dialog.
- External staff identifies if the user is working for an external entity, which usually results in different policy provisions etc. If this box is checked, the user's entries in the user table will show in yellow, and an "external" qualification will be added to the user mention in device profiles.
- Remote access specifies if the user is entitled to remotely access digital systems.
- Inactive allows you to prevent logons from this user without deleting the account.
- The user image can be set using file upload or clipboard paste. This is something that the user can also do on his or her own in the personal Settings.
- Group assignments determine the type of access that this user is entitled to. A user can be member of multiple roles.
Extended scope tab
The extended scope tab is for informational purposes. It informs you about the general area of responsibility for this user without having to inspect the user groups that the user is a member of. Responsibility is expressed in respect to location, process function, device groups, or combinations thereof.
Mobile Computer tab
This tab can be used to store information about a mobile computer that the user may be entitled to use inside and outside the facility. This information can also partly be provided by the user in the personal Settings. It is intended mostly for contractors, in order to manage their use of mobile computers which present a notorious cyber security risk. By setting an authorization code and an expiration date, auditing legitimate use of mobile computers becomes much more easy.
You can add custom fields to your user database if you want to, should you experience that you need to store user data that is not represented in the default fields that OT-BASE offers. The definition of custom fields is explained in a separate chatper in the Help Center.
In the Extended tab you can specify the values of any custom fields that you have added in the INVENTORY/EXTENDED section.