User Management
This window allows to configure the users, the groups and their associated rights.
Note
The functionalities are available only if Use user management was previously checked in the General Settings (tab Global Configuration, see User management).
Users and groups rights
visionCATS provides the following rights for users and groups:
Guest: Guest users are limited to the special Guest folder of the Explorer whereas other users have access to the whole Explorer files and folders (see Main explorer view).
Note
The Guest folder is created automatically at the root of the Explorer as soon as the Guest right is granted for at least one user.
Create/edit analysis: Ability to create (method execution) and edit analysis files
Set read-only flag: Ability to set the read-only flag on Explorer items
Remove read-only flag: Ability to remove the read-only flag on Explorer items
Create/edit methods: Ability to create and edit methods
Create/edit comparisons: Ability to create and edit comparisons
Import/export: Ability to import/export files in the Explorer view
Diagnostics: Ability to perform diagnostics (includes all kinds of diagnostics provided by visionCATS, see Instrument diagnostics, Diagnostics tab for HPTLC PRO Modules, visionCATS Diagnostics, and Diagnostics tab for CAMAG® HPTLC PRO SYSTEM)
Note
Changing lens type or white balance parameters of Visualizer is also controlled by the Diagnostics rights, as they cause the invalidation of the diagnostics.
Regulatory settings: Ability to configure regulatory settings (see Deletion of data, Motivated change and E-Signature)
Archive/restore: Ability to perform the archive and restore actions on Explorer files and folders (see Files and folders archiving)
System settings: Ability to change the system settings (access to General Settings, Vial/Substance Editor)
HPTLC PRO administrator: Ability to configure the set of HPTLC PRO SYSTEMS (see CAMAG® HPTLC PRO SYSTEM Configuration)
HPTLC PRO execution supervisor: Ability to manage a given HPTLC PRO SYSTEM, notably by managing consumables and executing runs (see Execution)
Licensing: Ability to request and import license keys (see Licensing)
User management: Ability to configure users and rights (access to User Management)
Note
At least one Admin user should always be active, with at least the rights System settings, Licensing, User management and without Guest. If such user is missing or disabled, a popup asking for the creation of a new Admin user will be shown.
Users
All users are displayed in the table. The internal account visionCATS_user (default user used when User Management is not activated) is not modifiable.
Toolbar
Add a new user
Add an existing user from Windows or ActiveDirectory
If most users use their own Windows account when working with visionCATS, you can import these Windows users in system, therefore a known Windows user will be automatically logged in.
To add Windows users, the Windows search window is used:
visionCATS Login Name will be set to simple old Windows logon name. The UPN login (User Principal Name), if existing, given by ActiveDirectory will also be linked to visionCATS (the link is done on the security identifier (SID)). Therefore, it is possible to login (or E-Sign) with both type of logon name.
Note
Passwords of Windows users are not stored in the system, and it is not possible to modify them from visionCATS.
Note
Password hashing (for local visionCATS users) is done by bcrypt hash algorithm.
Note
Local- or Workgroup-users can also be used.
Change the password of the currently selected user
Update login and name information from Windows or ActiveDirectory (SID should remains the same)
Toggle the display of locked users (useful if you have a lot of locked users)
A PDF report of the user management parameters, users and groups can be exported
Note
It’s not possible to delete a user because users are referenced in the different actions logged in the system and in the analysis. Instead, use the Lock check box to prevent some users from using visionCATS.
User table
For each user (expect system accounts), you can set the following options:
Locked: A locked user can’t log in this visionCATS installation
Login name: Login used in visionCATS, after creation, it cannot be modified
Full name: Real name of the user
Position: Position of the user
Email address: the address used to send notification. See Notifications
Custom rights: indicate whether the users have custom rights or rights defined by group. clicking on the icon allows to change the rights (see Users and groups rights):
The last columns correspond to each active group defined in the Groups tab. This associates users to groups. Of course, the rights provided by groups are provided to users belonging to these groups.
Tooltips
Tooltips help the definition of the users, groups and their associations. On the User table, and in the System Status Bar, the tooltip over the user shows the details of the rights granted and the corresponding groups granting each right:
Furthermore, a tooltip on the group column header recalls the associated rights:
Groups
In order to facilitate the management of user rights on large installations, visionCATS includes a group management feature. Each group is actually a set of rights. Each can either have Custom rights (means that they don’t belong to any group) or be linked to one or several groups.
A main list (1) is displayed. There is no priority in groups – they are simply ordered by name.
The selected group details appear under the list (2), where the rights can be configured. The set of users in this group also appear here.
There are built-in groups (3) which cannot be changed. These groups are designed to encourage standard and best practices.
Groups, including built-in ones, can be deactivated (4). Deactivated groups are hidden in all other windows in visionCATS.
Double-click on the Name or Description fields (5) to change the values.
Groups can be added or deleted (non-built-in only) (6)
Toolbar
Add a new group, see New group
Delete a group (non-built-in only)
A PDF report of the user management parameters, users and groups can be exported
New group
A new group can be added by entering a unique name for the group, and then select the rights (see Users and groups rights):
Note
It is possible to create a group with no rights. Users having no rights can still open method/analysis/comparison files in read-only mode.