To create a new User Account, select the NEW button. The following screen will appear:
When creating a new User Account, you are presented with the following options:
Enter a unique username to clearly distinguish the new User Account from existing User Accounts. The username is case-sensitive. This is a required field.
Select to open the User Account's CRM Account.
Select to mark the User Account as Active. Not selecting marks the User Account as Inactive. User Accounts cannot be deleted from the system; however, marking them Inactive prevents them from logging into the application. In some cases, inactive User Accounts may still be associated with valid documents in the system. Whenever that is the case, the User Account's name will appear with horizontal lines striking through it. Re-saving documents with this inactive User Account relationship may cause the username to be dropped from the record.
Enter the User Account's first name and last name (e.g., John Smith).
Enter the User Account's initials.
User Account passwords are established to ensure application and system security. Passwords are case-sensitive. As you can see in the example, this field does not display the values entered on the screen. Instead, individual keystrokes are replaced by asterisks (*) to protect the password from being viewed. Once the User Account's password is entered, it can only be reset by an system administrator who must overwrite the existing password.
Verify the accuracy of the User Account's password by retyping it in this field. Again, individual keystrokes will be replaced by asterisks (*) to protect the password from being viewed.
Select one of the available Locales. Use the Default
option if you want the operating system to determine the correct Locale for the User Account. Locale settings affect how information is formatted and displayed on a User Account's screen. Only User Accounts who have been granted the "MaintainLocales" privilege can define and maintain Locale settings. For more information on Locales and Locale settings, see Section 13.2.11, “Locales”.
If the User Account is an Employee, then the Employee Code will be displayed here. The link between the User Account and Employee records will be made automatically if the username matches the Employee Code.
Select if the User Accounts is authorized to make purchases. Not selecting means the User Account is not authorized to make purchases.
Select if the User Account is authorized to create new User Accounts. Not selecting means the User Account is not authorized to create new User Accounts.
System administrators are able to assign and/or revoke privileges on a module-by-module basis. The application provides granular security settings for each module, down to the submenu level.
Select to prevent User Account from exporting display contents. The "Export Contents" option can be found on right-click menus throughout the application. If selected, the User Account will be blocked from using the "Export Contents" option.
Select to require User Accounts to use enhanced authentication when they log in to the application. Enhanced authentication adds a layer to the authentication process used to log in to the system. When this feature is turned on, User Account passwords are stored in the database in a modified form. The end result is that User Accounts may only log in to the database using the xTuple Client. If User Accounts try to access the database using a tool other than an xTuple application, they will not be able to connect. User Account passwords entered when logging in via the xTuple Client will not be recognized if the xTuple Client is not used. If enhanced authentication is specified for a User Account, that User Account must also select the "Use Enhanced Authentication" flag in their log in options. If enhanced authentication is not specified, User Accounts will be permitted to log in to the database using database tools other than the xTuple Client.
The enhanced authentication option will only affect User Accounts whose passwords are created or updated after the option is enabled/disabled. Legacy User Accounts will not be affected if the option is not used. Legacy User Accounts may continue logging in as before this feature was implemented.
Select if the User Account should have access to all screens in the application, restricted only by their assigned privileges.
Select if you want the User Account to have access only to the Simple Sales Order—and to no other screens. The Simple Sales Order must be enabled for this option to apply. If selected, the Simple Sales Order will be the only screen the User will have access to when they log in to the database. The log in screen for this User Account will be the same as for all User Accounts. However, once logged in, the User Account will only be able to see and use the Simple Sales Order. This option will override any other privileges which may have been assigned previously to the User Account. For more information about the Simple Sales Order, please see Section 2.1, “New Simple Sales Order”.
Select if you want the User Account to have access only to the Shop Floor Workbench—and to no other screens. If selected, the Shop Floor Workbench will be the only screen the User Account will have access to when they log in to the database. The log in screen for this User Account will be the same as for all User Accounts. However, once logged in, the User Account will only be able to see and use the Shop Floor Workbench. This option will override any other privileges which may have been assigned previously to the User Account. For more information on related privileges and other aspects of using and configuring the Shop Floor Workbench, please see Section 4.4, “Shop Floor Workbench”.
Select an individual module to assign privileges for that module. Assign privileges to the User Account on a module-by-module basis. Select one module, assign the appropriate privileges, and then repeat for each subsequent module the User Account will need access to. All application modules are included in the list.
You can dramatically speed up the process of adding new User Accounts by adding privileges by User Account role.
Select appropriate privileges from the list of available privileges. Descriptions of each privilege will be shown. The privileges listed in this column represent the full range of privileges available for the specified module. The list of available privileges will change as different modules are specified. To grant privileges to a User Account, highlight an available privilege and then click the ADD button. The highlighted privilege will be added to the User Account's list of granted privileges. Double-clicking on a privilege will also move it to the granted privileges column. You can grant all privileges for a specified module by clicking on the ADD ALL button.
Displays granted privileges for the specified User Account. Descriptions of each privilege will be shown. To remove a User Account's granted privileges for a specified module, highlight a granted privilege and then click the REVOKE button. The highlighted privilege will be removed from the User Account's list of granted privileges. Double-clicking on a privilege will also remove it from the granted privileges column. You can remove all granted privileges for a specified module by clicking on the REVOKE ALL button.
Many of the available privileges govern User Accounts' ability to either view or edit information. In some cases, however, it may be possible to perform editing tasks on screens where only view privileges have been granted. Take Item Sites, for example. Item Sites exist as their own objects with their own privileges independent of Items. When you edit an Item Site, you are not editing the Item itself, but an object associated with the Item. By contrast, when you edit Item notes, Item transformations, or Item aliases, you are editing things which belong exclusively and intrinsically to Item records. On the Item screen, there is an option to view/edit Item Sites for the Item. Let's imagine a User Account has privileges to edit Item Sites but to only view Items. Following this example, xTuple would allow the User Account to edit Item Sites from the Item record, even when in view mode.
Here are some examples of independent objects which may be editable from a parent window, even in view mode:
Sales Orders when viewing a Customer
Item Sources when viewing an Item
Contacts when viewing a CRM Account
Documents from any screen that supports them
Conversely, here are examples of attributes that belong exclusively to and are editable only from a parent window in edit mode:
Number
Name
Notes
Characteristics
Alarms
Comments
Transformations (Item)
Ship-to Addresses (Customer)
The following buttons are located between the Available Privileges and Granted Privileges columns:
Highlight a specific privilege in the available privileges column, then select this button to transfer the privilege to the granted privileges column. Double-clicking on an available privilege will also transfer it to the granted privileges column.
Select this button to automatically transfer all available privileges to the granted privileges column.
Highlight a specific privilege in the granted privileges column, then select this button to remove the privilege from the granted privileges column. Double-clicking on a granted privilege will also remove it from the granted privileges column.
Select this button to automatically remove all granted privileges from the granted privileges column.
While you may assign individual privileges by User Account, you also have the option to add User Account privileges by User Account role. Adding User Account privileges by User Account role can dramatically speed up the process of adding new User Accounts. You can learn more about User Account roles here Section 9, “Maintain Roles”.
If individual User Account privileges appear to be disabled, that means the User Account is assigned to a User Account role. The only way to change individual privileges in this case is to remove the User Account from the role.
To add User Account role privileges to a User Account profile, select the "Roles" tab, as shown in the following screen:
When adding User Account role privileges to a User Account profile, you are presented with the following options:
Don't forget to select the ADD button when you have finished entering a User Account's information.
Select an available User Account role from the list. To grant User Account role privileges to a User Account, highlight an available role and then click the ADD button. The highlighted role will be added to the User Account's list of granted roles. Double-clicking on a role will also move it to the granted roles column.
Displays granted roles for the specified User Account. To remove a granted role from the User Account, highlight a granted role and then click the REVOKE button. The highlighted role will be removed from the User Account's list of granted roles. Double-clicking on a role will also remove it from the granted roles column.
The following buttons are located between the Available Privileges and Granted Privileges columns:
Highlight a specific role in the available roles column, then select this button to transfer the role to the granted roles column. Double-clicking on an available role will also transfer it to the granted roles column.
Highlight a specific role in the granted roles column, then select this button to remove the role from the granted roles column. Double-clicking on a granted role will also remove it from the granted roles column.
Multiple Site installations have the option of defining User Account site security. User Account site security provides a method for restricting a User Account to a single or multiple Sites. All of the screens in the application will honor this restriction. On the multiple site documents, such as Purchase Orders and Sales Orders, the User Account will be able to view restricted Sites, however, they will not be able to edit restricted Sites. To add User Account site security to a User Account profile, select the "Sites" tab, as shown in the following screen:
When adding User Account site security to a User Account profile, you are presented with the following options:
Select this option if the User Account has full unrestricted access to all Sites defined in the application.
Select this option if the User Account has restricted access to the Sites defined in the application.
Select an available Site from the list. To grant access privileges to a User Account, highlight an available Site and then click the ADD button. The highlighted Site will be added to the User Account's list of granted Sites. Double-clicking on a Site will also move it to the granted Sites column.
Displays granted Sites for the specified User Account. To remove a granted Site from the User Account, highlight a granted Site and then click the REVOKE button. The highlighted Site will be removed from the User Account's list of granted Sites. Double-clicking on a Site will also remove it from the granted Sites column.
The following buttons are located between the Available Sites and Granted Sites columns:
Highlight a specific Site in the available Sites column, then select this button to transfer the Site to the granted Sites column. Double-clicking on an available Site will also transfer it to the granted Sites column.
Highlight a specific Site in the granted Sites column, then select this button to remove the Site from the granted Sites column. Double-clicking on a granted Site will also remove it from the granted Sites column.