Wiki: IMUS

MAINTAIN USER PROFILES
Old System Access Information
Execution Rights tab
Preferences tab
Roles tab
Access
Roles
Identities

MAINTAIN USER PROFILES#

The Maintain User Profiles (IMUS) screen is where you set up user profiles for professional, candidate, Employee Self Service users. All users when you created them in IMUS are also created at the database.

If a user is also an employee in this database, hire the employee first before adding them as a user as this will save an extra step. There is not a requirement for the user to be in the database as an employee but if they are, please note that there will be a limit on some extra features.

For example, the choice of working language in the application will be limited to English (US).

When a user signs in they will be checked to ensure that the userid and password are in sync and that the system date is between the supplied start date and end date. Once this is complete, if a Person code is tied to this user then the language preference will be picked up as set on the (IEPI) screen and applied to the sign in.

The application will cascade through the provided languages in order to supply an appropriate wording should the language specified not be available. This process will also set the country code used with a language for English to determine if the language will be either Canadian or US spelling and naming conventions.

You may select a user already in the system by scrolling through the following fields.

User
Description

On this screen you will set up all the users that will need to have access to the system. The Start Date defaults to today's date. Set the toggles settings for Create Allowed, Retrieve Allowed, Update Allowed and Delete Allowed.

The definition data for the Define User Procedure screen is stored in the P2K_AM_USERS, P2K_AM_EXECUTION_RIGHTS,P2K_AM_PREFERENCE_VALUES, P2K_AM_USER_ROLES, P2K_AM_ACCESSORS, P2K_AM_ACCESSOR_DETAILS and P2K_HR_IDENTITIES table.

User: This field provides the user's identification in the system.

Description: This field provides a description of the user; in many instances, this will be the user's full name.

Email: The user's email address is identified in this field. Many times this field will default in once you complete the Person Code field.

Person Code: This field provides the user's identity record.

Name: The user's full name will be provided in this field.

Create/Retrieve/Update/Delete Allowed: These toggles identify the exact execution rights the user has to the function.

Old System Access Information #

This area provides information regarding the user’s access to.....

Access Start Date /Access End Date: These fields indicate the dates the user has/had access to the system.

Last Access On: The last date the user accessed the system will be displayed here.

Logins to Date: The current number of logins the user has made will be displayed here.

Password Changed By: If the user’s password has been changed, this field will indicate who changed the password.

Password Changed On: The date the password was changed will be displayed in this field.

Execution Rights tab#

If the user has full CRUD, you may further refine or restrict their access to individual aspects of the system. The level of access for a specific function may be controlled through the Execution Rights tab and the bottom of the screen, via a role or through the (IMER) screen. Adding of execution rights for a single or series of users should be an exception and not normal procedure.

Function: This field displays the function the user has execution rights to.

Create/Retrieve/Update/Delete Allowed: These toggles identify the exact execution rights the user has to the function.

Preferences tab#

If there are special preferences you wish to assign to a user they would get added to this tab.+

Preference

Priority

Value

Roles tab#

This section identifies all the roles assign to the user. The practice of adding roles should be employed to allow multiple or successive users with simple maintenance to duplicate for another user.

Seq #

Role: This field allows you identify the role you wish to assign to the user.

Role Type: The role is categorized into a specific type in this field.

Focus Role

Description: This field provides a short description of the role.

Access#

This tab provides the user's access information. Once the user has been identified at the top of the screen and the screen saved, the system access information will automatically fill in with the new access start and end date. This tab is date sensitive and changes made in the areas below the date navigator may be split with a new effective date.

This tab will record the dates on which the user's password was changed and you also have the ability to force a password change and also set/reset the password by using the Set/Reset Password button which will result in the following dialog to set or reset the user's password.

The 'Force Password Change on Next Login' will be toggled by default. When you save the new user, a password will be sent to user at the email address identified above.

Access information is data sensitive and this lets you track how many times the password is changed. The record is split and the password is kept in a hached format for each record, it is not decryptable. When a new password is put in, it is hached and the haches are compared to make sure they are the same.

Users are added and modified in the IMUS screen for the access dates that they are allowed into the system. If the End Date field is left empty, a default date of 31-Dec-3999 will be applied when the record is saved. This date can be changed at a later point if the user is either no longer making use of the application or is no longer with the company.

You can also use the access dates for a contractor or temporary team member. The access will only be assigned for the fixed period of time you indicate on the record.

Access Start Date: The Access Start Date identifies the earliest date the user is allowed access, regardless of the access status.

Access End Date: The Access End Date identifies the latest date the user is allowed access, regardless of the Access Status.

Force Password Change on Next Login: This toggle allows the security administrator to force the user to change their password on their next login.

Set / Reset Password: This action button allows the security administrator to reset a user's password by automatically bringing up the appropriate Reset Password screen. When a password is reset, a new password is assigned, a new effective access detail record is created, the access status is changed back to "Active" and the failed attempts are erased.

Reactivate: This action button allows the security administrator to reactivate a user's access in the event it has been locked out or disabled. During reactivation, a new effective access detail record is created, the Access Status is changed back to "Active" and the Failed Attempts are erased.

Last Good Access: The last date the user accessed the system will be displayed here.

Logins to Date: The current number of logins the user has made will be displayed here.

Access Status: The Access Status field indicates whether the user can access the system during the time period of the chosen date sensitive record. This field is maintained by the system but can also be entered manually.

: The allowed values are

Active	access is currently allowed (subject to the access start/end dates)
Disabled	access is currently disabled (must be activated manually)
Locked Out	user is currently locked out of the system (must be activated manually)
Pending	user has been created but password has not yet been assigned

: Both the Access Start/End Dates and the Access Status are checked before a user is allowed to log in.

Failed Attempts: The system shows the number of failed login attempts that the user has had since the last good login during the time period of the chosen date sensitive record.