A user is the stored representation of a person or process accessing the system. A user is identified in the system by its username, this name must be unique within the system.
While it can of course not be checked by the Application Server if every user maps to exactly one natural person or one process we strongly recommend to keep it that way. Using the same (system) user for different persons or processes is a risk for information security. Even in a small installation scenario, even if you start with only a few (natural) users accessing the system always map natural persons or processes to their dedicated Redbex users.
Because of our recommendation to map natural users one to one to system users this manual does not distinguish between the natural person accessing the system and it's the system representation both are simply called user. The system stores various data for each user to support authentication, session creation, communication and other things more. Table 1 shows and explains the basic data stored with user.
Property |
Description |
Active |
Only active users can login to the system. This flag can be used to disable accounts that are no longer used. Note that users who created data in the Redbex System can usually not be deleted any more, use this Active flag instead of deleting a user. |
Address |
The postal address of the user |
Application Server Culture |
Define number formats, date formats and other culture specific characteristics that are used when the user interacts with the Application Server. The language that is used by the Application Server when communicating with the Smart Client is also detected from this setting. The Application Server will use the language that fits the selected culture, or will use English if that language is not one of the supported Application Server Languages. |
Authentication type |
Defines how authentication will be performed for this user account. For more details see chapter Authentication. |
Company |
The company a user belongs to. |
Department |
Department the user belongs to. |
Description |
Can be used to add any other information to the user. |
Email address |
Address of the user's email account. This email address will be used whenever the system sends out information to a user via email (e.g. in Messaging). A valid email address is required for each user since the system will send important information to the user via email. The validity of an email address is checked by the Application Server using following regular expression (case insensitive match): [a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])? |
First, middle and last name |
We recommend to store this information with every user. If the user is not a referring to a natural person we recommend leave all of these fields empty. |
Focus domain |
Defines the default focus domain. This setting provides the possibility to set the Focus domain for users. However it is up to the used client how this Focus Domain is used. |
Gender |
Gender of the user. Used by the system when addressing the user in emails etc. |
Locked |
Locked users cannot login to the system. Users are automatically locked if too many failed login authentication attempts are recorded in a short time period. Evaluated during creation of user sessions. |
Mobile phone number |
Number of the user's mobile phone. This phone number will be used if the system sends out information to a user via SMS (for details see chapter Messaging). Whenever this number is changed, Redbex will validate and reformat the provided number to get an internationally valid presentation of that number. See also Global Setting Default region for phone numbers. |
Password |
Authentication data, see Authentication for more details. |
Password expiration date |
Date when the currently set password will expire, if undefined the password will never expire |
Phone number |
The phone number of the user. Whenever this number is changed, Redbex will validate and reformat the provided number to get an internationally valid presentation of that number. See also Global Setting Default region for phone numbers. |
Picture |
A picture of the user. The Application Server will automatically re-size the picture (proportionally) to a maximum size of 400 x 400 pixel. |
Position |
The position of the user within the company. |
Post-nominal letters |
Post-nominal letters are letters placed after the name of a person to indicate that the individual holds a position, educational degree, accreditation, office, or honor. E.g. MSc. |
Pre-nominal letters |
Pre-nominal letters are a title which is placed before the name of a person, e.g. Dr. |
Publish extended information |
This setting defines which user data is visible to all users of the system. See Table 3 for details. |
User ID |
Unique identification number for the user. Assigned by the system when the user is created. Internally Redbex identifies users with this ID, it is therefore possible to change the user name at any time. |
User name |
Unique name of the user. This name is used to login to the system. The user name can consist of any Unicode characters except control characters (tab, line feed etc). A user name can not start or end with a blank space characters but can include blank space characters. |
Validity time span Valid From - Valid To |
Users can be configured to be valid only in a specific time span, users can only login if the current date time is within this validity time span. Set Valid from and Valid to to null to disable lower and/or upper validity range limits. |
Table 1: Data stored for each user
Properties of a user can be modified by the user himself or by other users with the System Permission Manage users and user groups (0). Table 2 shows which properties can be changed by whom. Not all properties are readable for all users, Table 3 shows which properties can be read by whom.
Property |
User himself |
Users with user management system permission |
Active |
|
|
Address |
|
|
Application Server Culture |
|
|
Authentication type |
|
|
Company |
|
|
Description |
|
|
Email address |
|
|
First, middle and last name |
|
|
Focus domain |
|
|
Gender |
|
|
Locked |
|
|
Mobile phone number |
|
|
Password |
Cannot be modified directly, will be modified when the user changes his password |
Can only reset to a random password |
Password expiration date |
|
|
Phone number |
|
|
Picture |
|
|
Position |
|
|
Post-nominal letters |
Cannot be modified directly, will be modified when the user changes his password |
Can only reset to a random password |
Pre-nominal letters |
|
|
Publish extended information |
|
|
User ID |
|
|
User name |
|
|
Validity time span Valid From - Valid To |
|
|
Table 2: User data that can be changed by the user himself or by users with the Manage users and user groups (0) system permission
Some basic data stored for each user is readable for every other user in the system. Extended information about a user can be published by the user himself by setting the publish extended information configuration. Table 3 shows which user data is visible to whom.
Property |
User himself and users with user management system permission |
All users |
Active |
|
if published by user |
Address |
|
|
Application Server Culture |
|
|
Authentication type |
|
|
Company |
|
|
Description |
|
|
Email address |
|
|
First, middle and last name |
|
|
Focus domain |
|
|
Gender |
|
|
Locked |
|
|
Mobile phone number |
|
|
Password |
|
|
Password expiration date |
|
|
Phone number |
|
if published by user |
Picture |
|
if published by user |
Position |
|
if published by user |
Post-nominal letters |
|
if published by user |
Pre-nominal letters |
|
|
Publish extended information |
|
|
User ID |
|
|
User name |
|
|
Validity time span Valid From - Valid To |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 3: Visibility of user data
