By means of groups you can assign authorization and machine tree privileges (multi-user version only) as well as restrict the report objects of templates, sequences and reports to only a certain group of people. After groups are created in Group Management, they can be assigned or changed in the properties of a report object by the creator and later by all those having the corresponding right.
There are five different group levels with predefined rights that are employed after creation of the group and that can be individually adapted. An exception is the Administrator group and the "All users" group. For these groups the authorization cannot be changed or set.
Note:
Arbitrarily many Administrator groups can be created. Before deleting an Administrator group, however, it is always checked whether an Administrator group with at least one user still exists. If not, deletion of an Administrator group is denied. The "All users" group cannot be deleted. This group is used for issuing privileges for templates, sequences, reports, filter profiles, database images and database texts for all users as well as (in the multi-user version) for machine tree nodes.
To create a group, you must either be logged in as a OMNITREND Web or have the corresponding individual right as another user. The item "Group" is also enabled in the Management menu. Selecting this menu item starts the "User group" dialog box, where a new group can be created by clicking "New".
Note:
Users may be members only of groups in which either all members have Administrator authorization or all members have an authorization different from that of Administrator. An Administrator has particular specified privileges that may not be manipulated by groups with extended authorization. Users or groups with Administrator authorization are labeled by the user or group symbol A“ (A for Administrator).
Arbitrarily many users can be given Administrator authorization. It is ensured, however, that always at least one group and one user exists with Administrator authorization.
Users assigned to a license must not be assigned to any Administrator group. In the multi-user version of OMNITREND Web, users can be added to an OMNITREND Web license. Administrators have this license automatically and must therefore not be assigned to an OMNITREND Web license. As a consequence, no user may be made an Administrator in the User and Group Management if that user has an OMNITREND Web license. Users assigned to a license are highlighted in blue.
An Administrator or other user with the corresponding individual right can change the settings for a previously created group at any time in Management. The general settings (group name, the description and the corresponding users), the authorization and the machine tree privileges can be changed.
When a group is copied, all former settings are applied to the new group.
The following predefined privilege levels and group privileges can be assigned for a group:
Administrator
Supervisor
Specialist
Technician
Customer
The Administrator groups have exclusively management privileges. Customer and Technician have the right to trigger generation of a report. Supervisor and Specialist also have the right to edit templates and sequences.
Use the "Set privileges" button to individually adapt the predefined privileges for the group.
If a group has individual privileges, then they apply. These privileges are recognized in the authorizations given the "Individual privileges" level. You can specify via the rights management in the privileges tree that a certain group has the right to create and/or edit other groups and/or users, etc., for example.
A change on a predefined level (Customer, Technician, etc.) annuls the individual rights and the new level then immediately applies to this group.
A user's authorization derives from the authorization of the groups in which the user is a member. For obtaining a certain privilege (e.g. „Open reports“), it suffices if a group containing the user has this right. Example : Consider the right: „Delete report“. Suppose the user is a member of 3 groups. In the first group the privilege level „Technician“ is set. In the second group individual privileges are set, with the right „Delete report“ being excluded. The users of the third group have the privileges of a Specialist. The user in question thus has the right to delete a report. In the first two groups this privilege does not exist, yet as a member of the third group with the privilege level of Specialist the user has this right.
In the multi-user version, each user group except the Administrator groups (these groups always view the entire machine tree) receives machine tree privileges. For all nodes of the machine tree down to the machine level separate read and writing rights are assigned. To this end the machine tree is displayed for each node down to the machine level with the check box. A check box can have one of 3 states: - No rights - Reading rights - Writing & reading rights At each click of the mouse the check box changes to the next state. All child nodes automatically receive the state of the select father node. If the child notes vary in their states, the check box is grayed out.
If a user belongs to more than one group, the machine tree privileges of all groups of the user are OR-connectedThat is, the user views all nodes in the machine tree that have been assigned reading and/or writing rights in the different groups.
In the single-user application no machine tree privileges are issued.