The group of users consists of local or network users, having certain level of authorization permission in secured applications (they are authorized to perform only specific operations class in the running application) The number of specific groups of users (different authorization levels) is arbitrary. Any local or network user can be assigned to certaing group of users. Each user can be a member of multiple groups of users simultaneously. Including the user into a group of users allows the user to perform some secured actions in the running application. If the groups of users are used for application security (not only the single users), it is possible to flexibly add/remove users in these groups of users while the application itself stays unchanged (it is even possible to manage the users while the application is running, by the Pm.WndEditUsers method). It is very handy for the enduser allowing to reflect the personal changes in the user crew (new users comming, old users leaving, etc.). Locating the users into groups of users is done directly at the user workstations, listing the groups the user is member of. The group of users is allways created in the PRA file.
The criteria are set for all PROMOTIC users (local and network) that have to be met on log-on by the user so as he would be accepted by the system. The most important are the login name and password. The verification of the user's identity is crucial for the following users access limitation to critical parts of the application by creating permissions at individual parts of the application or by scripts. In order to limit the access of each user into the critical parts of the application the user groups are used (also the user priority can be used for this purpose).
Way of storing the PROMOTIC user configuration into the file:
|Use user groups from INI file in in the runtime mode||If checked, then the users from INI file will be used in the runtime mode.|
|File with users (INI)||The file of the INI type where the users are stored as encrypted text in the [Users] section. The users can be modified also in the running application by the Pm.WndEditUsers method. The default value is: #cfg:users.ini. |
It is recommended to use the PROMOTIC path syntax - see PROMOTIC path to files and folders.
|Login the local user automatically after start||The local user to be logged in automatically after starting the application. This automated login will be performed withou the need to enter the password. If no user is to be logged in automatically after starting the application, then the substitute local user $NOUSER_LOCAL (default) is set, that represents a local user that is not logged in.|
|Enable Windows authentication (Windows users)||If checked, then also the Windows users can be used in in the runtime mode.|
|Address or computer name (domain) for Windows user authentication||The name and password of local or network Windows user is verified by Windows resources on selected computer. If the name and password combination is verified as Windows user of such computer then the user is logged in (authentized) and assigned automatically generated user identifier. Then a list of Windows local and global user groups where the Windows is a member is detected. Based on the list of Windows user groups a corresponding PROMOTIC user groups list is set for such user. The created logged in Windows user does not differ from the PROMOTIC logged-in user.|
|Groups of users:|
|Add||Creates a new group of users.|
|Edit||Edit of selected group of users.|
|Delete||Delete of selected group of users.|
|Add||Creates a new user (local and/or network).|
|Edit||Edit of selected user.|
|Delete||Delete of selected user.|