The group of users represents local or network users (PROMOTIC or Windows), having certain level of permission in secured applications (they are authorized to perform only specific operations class in the running application). The number of specific groups of users (different authorization levels) is arbitrary. Any local or network PROMOTIC user and also Windows user group can be assigned to certaing group of users. Each user can be a member of multiple groups of users simultaneously. Including the user into a group of users grants the user permissions to perform some secured actions in the running application. If the groups of users are used for application security (not only the single users), it is possible to flexibly add/remove users in these groups of users while the application itself stays unchanged (it is even possible to manage the users in the running application, by the Pm.WndEditUsers method). It is very handy for the enduser allowing to reflect the personal changes in the user crew (new users comming, old users leaving, etc.). Assigning the users into groups of users is done directly at the user workstations, listing the groups the user is member of. The group of users is allways created in the PRA file.
The criteria are set for all PROMOTIC users (local and network) that have to be met on log-on by the user so as he would be accepted by the system. The most important are the login name and password. The verification of the user's identity is crucial for the following users access limitation to critical parts of the application by creating permissions at individual parts of the application or by scripts. In order to limit the access of each user into the critical parts of the application the user groups are used (also the user priority can be used for this purpose).
Way of storing the PROMOTIC user configuration into the file:
Windows users on a computer or in a domain are managed by Windows OS tools. Each valid Windows user is therefore authentized by the Windows system and the PROMOTIC system can login such user.
The permissions of a logged-in Windows user to execute protected operations in PROMOTIC application ar edefined by assigning the Windows user to corresponding Windows user groups. Windows user group can be linked with corresponding PROMOTIC user group. As a result the logged-in Windows user becomes a member of user which then defines its permissions in the application.
|Use user groups from INI file in in the runtime mode||If checked, then the users from INI file will be used in the runtime mode.|
|File with users (INI)||The file of the INI type where the users are stored as encrypted text in the [Users] section. The users can be modified also in the running application by the Pm.WndEditUsers method. The default value is: #cfg:users.ini. |
It is recommended to use the PROMOTIC path syntax - see PROMOTIC path to files and folders.
|Login the local user automatically after start||The local user to be logged in automatically after starting the application. This automated login will be performed withou the need to enter the password. If no user is to be logged in automatically after starting the application, then the substitute local user $NOUSER_LOCAL (default) is set, that represents a local user that is not logged in.|
|Enable Windows authentication (Windows users)||If checked, then also the Windows local and network users can be used in in the runtime mode. It is necessary to enter the domain name and add the corresponding Windows groups into user groups. In order to use the Windows user authentization directly in the web browser, the NTLM authentization must be selected in the "Extended configuration" configurator.|
|Name or address of a computer (domain) for Windows user authentication||The name and password of local or network Windows user is verified by Windows resources on selected computer. If the name and password combination is verified as Windows user of such computer then the user is logged in (authentized) and assigned automatically generated user identifier. Then a list of Windows local and global user groups where the Windows is a member is detected. Based on the list of Windows groups of users a corresponding list of groups of users is set for such user. The created logged in Windows user does not differ from the PROMOTIC logged-in user.|
|Groups of users:|
|Add||Creates a new group of users.|
|Edit||Edit of selected group of users.|
|Delete||Delete of selected group of users.|
|Add||Creates a new PROMOTIC user (local and/or network).|
|Edit||Edit of selected PROMOTIC user.|
|Delete||Delete of selected PROMOTIC user.|