|
iMaint Security is based on Users and the Groups to which they are members. Each Group has a set of defined Permissions. You will not have to set up a special user within your database software (SQL) to use with iMaint. iMaint security is all included within the iMaint application. To begin using iMaint, DPSI has included three pre-defined users that will allow you to log into the application.
Note: iMaint ONLINE customers will not have access to the Default iMaint User IDs, These Default Users can only be used by on-premise customers.
iMaint Online customers will have purchased a set number of users. Remember, depending upon your Corporate Structure, and number of databases/sites you use, user profiles and permissions may be shared across multiple sites. But you have control over which users you wish to access data within specific sites. Once the maximum number of User Profile records has been created, you will need to de-activate an existing record before you can add a new User Profile. iMaint will give you an error message to indicate you have exceeded the number of active users.
Default Users
| User | Description | Restrictions |
| iSysadmin | iMaint System Administrator | This sign-on has rights to everything in the iMaint Client applications, including Security. |
| iSecurity | iMaint Security Administrator | Only has rights to iMaint Security |
| iGuest | iMaint User | This sign-on has read only rights to the iMaint Client application. |
These three users are non-editable by the end user through iMaint. These profiles cannot be deleted, however, they may be copied when creating a new user profile. The passwords for these users will be given to the administrator or the person performing the installation when they call for the registration key. Please, ensure that you safe guard these user profiles and passwords to prevent security a security breach.
iSysAdmin
iSysAdmin will have access to everything. It will have a default navigation tree called iSysAdmin and cannot be changed.
The navigation tree record, called iSysAdmin, includes access to all modules. This record is also read-only. In addition, the iSysadmin User Profile can never be removed from the Security permission group. This is to prevent the Admin from ever being locked out of iMaint. You may copy the individual user profile and navigation tree for use when creating new users but the originals can not be edited.
In the Server Administration Tool, you will find a setting to that will allow you to exempt iSysAdmin from the Password Policies set for all other User IDs. This will include the password change frequency defined as well.
Note: Changes to the iSysAdmin User Profile will occur upon upgrading to iMaint 4.1+. This record is read-only and the iSysAdmin User Profile must always use the new iSysAdmin navigation tree. In addition, the iSysAdmin profile can never be removed from the Security permission group. During the upgrade process, the user profile for iSysAdmin will be set to use the new iSysAdmin navigation tree. If you have already created a custom navigation tree, called iSysAdmin, be aware this navigation tree will be edited to have access to everything in iMaint.
iSecurity
The Security Administrator for iMaint can use the iSecurity sign-on and password. As the iMaint SA, you will be responsible for the maintenance of all the iMaint Security. Some of the responsibilities include the following:
User and Group Maintenance
The SA has the ability to add and maintain user profiles. Create new user ID's and make sure they have the appropriate permissions. You will also be able to assign users to Groups. Groups are an easy way to maintain permissions for multiple users. For example, people in the Purchasing department might have specific and limited access to iMaint. Create a purchasing group with permissions to all the necessary iMaint forms and assign User ID's to the group. Users can belong to multiple groups.
Passwords
The SA can assign passwords to new User ID's and change them at any time. For example, in the event someone forgot their password or simply should change it, as part of your security procedures. Of course users may change their own passwords too. For more secure passwords settings, see Password Policy.
Log In Attempts
On the Site Setup form in the iMaint application, you may specify the number of times users may try and log in with the wrong password. If the user attempts to log in more than the allotted time, they will be locked out of the iMaint system. To un-lock a user, the SA will need to un-check the Locked Out field, located on the user profile form.
Inactivity Limits
The SA will also have the ability to automatically have users logged out of iMaint after a specified amount of inactivity on the system. Located on the user profile, populate the field Inactivity Limit with the number of minutes a user can be logged into iMaint without any actions detected.
Remove User ID's
The Security Admin will also have the ability to remove User ID's. User IDs that no longer need access to the iMaint application can be removed from individual sites or at the corporate level. The user will no longer display in the list of users, but the User Profile remains in the system. If the user is added back to the system, you will be asked if you want to use the existing user profile or use a unique user ID.