September 2009 Release 7.3
Administration: Users and Roles This lesson is specifically designed for administrators re足 sponsible for user security settings in the Astra Schedule system.
Astra Schedule VII 足 Training Manual Document by: Terry L. Saye Training Developer
Ad Astra Information Systems, LLC. 6900 W. 80th Street, Suite 300 Overland Park, KS 66204 www.aais.com
Table of Contents
Page 3 ·
Walk administrators through user creation
Provide an understanding of the individual security setting available
Explain the use of Roles in assigning user permissions
Provide a brief description of the user permissions available
In order for Astra Schedule to be utilized as an institution wide scheduling system, user security must be configurable to a level which allows for guests and customers to see realtime activity information, service providers and campus staff to access schedules and data summary reports, and individual schedulers access to their specific activities and resources. Due to the scope of the Application and number of features available, security settings options are vast. However, with careful planning and Role creation, administrators should be able to create viable, reusable, settings for user management.
A user’s access to Astra Schedule is controlled through the application of specific permissions and data profiles by way of a role. Roles determine both the permissions available and the data to which they can be applied. One or more roles may be applied to a user to create the appropriate level of access to the application.
Administrators will create various roles that correspond to user duties and apply these to new user records as necessary. Some commonly used roles are preconfigured in the system and may be edited by the institution upon implementation.
Vocabulary Terms: Role: A role is a userdefined collection of permissions that is ap plied to a user to define their access to the application. A role’s definition can also include profiles that dictate the data elements to which these permissions apply. People Record: A contact record is created for every person as sociated with the scheduling system. This record may have multi ple responsibilities as a single person may be a user, an instructor, a student, or the contact for one or more customers. Responsibility: A person’s responsibility in Astra Schedule reflects a group or groups to which they belong. These include student, user, instructor, customer contact, institution contact, etc.
Roles are groups of permissions and data restric tions that are applied create the security ac cess of system users. Default roles are provided in the application that may be used to quickly apply permissions to initial users. Additional roles will be configured by administrators as needed.
Permissions available through the Role include all tasks that may be performed within the sys tem. This includes scheduling resources, editing and viewing data, and performing administrative duties and overrides. Additionally, certain permissions, once selected, may be further defined by specifying data restrictions. By default a permission applies to all data of its type in the system unless restricted in the Role settings.
Creating Roles To add a new role to the system, perform the following: 1. Select the Setup tab, Roles link. 2. Click the Add Role button. Choose a naming convention for 3. Enter a Role Name and De your roles that will group them by the scription. type of responsibility that might be supported by the role or by the data re 4. Next, use the check boxes to select edit, schedule, and ad strictions defined within the role. ministrative permissions for each area of the application that are applicable to this role. Notice that permissions that are depend ent on others remain disabled until the appropriate selection is made.
Users may be added to the role after it has been saved
Data restrictions may be added after a permission has been granted
5. By default, selected permissions are applied to all applicable data in the application. To add restrictions, click the edit icon to display the data selection options. 6. Use the applicable group options and navigate the data tree to find and select the data When making data selections for a data profile, items that should be selecting a parent node in the data tree en associated with the sures that any new items added are inherited in permission in question. the security model. 7. Click Apply to add the selected items to the permission within the role. 8. Click Save to complete the Role creation process. Users of this role may view all equipment and services.
Users of this role may edit and delete equipment and services with a Group tag of “Student Activities”.
To edit a role: 1. Select the Setup tab, Roles link. 2. Click the edit icon. 3. Edit the role and click Save.
The Save As button allows adminis trators to create new roles based on previously created roles.
To delete a role: 1. Select the Setup tab, Roles link. 2. Click the delete icon.
Exercise #1 Create a role for an Event Scheduler. Restrict this user to scheduling in three rooms on campus.
Page 7 A user consists of a login, email address and other general identifying information, as well as at least one associated role.
1. 2. 3. 4. 5. 6. 7. 8. 9.
Every user record has a corresponding people record which is generated automatically with “User” selected as the primary system responsi bility.
To add a new user to the list: Select the Users link from the Setup tab. Click the Add User button. Enter a unique Username, this will be the user’s login id. Enter the user’s name. Enter a unique email address. Click Set Password, enter and confirm a password for the user. Click Set to save the password and return to the user form. The Must Change Password Next Login option is checked by default. Re move this flag if the user should not be forced to change their password. If LDAP/Active Directory authentication is enabled, you may choose to remove the user from LDAP authentication by removing the check next to Authenticate via LDAP. To have the user authenticated via LDAP but not update their role infor mation from LDAP by removing the check next to Sync Roles with LDAP Groups. In the section labeled Security Roles, select the role(s) appropriate for the user being created. Choose Save to save and return to the main user window.
To edit a user: 1. Select the Setup tab, Users link. 2. Click the edit icon. 3. Edit the user and click Save.
To delete a user: 1. Select the Setup tab, Users link. 2. Click the delete icon.
People Record Once added, each user will have a corresponding record in the People list of Astra Schedule. In this area, additional information may be stored on each contact, as well as any additional responsibility information.
As a responsibility is added to the record, a new area will become available on the page for detailed information. Exercise #2 Create an Event Scheduler user record and assignment the new user the role created in Exercise#1.
Users that have completed this module should feel comfortable with creating security roles and sys足 tem users. With careful planning, administrators can create useful role templates that can be used over and over again to manage system users. For additional information on user permissions and LDAP or Active Directory authentication, please see the System User Help Documentation.
Page 10 Exercise #1 Create a role for an Event Scheduler. Restrict this user to scheduling in three rooms on campus.
· · · · · · · ·
Exercise Select the Setup tab, Roles link. Solutions Click the Add Role button. Enter a Role Name and Description. Next, use the check boxes to select edit, schedule, and administrative permis sions for each area of the application that are applicable to this role. To restrict the user to three rooms, click the edit icon next to Rooms|Schedule Rooms. Use the applicable group options and navigate the data tree to find and select three rooms. Click Apply to add the selected rooms. Click Save to complete the Role creation process.
Exercise #2 Create an Event Scheduler user record and assignment the new user the role created in Exercise#1.
· · · · · · · · ·
Select the Users link from the Setup tab. Click the Add User button. Enter a unique Username, this will be the user’s login id. Enter the user’s name. Enter a unique email address. Click Set Password, enter and confirm a password for the user. Click Set to save the password and return to the user form. In the section labeled Security Roles, select the role created in the exercise above. Choose Save to save your results
This documentation is intended only for the use of licensed customers of Astra Schedule software and is PRIVILEGED and CONFIDENTIAL. Intended recipients shall not sell, transfer, publish, disclose, display or otherwise make any of this information available to others. Dissemination is strictly prohibited.