Managing users and groups

As an administrator, you can:

• Create a group
• Create a user account and add the user to a group
• Copy a user or group
• Change a user's or a group's account
• Delete a user or group
• Configure a host session for a user or group
• View a trace of a user's session
• Change the administrator user ID and password
• Enable users to create accounts
  
• Set the number of incorrect password attempts allowed

To manage users and groups, select Users/Groups in the Administration window.

The Users/Groups window enables you to manage user and group accounts for Z and I Emulator for Web and Database On-Demand. A tree view of the defined groups and users is displayed. To see the members of a group, select the group. To see only certain members of a group, use the filter by removing the check mark from Disable User Filter. Once the filter is enabled, the Filter window appears when you select a group. Choose to display all users in a group or only users matching the specified filter. For example, to display all users with IDs that begin with the letter L, enter L* in the UserID field and click Filter.

Managing accounts

Access to Z and I Emulator for Web and Database On-Demand function is managed according to user and group accounts. User accounts contain specific information regarding a particular user, including the user's ID, password, description, group membership, database statements, and the host sessions that will be available to the user or group. By defining a group account, you can apply access settings to all users assigned to the group, making user management more efficient and more flexible. In this way, a host session can be defined once for a group and then made available to the group's members. Of course, a host session can still be defined for an individual user, in addition to sessions already defined for the user's group.

User accounts

User accounts provide password-protected access to Z and I Emulator for Web and Database On-Demand. As part of the account, session configuration information is saved, along with changes that the user makes during a session, such as changes to keyboard and color mapping or recorded macros. Also, any changes to the Z and I Emulator for Web user desktop are saved (such as, adding new sessions and deleting sessions). No changes are saved if Do Not Save Preferences is checked.

Group membership

You can arrange users into groups. A user must be a member of at least one group but can be a member of several. In the latter case, the user will have access to the host sessions and database statements that are assigned to all the groups of which the user is a member.

If you are using Lightweight Directory Access Protocol (LDAP), then you can only be a member of one group. However, you can nest the groups, that is, include a group within a group.

Default group (ZIEWeb)

If you are using Z and I Emulator for Web for the private data store (instead of LDAP), the default group ZIEWeb, is supplied. You can change its Description and add users to it but you cannot change its name or delete it. If you are using LDAP, you can delete the ZIEWeb group, because LDAP treats the ZIEWeb group just like any other group.

Administrator account

An Administrator account is provided. The default user ID is admin and the password is password. As an administrator, you can change the password but you cannot change the user ID and you cannot delete this account. We recommend that you change the password for security reasons.

Host sessions

You can configure host sessions for groups or for individual users. It is preferable to define groups, including their host sessions, then add users to the groups. All the users in the group then have access to the sessions defined for the group and you do not need to define sessions separately for each user. Users can customize their own sessions without affecting the session definitions in the groups, for example, change the screen colors, remap the keyboard, or hide the toolbar. Administrators can also customize these session definitions for a user or an entire group if the Full administration client is installed. For more information about the Full administration client, see Administration client. If you change a user's session, the next time the user starts the session, the preferences will be active. If you change the group sessions, the user will inherit those changes, unless they have already customized those fields that are changed.

If you don't want users to be able to make changes to the sessions, click Lock in the session configuration window next to the fields you want to lock. Locking fields locks the startup values for a session. Users cannot change values for those fields because the fields are unavailable.

You can also disable functions that you do not want users to access. You can disable any of the graphical interface items on pop-up menu and buttons in the Client window, the session menu, and the session toolbar. Disabling functions is different from locking functions. You can lock the fields of a function when you are configuring a session. Functions can be disabled when configuring a user or group. When a function is disabled, it is removed from the toolbar or menus so users do not see it. Functions cannot be accessed using the shortcut keys either.

Shared user accounts (Guest log on)

There is no specific Guest user ID built into Z and I Emulator for Web. However, you can create a user ID (or more than one) that can be shared by multiple people. To do this, create a user ID and click Do not save preferences in the Create User window so that shared users can access the sessions provided for them, and can make changes that will be active only until they log off. If you do this, changes made by one user will not affect others. Of course, you can use the group feature to create groups for shared users by department or area, for example. You might also want to check the User cannot change password check box for your guest ID or, don't set a password at all.

User preferences

Unless Do not save preferences was checked when the account was created, preferences set during a host session are saved. These include color and keyboard mapping, macros created or changed, and the settings for the toolbars. These preferences are saved in the account of the individual user and associated with the icon for the session to which they apply. As a result of this:

• If a user changes the keyboard or color mapping during a session, the change applies only to that session or to copies of that session that are created after the change was made. The same is true for any macros that a user creates or changes during a session. For example, if a user creates a macro to transfer some files during a session named LONVM3, that macro cannot be used by a session named BIRMVM unless the latter is a copy of the former and was made after the macro was created. Also, the macro cannot be used by anyone else.
• If an administrator remaps the keyboard when configuring a session, the changed layout becomes the default for everyone who uses that session. If a user makes further changes when using the session, those changes apply only to that user, not to everyone. The differences between the default settings and the user's settings are saved in the user's account.
• If the user customizes a given field, those changes are saved in the user's account. When the administrator changes the default configuration, the user's default configuration is updated the next time the user logs on. The final configuration for the user is a combination of the new default configuration values and the user's settings. Generally, user settings replace the default configuration, unless the administrator locks a parameter so the user cannot change it.

Defining an item for multiple users (configuration server-based model)

Follow these steps:

1. Start the Z and I Emulator for Web Administration Client.
2. On the Administration Client:
   • Bring up the Configured Sessions panel for the group to which you want to distribute the macro, file transfer list, keyboard remapping, or toolbar definition.
   • On the Configured Sessions panel for the group, add the session to the panel of configured sessions as usual, and define the session properties as usual. In this example we will call this session Session A.
   • Leave the Administration Client running, or log off if you prefer.
3. Start a second browser and start the Z and I Emulator for Web download or client.
4. From the download or client:
   • Log on as a member of the group to which you added the Session A.
   • Start Session A.
   • Log on to the host.
   • Define or modify the macro or similar item.
   • Log off from the host.
   • Click File > Save and exit to save your changes and close the session.
   • The changes that you made are stored in the session definition.
   • Right-click the session icon for Session A and click Export Session.
   • Type the name of the file into which you want to export the session and click OK.
   • Close the download or client.
5. Return to the Z and I Emulator for Web Administration Client.
6. On the Administration Client:
   • Bring up the Configured Sessions panel for the Group to which you want to distribute the macro or similar item.
   • Click Import Session.
   • Type the name of the file containing the session that you previously exported from the download or client and click OK.
   • Z and I Emulator for Web will create a second copy of Session A called 1:Session A.
   • Delete Session A.
   • Rename 1:Session A to Session A.
   • When one of the users belonging to the group runs the new Session A, Z and I Emulator for Web client will download the entire session definition, including any macro or similar item stored inside the session.

Related topics