The following topics will be covered:
- User Roles
- Creating a user
- Uploading users in bulk
Users are amongst the first set of master data that has to be setup in the system. Users can be assigned specific roles and privileges, and can access the application (web and mobile) with a valid username and password. Based on the role of the user, capabilities, and limitations are defined for accessing the application.
The following roles are supported by default:
- Administrator: An Administrator has complete privileges to manage the entire domain, including setting up new users, materials or entities, performing inventory or order transactions, and monitoring and managing the entire system. Typically, supervisors/officials and IT administrators can be given the 'Administrator' role.
- Manager: A Manager is typically a person who is managing one or more entities that he/she is directly associated with, while also having an option to monitor performance of the entire domain. A Manager has lesser privileges than an Administrator and typically cannot setup new materials nor access any entities that they are not associated with. Typically, agents or field workers who are expected to monitor and manage a subset of entities in the domain can be assigned this role.
- Operator: An Operator is typically a person who performs day-to-day tasks in a given entity, be it inventory management or form-based data entry. They can perform all operations enabled for them on the entities they are associated with.
Administrators, managers, and operators come with a default set of privileges. One can further specify permissions by role, if there is a need to restrict access to certain capabilities (under Configuration → Capabilities).
You can create users in the system in one of two ways:
- Create one user at a time using the web interface.
- Upload users in bulk (by specifying them in a Comma-Separated Value or CSV file).
Create a user using the web interface
Follow the steps below to create a user using the web interface:
- Go to Setup → Users → Create User.
- The form on this page has 6 sections that need to be filled in order to complete the process of creating a user: Identification, Permissions, Personal Details, Contact Information, Location and Device Details. All fields on the form marked with an asterisk (*) are mandatory.
- Fill the various form fields and submit it by clicking the "Save" button.
Enter identification details, the role and groups (identified by tags) that a user belongs to:
- Username: The username is a unique identifier that one can use to login into the system. It can include lowercase alphabets (a-z) and numbers (0-9) only. If this username is unavailable (i.e already being used by someone else), the system will let you know and you would have to enter an alternative.
- Role: Select a role from the drop-down options. Users can be assigned on any of the roles of Administrator, Manager and Operator, as explained earlier.
- Password: Enter a password and confirm it. The password has to be strong to ensure security and should include a set of alphabets (upper and lower case), numbers and special characters. Depending on the role, the system will indicate these requirements to ensure password strength.
- Tags: You may enter as many tags that apply to the user which make it easier to search for users. These tags have to be pre-configured in the system under Configuration → Tags → User tags.
Specify per-user permissions, which allows you to provide view only access across the application to certain types of users (typically, administrators/supervisors). The options in this context include:
- Default: The permissions granted to this user's role will be used.
- View only: The user will have view only access across all modules in the application, independent of their role.
- Assets view only: The user will have view only access only to the Assets module and not to the rest of the modules (such as Inventory, Orders, and so on).
On first time login of a user from the mobile application, an "authentication token" is created for the user which allows him/her to access the mobile application user for a specified period without logging each time they open the application. The duration of validity or expiry of the authentication token can be specified in the 'Token expiry' field. For instance, if the token expiry is specified as 7 days, then the user can access the mobile application without logging out for 7 days after an initial login. He/she would be forced to login every 7 days.
The duration of token expiry can be determined based on the kind of access restrictions required in the environment. 30 days would be a reasonable period, but certain enterprise environments, where password sharing may be common or employee churn is high, can set a shorted expiry period.
The identifying and demographic details of the user can be entered including:
- First Name (mandatory)
- Last Name
- Date of birth
The contact information of this user can be entered including:
- Mobile phone number (mandatory): Enter a mobile-phone number that is work related and will be used for notifications.
- Alternate phone number: Enter an alternate mobile or landline number.
- Email address: Email address is mandatory for Administrators and Managers, but optional for Operators.
Enter the locale information for this user, including location, time and language preferences, as follows:
- Country (mandatory)
- State (mandatory)
- Street Address
- Zip/Pin Code
- Language (mandatory)
- Time Zone (mandatory)
Enter the mobile device details, if available, for this user (assuming he/she is a mobile user). This data is optional and is automatically determined based on the user's login, and displayed on the 'User agent' field in the user profile page.
- Mobile phone brand
- IMEI number of the device
- SIM provider
- SIM ID
- Remote login: Specify the method of login from the mobile device, which indicates whether the mobile application user can login locally (even without network availability) or has to authenticate with the server each time. One can specify the following options:
- Use the default for this domain (recommended, and selected by default): The default domain configuration will be used (as specified for this user's role under Configuration → Capabilities → Remote login). Typically, the default is to allow one to login locally to the mobile application without requiring a server authentication, as long as their authentication token has not expired. However, such a default could be overridden at the domain level or at an individual user level.
- Make 'Login' connect to server each time: If selected, for this user, the system will force the mobile application user to authenticate with the server each time they try to login. This is not a recommended approach, but is provided for certain kinds of application that work in good network areas.
- Allow local login: If selected, for this user, the system will allow him/her to login locally into their mobile application as long as their authentication token has not expired. It will not force the user to authenticate with the server, only after authentication token expiry.
Click on Save to submit this form and create a new user. Cancel option can be used to cancel the submission.
Upload users in bulk
In many cases, one would need to setup and manage a large number of users. You can use the 'Upload in bulk' feature (a tab under Setup → Users) to add, update or edit users in bulk by entering user metadata in an Excel spreadsheet, exporting it as a CSV (Comma-Separated Values) file, and uploading it in the web application.
You can read more on how to upload users in bulk by clicking here.