The User Manager (CmUser Program)
Only the system administrator (or somebody with similar authority) should define users and assign privileges (see Privileges (Categories)) to users.
When you start the program for the first time, you are prompted to select the CmUser Database to be opened. Select an existing database or create a new one (see Creating a CmUser Database).
The User Manager allows you to perform the following actions:
Create and edit users (Chromeleon users)
Create and edit Access Groups (A Groups)
Create and edit Privilege Groups (P Groups; also, see Privileges)
For more information, refer to Creating Users, Access Groups, and Privilege Groups.
Access Groups
An Access Group comprises members of a defined group. Membership in this group determines which Servers, Timebases, Datasources, directories, and sequences the user can access. Each user can belong to several Access Groups.
For example, the All Access Group could consist of users A, B, C, X, and Z, while the Specials group could consist of users A, B, and C.
The more Access Groups you create, the more precisely you can define access rights in Chromeleon.
After an Access Group has been established in the User Manager, the access rights can be specified:
In the Chromeleon Client, the system administrator specifies the access rights to datasources, directories, and sequences.
In the Server Configuration program, the system administrator specifies the rights to servers and timebases.
Select the object for which access rights are being assigned. Select Properties on the context or Edit menu. In the Properties dialog box, specify which user groups are granted access.
After a user has been assigned to an Access Group, certain privileges can be assigned to the user. These privileges are defined in Privilege Groups.
Privilege Groups
Privilege Groups define which actions the user can perform. The privileges (see Privileges (Categories)) are split up into the following categories:
A Privilege Group is characterized by the privileges enabled on these tab pages. The more Privilege Groups you create, the more precisely you can define the assignment of privileges in Chromeleon.
A Privilege Group also contains a list of its members. As with Access Groups, Privilege Group members are individual Chromeleon users.
Chromeleon Users
A Chromeleon user is defined by job title, Passwords, and membership in Access Group(s) and Privilege Group(s). User names and passwords are managed separately; that is, you may create users whose user name and password is identical to their network user name and password.
Saving the Current Status
All of the actions described above are automatically saved to a database. To create the database, select Connect Datasource on the File menu (see Creating a User Database).
The Dionex Service Representative usually creates a CmUser database in the Microsoft Access database format (CmUser.mdb) during the initial program installation. Various other ODBC-capable database formats are supported.
Access Restrictions in the Server Configuration
Access to servers and timebases is protected in the installation program. The following situations are treated differently:
The user logs onto a "personal" workstation (local user).
The user logs onto another PC.
The user logs onto (or accesses) the network (RPC).
Local Access
When a user logs on directly to a workstation, access to the server and timebase depends on the current Access Group assignment. If the user belongs to an Access group whose members are authorized to modify a server configuration or timebase, access is granted. Access Groups are assigned in the installation program on the server or the timebase.
After they have selected the server or the timebase with the mouse, authorized users can change this assignment, using the Properties command and the Access Control dialog box.
Remote Access
Additional restrictions apply to server access via the network. Remote operation must be explicitly enabled. If remote access, starting batches and data acquisition, and monitoring are explicitly enabled, the authorized user is permitted to perform these actions from any PC on the network.
Network Failure Protection
Each successful Logon saves the rights (Privilege Groups and Access Groups) in the registry (HKEY_CURRENT_USER). The time stamp of the latest successful logon is added to a record that is protected by a check sum. If the CmUser database is not available, this record is read from the registry. It must not be older than one week and the check sum must be correct. The status information indicating the remaining time appears in a message box.
Electronic Signature
You can electronically sign sequences only when the User Mode is enabled (see Electronic Signature). However, several conditions must be fulfilled. For more information, refer to Creating Users for Electronic Signature.