The LinkServer is built as a multi-user server. Ordinarily, one person installs and manages the LinkServer itself, and numerous other people use it to access their Device Servers, Data Terminals and other objects like Alerts, Event Filters etc. These users can all belong to the same company, or they can be paying customers who purchase LinkServer access from a vendor who installed LinkServer on his own servers.
Users access the server through user accounts. Immediately following LinkServer installation, only a single account exists in the system, default administrator.
For someone to gain access to LinkServer using one of its User Interfaces (AggreGate Client, Web Service, etc), they must be authenticated and authorized by the server. The only operation that does not require prior authentication is self-registration.
The default administrator's account is the only user account that is created on a new LinkServer installation:
| • | Username: admin |
| • | Password: admin |
|
You are advised to change these values as soon as possible. |
The default administrator has permissions to do everything. Technically speaking, his permissions table contains just a single record that grants him Administrator-level access to all LinkServer contexts:
Context Mask |
Permissions |
* |
Administrator |
The default administrator account cannot be deleted, and its permissions table cannot be edited.
Administering Users
Two contexts are used to administer users: One is the general Users context, for actions related all users accounts. The other is the User context, corresponding to a single user account. |
|
Management Of User Accounts
There are two ways to create new user accounts:
| • | Creation by users with administrative permissions |
| • | Account self-registration |
In most cases, the first method should be used. System administrators may create user accounts using the New User Account action in the Users context. The only parameters that should be specified during account creation are a username and password. All other settings are set to default. The method of building the default permissions table for the new account is described in Security and Permissions article.
Self-registration allows users to create their own accounts, using any LinkServer User Interface. This method is available only if Enable users self-registration global setting is turned on. When this setting is enabled, if a user attempts to log in (in AggreGate Client, etc) with a non-existent username, they will be prompted to register a new account. If he confirms the registration, a new user account will be created in LinkServer with the credentials specified bythe user. Check details here.
|
Self-registration may be securely used only in private networks where no untrusted users may access the Web Admin application. |
User accounts are removed using the Delete action of a User context. When an account is removed, all associated Device Server Accounts, Data Terminal Accounts, Alerts and other objects are also destroyed. Account removal is a permanent operation which may not be undone.
User cannot delete his own account.
|
One of your users lost his password? See User Forgot His Password! |
|
The Users context that allows to manage users is visible in LinkServer User Interfaces (e.g. in AggreGate Client) only if a user's permissions allow him access to more than one user account. |
Ownership
Every user account may own different system objects: Alerts, Widgets etc. The Contexts of all these objects always exist, but a user's permission table may prevent him from accessing his own objects. Objects that are accessible by newly created users are defined by Default User Permissions global LinkServersetting.
User account properties may be edited or viewed using the Configure action of any User context.
Username |
Name of user account, and also name of User context. This is a read-only property which may not be changed once the account is created. |
First Name |
First name of the account owner. |
Last Name |
Last name of the account owner. |
Password |
Account password that is used by user to log in. |
Country |
User's country. |
Region/State/Province/Area |
User's region. |
ZIP Code |
User's postal code. |
City |
User's city. |
Address 1 |
User's address. |
Address 2 |
Second line of user's address. |
Comments |
Additional info about the account. |
Company |
User's company. |
Department |
User's department. |
E-mail Address |
User's E-mail address. |
Phone No. |
User's phone number. |
Fax No. |
User's fax number. |
Time Zone |
User's time zone settings, used to show correct time for this user. Also, Device Servers and Data Terminals registered under account are assumed to be located in this time zone if no time zone is explicitly specified in the Device Server Account. See Dealing with Time Zones for more info. |
Locale |
User's locale setting identified by a two-letter country code that affects various user interface parameters. |
Date Pattern |
Date pattern defines how date values are formatted when shown to the user. |
Time Pattern |
Time pattern defines how time values are formatted when shown to the user. |
Enable Automatic Registration of Device Servers |
Defines that Device Server Accounts should be automatically created for Device Servers that try to log in and have auto-registration on LinkServer setting enabled. See Auto-registration in Device Servers chapter for details. |
Permissions
This tabular property contains user's permissions table.
Context Mask |
Mask of contexts to those this record will be applied |
Permissions |
Permission level for this record. |
User Photo
This may be used to store a photo of this user, up to 200 Kb in size.
Every user account has a permissions table property. All information related to the user's permissions may be found in Security and Permissions topic.
A user may not change his own permissions.
Account status information may be viewed using View User Status action of a User context. It contains the following fields:
Account Creation Time |
Read-only property, shows when the account was created. |
Last Account Update Time |
Read-only property, shows when the account's basic properties were last updated. |
Suspending User Accounts
To temporarily disable a user account, edit the User Permissions Table and specify a None permission level for all contexts. To do that, first add new record to the beginning of the table, set its context mask to "*" (All contexts) and its permissions to None. Save changes.
In AggreGate Client, an attempt to log in to a disabled account will fail with the following error:
