Login Users

This contains the login accounts against which the login to Timemaster is verified. The login user name contains a link to a staff record which, in turn, defines which access rights (functionality) the user has.

The login account is different to your staff ID. This allows you to match your login name to your Windows account. This is particularly useful if you are using Windows Active Directory. You may also provide external users access to your Timemaster system to run reports or enquiries, in which case their login account would not be linked to a staff record.

To control the access rights of users, they are given membership of login groups, with each login group allocated access rights to various functions of the system.

Each login group may have a different set of access rights. A user will have all the access rights allocated to all the groups they are a member of.

The following shows how three login groups are used to assign access rights to enter a timesheet. Note that users need both the Timesheet Control and Enter Weekly Timesheet access rights.

LoginUsers

Access rights from each login group are layered so, if the Users and Line Managers login group were both applied, the user would be able to access their own record and timesheets of staff they are a line manager of. However, as they are not assigned the Admins login group, they would not be able to see timesheets by Report Group.

The Report Group access right references the users Resource Group Restrictions settings on the Login User record. This is normally used to allow admin or director users to see, in this case, timesheets for one or more Resource groups.

Another example for the use of the 'by report group' access right would be for admin / directors to see the absence chart for an entire resource group.

Operation

•To edit or delete login account details, click the edit options on the in-line menu for the row you wish to edit.

•Complete the details for all pages of information and then click the Save button to save the changes. Clicking Save returns you to the user names list.

NOTE: The login id is stored in numerous tables to record which user has performed a change to the record.

Many reports also use the login id to link back to the actual login record to retrieve the staff name or login user name.

For this reason, the login record cannot be deleted as this would break these valuable links.

So, when you delete a user the system deletes the users favourites and user options but it does not delete the actual login record.

Instead, it marks the login record as 'hidden'.

By default, all 'hidden' users are not shown in the login list. However, these can be viewed by placing a tick in the Include Hidden (Include button in top right corner of page).

You can identify which logins have been marked as 'hidden' by customising the grid to include the 'Acc. Hidden' column.

Active Directory

Timemaster may be used with Active Directory. The user record must still exist within Timemaster, as this determines their level of access within the Timemaster system, however, if the login name matches an AD name, the password will be verified against the Windows password rather than the internal Timemaster password.

Active Directory is an option which must be activated in the Login Policy within the Windows application.

Data Entry

Details Page

Column	Description
User Name	The login name with which the user logs into Timemaster, this must be unique. The maximum length of this is 20 characters.
Full Name	The actual name of the user.
Staff ID	The Staff ID within Timemaster the login user is linked to. This must be entered to allow users to enter their own timesheet, so that when the login user logs in, Timemaster can restrict the user to only enter his or her timesheets. For users created within the web application, the staff ID field is a mandatory entry.
Refresh Statistics on Login (messages popup)	Refreshes the user’s statistics as they log in, this also enables/disables the messages popup for a staff member when they login, even if none are defined for the staff member.
Include in Workflow user Count	This must be ticked if the user requires the systems Workflow functionality (only applicable if the Workflow Module is registered).
Include in Mobile user Count	This must be ticked if the user requires the to use the Timemaster Mobile app (only applicable if the Mobile Module is registered).
Default Web Enquiry to Project Selection List	Select this option if the Web user is to be shown the Project Selection List page when clicking the Web Enquiry link on the Web.
User must reset the password at next login	This will only be allowed if the following access right is defined: Check the ‘User must change password at next login’ if you require the user to immediately change their password.
Login Disabled	Check the Account Disabled to prevent this user from logging in, and enter a reason if applicable. The date will be recorded as of when the account has been disabled.
Disabled Reason	A reason for why the login has been disabled.
Login Locked?	Check/Uncheck the Account Locked Out checkbox to lock or unlock the user login. If the user has entered more incorrect passwords than are allowed in the login policy, this will be checked. The date will be recorded as of when the account has been disabled.
Change password?	If this is ticked the user must change their password the next time they log in.

The Login Groups page defines the groups the user is a member of. The login groups the user is not a member of are shown the the left hand list-box, whilst the current membership is shown in the right hand list-box.

To add a membership, select the login group in the right hand list-box by checking the associated checkbox and click the Add button between the two lists. Similarly, to remove, check the associated checkbox in the right hand list-box and click the remove button.

Resource Groups Restrictions Page

The Resource Groups page defines any resource group restrictions for the user. The list boxes work in tandem with the drop down box titled "Restrict user to resource groups below". If this option is set to No Restrictions, the entries in the two list-boxes have no affect; otherwise restrictions will be places on either staff or project records.

Restrict project visibility by staff involvement

No Restriction

User can see all projects.

Restrict as User

Users may only see projects in which they have an involvement by virtue of their service and staff team linked to the project

For example, if user A has service AR, and some projects do not

Restrict as Manager

Allows users to view as per the Restrict as User option but also to view projects for which they are the project leader or deputy, even if they are not involved in the project.

Restrict user to resource groups below

The group restrictions work in tandem with the service restrictions for project and also for staff related functions. For project related functions, the group restrictions will further limit the projects by group involvement AND service involvement.

The resource group restrictions provide a more detailed restriction as, in order to see a project, not only must your staff service match the project service list, but also the group involved must be one of the groups in the list.

The project-set contains projects which pass BOTH of the above criteria. Therefore if you are restricted to a staff service but your reporting groups include projects on which your service is not involved, the projects in the additional groups will not be included. The project must pass both checks to be included in the list.

The reporting restriction works as follows:

•The login user may view only those projects which have a group involvement matching the list of groups to login user has access to

•If the login user is the project leader or project deputy, they will have access to the full information for that project.

Login Users

Purpose

Operation

Active Directory

Data Entry

Details Page

Login Groups Page

Resource Groups Restrictions Page

Related Topics