Expert - User management

Users are managed under this menu item.
Users can be given various access rights.
The way in which users are able to access the HS/FS is specified:

Internet browser
Client program
List call
WAP
via LAN
via Internet
...

To create a new user, change to the left-hand window "Users".

Move the mouse pointer over to the top entry "User" in the directory tree.
Press the right mouse button: A pull-down menu will appear.
Select "Create user"

Select "New" in the menu bar.

In order to ensure a better overview, you can also sort several users (who will be given the same access rights, for e.g.) in folders. Folders can be created just like users.

1.Data tab

The user's access data is specified in this mask.

Designation

Designation of the user within Expert

User name

Name of the user. This is the name used to log on to the HS/FS.
The user name may contain the following characters:

Lower case letters [a..z]
Upper case letters [A..Z]
Numbers [0..9]
The following special characters: [. -]

Password

User's password. This is the password used to log on to the HS/FS.

New password rules apply from version 4.5 of Expert onwards:

Only the following characters are permitted in a password:
- At least one lower case letter [a..z]
- At least one upper case letter [A..Z]
- At least one number [0..9]
- At least one of the following special characters:
  - Category A: [. - _ ! % < >]
  - Category B: [: ? # [ ] @ $ & ( ) + , ; =]
The password must be at least 8 characters long.
The password and the user name must not be the same.
The user name must not be contained within the password.

In projects that were created using a version of Expert prior to 4.5, there is a "Password security" checkbox in the project settings from Expert 4.5 onwards, which gives you the option of using the old passwords.

Note

Special characters from Category B as well as the characters [/ ' *] are not permitted for a URL call within the QuadClient (URL call or browser plug-on)!

Use of the new password rules

In projects that were created using a version of Expert prior to 4.5, the new password rules can be used fromversion 4.5 onwards by deactivating the "Password security" checkbox.
The new password rules apply automatically to all projects that are newly created using Expert 4.5 onwards. In these cases, there is no "Password security" checkbox!

Use of the old password rules

In projects that were created using a version of Expert prior to 4.5, the old passport rules can still be used from version 4.5. To continue using the old password rules, the "Password security" checkbox must be activated.
The old password rules automatically apply in all versions of Expert up to and including version 4.4.

Note

The "old password rules" are identical to the rules for user names!

WAP password

User's password. This is the password used to log on to the HS/FS via WAP.
Only numbers are permitted.
A random generator suggests a combination of numbers when the new user is created.

Alias

This is where the user's alias is specified. This is displayed in the system lists "Buddy list" and the "login list".

PIN validity (in sec.)

After calling up the PIN per phone, this is valid for the period set here.

Alarm

Yes	The user can receive visual alerts. With the existing connection to the HS/FS interface, a defined visualisation page comes to the foreground if an incident occurs. This event can be triggered via a command.

Camera direct access

Yes	The camera image is retrieved directly from the camera. The user must have direct access to the camera image, as the HS/FS links directly to this.

Important

We would recommend that you always choose this option where available! This relieves the load on the HS/FS.

2.IP restriction tab

One or several IP addresses or an IP address range can be assigned to each internal user. The addresses entered here are used to restrict access.
The restriction is set by the combination of the TCP IP address and net mask.
Only devices with this IP address or coming from this IP address range will have access to the HS/FS under this user.

Important

We would recommend that this option is not activated during the initial start up!

Example of an address range: 192.0.0.0 and corresponding netmask (e.g. 255.255.255.0).

The list is edited using the operating buttons directly to the right of the list: Insert, Delete, Change/Edit.

Limit internal access to the following IP addresses

Yes	Access is permitted only via the following addresses.
No	Access is not restricted. Access is possible via any TCP IP address. No account will be taken of any entries in the list.

3.PIN query tab

This mask is for specifying the phone numbers with which the user can call up a PIN.
More can be found on this under Portal process.
Several phone numbers can be entered in this list.
Users can request their PIN via these numbers.

The HS/FS only connects to the portal if one of the numbers from this list is called.

The list is edited using the operating buttons directly to the right of the list: Add, Remove, Edit.

Important: This procedure can be enabled for any phone number.

This option can be selected under Project/PIN.
Entries by the user always have priority if the HS/FS recognises the phone number!

3.1.Incoming phone number

The PIN is retrieved with this phone number.
The leading zero must always be replaced by an * (asterisk).
Example "*171123456". This is sometimes helpful in the case of international connections with a partially transmitted phone number.
A large part of the phone number can also be hidden using an * (asterisk).
E.g. "*123" means that all calls ending with 123 are answered.

Important

Only one * (asterisk) may be entered in the phone number!

3.2.Connect to portal

Yes	This entry refers only to the "Connect to the portal on demand only” portal setting. If this portal setting and “Yes” are selected, the HS/FS establishes a connection to the portal as soon as a PIN is queried from the HS/FS. If a permanent portal connection or no portal connection is configured, this entry is meaningless.

4.User rights tab

This is the mask in which user rights are configured.
A distinction is made between interfaces (designs), lists and administration.

Furthermore the following rules apply:

A user can log in multiple times
Up to 50 log-ins are possible from a single IP address
The total number of users is limited to 200 per HS/FS

4.1.Interface subtab

This is where the user rights for all types of access to the user interface are assigned.
A distinction is made between internal and external access, and also the type of access.

Access mode

The rights can be assigned in a different manner for internal and external access.

Internal	LAN
External	Internet, other address range

Access type

Access type	Explanation
Password	The user can use a user name and password to access the HS/FS via the Internet browser (HTML), WAP browser, or the client program.
PIN	The user can use a user name and PIN to access the HS/FS via the Internet browser (HTML), WAP browser, or the client program.
Password or PIN	The user can use a user name and password or user name and PIN to access the HS/FS via the Internet browser (HTML), WAP browser, or the client program.
No access	No access is possible.

Start with

This is where the type of start menu displayed to the user after log-in is determined.

Menu
Query
Visualisation

Query

The user starts with this query page.
All the query pages below it in the structure (hierarchical menu) are visible to the user, depending on the status of the control query objects. More information on the query function is available here.
Membership of a user group is a prerequisite.

User groups (read)

Important

This item is only available if user groups have been activated!

This is where the 'global' reading rights can be assigned for the access paths configured above (HTML, WAP, and client program). The page can be displayed, but no commands can be executed. An example explains the interrelationships.

User groups (execute)

Important

This item is only available if user groups have been activated!

This is where the 'global' rights to execute commands can be assigned for the access paths configured above (HTML, WAP, and client program). The page can be displayed and commands executed. An example explains the interrelationships.

4.1.1.Design subtab

A separate start page must be defined for each design

Visualisation

The user starts with this visualisation page. This can vary depending on the design.
The visualisation function does not have a hierarchical menu. Each visualisation page can call up all the other pages.
Membership of a user group is a prerequisite.

Jump back

If the option 'Jump back' is activated, a visualisation page to jump back to must be specified.

Important

The page entered here must also be able to be reached from the visualisation start page!

Time (in min.)

Jump back is activated after a period of inactivity on the part of the user. If no operating activity is determined during the time period set here (specified in minutes), the visualisation automatically switches to the specified jump back page.

Note

The jump back function is deactivated by specifying '0'.

4.2.Lists subtab

This is where the access rights to all lists (archives, login protocol, debug list etc.) are specified.

Access mode

The rights can be assigned in a different manner for internal and external access.

Internal	LAN
External	Internet, other address range

User groups (access)

Important

This item is only available if user groups have been activated!

The global authorisations for lists can be assigned here.
Detailed information is available here.

4.3.End points subtab

The access rights for the various end point objects are specified here. A list can be found here.

Access mode

The rights can be assigned in a different manner for internal and external access.

Internal	LAN
External	Internet, other address range

User groups (read)

Important

This item is only available if user groups have been activated!

The global read authorisations for end points can be assigned here.
Detailed information is available here.

User groups (write)

Important

This item is only available if user groups have been activated!

The global write authorisations for end points can be assigned here.
Detailed information is available here.

4.4.Administration subtab

This is where the admin rights are assigned.
If a user has these rights, he/she can configure the HS/FS and back up, delete, or upload the retentive data.

Access mode

The rights can be assigned in a different manner for internal and external access.

Internal	LAN
External	Internet, other address range

Important

At least one user with these rights is required, in order to be able to configure the HS/FS via network/Internet/ISDN remote access.

4.5.Certificate subtab

The access rights to the certificate are assigned here.
If a user has these rights, he/she can generate a new certificate, or upload an existing certificate (PEM file) to the HS/FS. ([IP address:]/hscert)

Access mode

The rights can be assigned in a different manner for internal and external access.

Internal	LAN
External	Internet, other address range

1.Data tab

Designation

User name

Password

WAP password

Alias

PIN validity (in sec.)

Alarm

Camera direct access

2.IP restriction tab

Limit internal access to the following IP addresses

3.PIN query tab

3.1.Incoming phone number

3.2.Connect to portal

4.User rights tab

4.1.Interface subtab

Access mode

Access type

Start with

Menu

Query

User groups (read)

User groups (execute)

4.1.1.Design subtab

Visualisation

Jump back

Time (in min.)

4.2.Lists subtab

Access mode

User groups (access)

4.3.End points subtab

Access mode

User groups (read)

User groups (write)

4.4.Administration subtab

Access mode

4.5.Certificate subtab

Access mode