Anonymous, bureaucrat, administrator
7,528
edits
Changes
Created page with "= Overview = This document forms part of the bxp Release 10 Service Enhancement Release 1 suite of changes found here Bxp_Release_10_SER_1_prerelease_notes == System A..."
= Overview =
This document forms part of the bxp Release 10 Service Enhancement Release 1 suite of changes found here [[Bxp_Release_10_SER_1_prerelease_notes]]
== System Access Management [[File:016.png]] ==
=== User tabs ===
Given the length of the user setup screens a more effective interface screen is being designed.
Borrowing from the tabs capability of forms the interface will follow this format.
{| class="wikitable"
! Structure
! Presentation
|-
| [[File:bxpR10SER1_014.png]] || [[File:bxpRelease10_sam_layout_001.png|400px]]
|-
|}
The tab bar will contain the sections currently available but only show the fields when that tab is clicked
The Module title and counts bar will use module icons (with name and count of ticks on hover over)
Then upon clicking the module, the sections for the module appear for selection.
The module access tick box (overall access to the module) will be removed in favour of intelligent access if you have access to 1 or more sections in the module.
=== UAM “function” support engine ===
Since the launch of UAM it’s speed, accuracy and popularity amongst clients and security specialists has shown that a UAM approach is far more effective for administrators to manage a business.
https://www.bxpsoftware.com/wixi/index.php/UAM_-_User_Access_Management
A system setting flagging “Using UAM” will be added to system settings.
When turned on in a system, add and edit a user will only provide a list of UAM buttons. The buttons will self-generate based on accounts flagged as templates.
UAM template users will have flags available allowing them to be easily managed, using the new enhanced layout above.
Any modifications of the UAM accounts will be logged in the audit trails.
The user management console will be moved to prominently appear in the user administration section of SAM.
Each user account if based on a UAM will now have a flag listing on which UAM template user account it is based. This will help reporting and group user updates.
=== UAM and SAM wixis ===
After all these changes a significant amount of wixi material will need to be updated to reflect the new user interfaces.
This documentation will see a gap between go live and testing where documentation may exist on the wixi before the functionality is in place.
=== Password blacklist engine ===
This facility will allow clients and the bxp administration team to apply a list of weak known hack attempted passwords which may validate as strong. These password combinations are designed to reduce risk of security break-ins even if the password strength is flagged as strong.
A global list will be maintained by All n One, with clients able to control their own lists from inside System Settings.
The support article is available here [[Security_-_Password_Blacklist]]
[[File:password_blacklist_001.png|800px]]
=== Client table alterations ===
The client table will have a number of fields added to support numerous new functions
Attempting to logically group items without adding tabs unnecessarily, the Lister and Jotter and Reminders and Time Tracker options have been moved to a tab called Module Specific. This replaces the "Lister and Jotter" and "Reminders" tabs.
{| class="wikitable"
! Field
! Use
! Status
! Available in Tab
|-
| strClient_3rdPartyEngine || to allow mapping to 3rd party system || Editable || Primary Security Details
|-
| strClient_3rdPartyUserId || the equivalent Id in the 3rd party system || Editable || Primary Security Details
|-
| strClient_IsUAM || to flag account is a UAM template || Editable || UAM Management
|-
| strClient_UAMTitle || to allow reporting and grouping of UAM permissions || Editable || UAM Management
|-
| strClient_LimitTimeTrackerCosting || to influence Time Tracker option display on day view. || Editable || Module Specific
|-
| strClient_LastEdited_LastDateTime || to make editing reporting easier || Read Only || Security Information
|-
| strClient_LastEdited_LastByWhom || to make editing reporting easier || Read Only || Security Information
|-
| strClient_Retired_LastDateTime || to make retired reporting easier || Read Only || Security Information
|-
| strClient_Retired_LastByWhom || to make retired reporting easier || Read Only || Security Information
|-
|}
=== Security - Retired date time ===
Whilst this information is available through the audit logs it is not easily reported upon.
* When was a user retired?
* Who retired the user?
There will be the addition of two summary data fields to the Client table
* strClient_Retired_LastDateTime
* strClient_Retired_LastByWhom
The reason they have last is that the information will only be the last time an account was retired. So if it was retired multiple times, this field will only hold the last data. This also compensates for the fact that logs are only held for 6 months.
So if you go over the 6 months without manually backing up the logs the information is no longer auditable.
# So the fields will be added for future record changes only
# The columns of information will be made available in the retired functions search abilities
# A dedicated report in SAM will be provided to allow reporting on these fields.
The fields if a user is already retired will be initialised to.
* Last Date Time will be the date that the field is implemented
* By Whom will be associated with the Admin istrator account.
=== System Settings - Tabbed view ===
To reduce space on screen for very long screens with lots of settings, tabs, as used in KeyStats are being implemented system wide. The layout will change for the System Settings page with all the same sections and fields just tabbed.
==== Primary Interface Options ====
A new filed for "Table Styling" discussed later will be made available on this screen. [[Table_Styling]]
==== Form-BEMail SPAM ====
This new tab is for BEmail on arrival of an email to a bxp for SPAM checks to be performed. These values are used by all forms which are using the spam engine.
[[System_Settings#Form_-_BEmail_SPAM]]
==== Google Maps ====
This tab is for customisation and support of Google Maps options system wide.
[[System_Settings#Google_Maps]]
=== System Keywords - Tabbed view ===
To reduce space on screen for very long screens with lots of settings, tabs, as used in KeyStats are being implemented system wide.
The layout will change for the System Keywords page with all the same sections and fields just tabbed.
There are no new fields on this page.
=== SAM - User Administration - Menu Changes ===
Every user in bxp can have a vast amount of information stored about them. As bxp provides more specialised Human Resources tools and expands user specific capability the amount of information available to security becomes cluttered and less secure. For this reason the HR details of a user referred to as "User Details" is being moved to the HR management module. All other security related functions will remain untouched.
As is good security and systems maintenance practice, consistent naming is being applied across bxp menus. One heavily changing is the User Administration menu.
As the "Send Welcome Email" engine for single user is full accommodated by the "Send Welcome Email" engine for multiple users to keep things as clear as possible, the single user engine has been removed.
* "User - Add" becomes the very clear title for the more obscurely named "Add User - Security Details Only"
* "Copy User - Includes selected security permissions" becomes the more appropriately titled "User - Copy (including content access permissions)"
* "Edit User - Security Details" becomes "User - Edit"
* As explained "Edit User - User Details" is removed to the HR manager module
* As explained "Send welcome email (with account details)" is removed
* "Mass Send welcome email (with account details)" becomes "Send welcome email (with account details)"
* "Release Lock Out" becomes "Security - Release Lock Out" in line with the naming convention
* The UAM functionality as discussed above now appears in the menu as options
** UAM - Template User - Add
** UAM - Template User - Edit
{| class="wikitable"
! Was
! Becomes
|-
| [[File:UserAdministration_release10_Was.png|400px]]
| [[File:UserAdministration_release10_Becomes.png|400px]]
|-
|}
=== SAM - System Management - Menu Changes ===
A number of small changes are being applied to the System Management menu for house keeping and tidiness improvements. These are cosmetic name changes, no functionality has been altered to existing functions.
Consoles
* The two consoles are still at the top but slightly renamed to bring them inline with naming conventions used throughout
System level functions
* All System Wide functions have been grouped and moved to the top of the menu
* Module Names has been renamed to System Modules Names to improve menu option consistency
Group user functions
* The group user functions appear together next
Retired user functions
* Edit Retired Users has become Retired - Edit user
* Group User - Modify Details (Retired Users) has become Retired - Group User - Modify Details to help clarity of system use
Custom folder support
* These two new menu items area discussed above as the new function to manage the custom folder via sFTP
Security - Functional Access Matrix is a report not a modification tool. Therefore it has been moved to Security Reports instead.
{| class="wikitable"
! Was
! Becomes
|-
| [[File:SystemManagement_release10_Was.png]]
| [[File:SystemManagement_release10_Becomes.png]]
|-
|}
=== System Information tab ===
With the new tab layout there is the addition of a specific new tab which is a reporting tab not an editing tab. This tab provides at a glance support information for System and Security Champions alike. The tab will take the following format and the layout is dictated by the system chosen layout (see 3.8 below)
[[File:bxpRelease10_securityInfoTab_001.png|800px]]
=== SAM - Security Group - Menu Changes ===
Again making the naming of functions consistent system wide, some minor naming changes
{| class="wikitable"
! Was
! Becomes
|-
| [[File:SecurityGroup_release10_Was.png|400px]]
| [[File:SecurityGroup_release10_Becomes.png|400px]]
|-
|}
=== User Status report ===
A new column has been added to the data of this report to reflect the UAM title of the user.
As per section 3.8, the user status report is now styled using the Table styling selected as per the system.
== BEmail Interface rewrite ==
The BEmail accounts interface has been updated to use tabs. Full documentation updated in place [[BEMail_accounts]]
A log error during the tidy identified that quite a number of fields that should have appeared were not appearing. These now display and are documented properly above.
The search screen now includes the description and server fields to help identification of accounts.
A new delete function has been added to allow deletion of redundant accounts. Before deletion occurs:
* The system checks if the BEmail account chosen is actually connected to a form. If it is a link to edit the form is provided and deletion isn't allowed
* If the BEmail account is not linked to a form, the engine checks who the creator of the account is. If this isn't you a notice is displayed saying retire the user or ask that user to delete the account.
* If BEmail is not linked to a form, was set up by you or the user is retired, then deletion will be allowed to continue.
[[Category:Topic:bxp Release 10 SER 1]]
This document forms part of the bxp Release 10 Service Enhancement Release 1 suite of changes found here [[Bxp_Release_10_SER_1_prerelease_notes]]
== System Access Management [[File:016.png]] ==
=== User tabs ===
Given the length of the user setup screens a more effective interface screen is being designed.
Borrowing from the tabs capability of forms the interface will follow this format.
{| class="wikitable"
! Structure
! Presentation
|-
| [[File:bxpR10SER1_014.png]] || [[File:bxpRelease10_sam_layout_001.png|400px]]
|-
|}
The tab bar will contain the sections currently available but only show the fields when that tab is clicked
The Module title and counts bar will use module icons (with name and count of ticks on hover over)
Then upon clicking the module, the sections for the module appear for selection.
The module access tick box (overall access to the module) will be removed in favour of intelligent access if you have access to 1 or more sections in the module.
=== UAM “function” support engine ===
Since the launch of UAM it’s speed, accuracy and popularity amongst clients and security specialists has shown that a UAM approach is far more effective for administrators to manage a business.
https://www.bxpsoftware.com/wixi/index.php/UAM_-_User_Access_Management
A system setting flagging “Using UAM” will be added to system settings.
When turned on in a system, add and edit a user will only provide a list of UAM buttons. The buttons will self-generate based on accounts flagged as templates.
UAM template users will have flags available allowing them to be easily managed, using the new enhanced layout above.
Any modifications of the UAM accounts will be logged in the audit trails.
The user management console will be moved to prominently appear in the user administration section of SAM.
Each user account if based on a UAM will now have a flag listing on which UAM template user account it is based. This will help reporting and group user updates.
=== UAM and SAM wixis ===
After all these changes a significant amount of wixi material will need to be updated to reflect the new user interfaces.
This documentation will see a gap between go live and testing where documentation may exist on the wixi before the functionality is in place.
=== Password blacklist engine ===
This facility will allow clients and the bxp administration team to apply a list of weak known hack attempted passwords which may validate as strong. These password combinations are designed to reduce risk of security break-ins even if the password strength is flagged as strong.
A global list will be maintained by All n One, with clients able to control their own lists from inside System Settings.
The support article is available here [[Security_-_Password_Blacklist]]
[[File:password_blacklist_001.png|800px]]
=== Client table alterations ===
The client table will have a number of fields added to support numerous new functions
Attempting to logically group items without adding tabs unnecessarily, the Lister and Jotter and Reminders and Time Tracker options have been moved to a tab called Module Specific. This replaces the "Lister and Jotter" and "Reminders" tabs.
{| class="wikitable"
! Field
! Use
! Status
! Available in Tab
|-
| strClient_3rdPartyEngine || to allow mapping to 3rd party system || Editable || Primary Security Details
|-
| strClient_3rdPartyUserId || the equivalent Id in the 3rd party system || Editable || Primary Security Details
|-
| strClient_IsUAM || to flag account is a UAM template || Editable || UAM Management
|-
| strClient_UAMTitle || to allow reporting and grouping of UAM permissions || Editable || UAM Management
|-
| strClient_LimitTimeTrackerCosting || to influence Time Tracker option display on day view. || Editable || Module Specific
|-
| strClient_LastEdited_LastDateTime || to make editing reporting easier || Read Only || Security Information
|-
| strClient_LastEdited_LastByWhom || to make editing reporting easier || Read Only || Security Information
|-
| strClient_Retired_LastDateTime || to make retired reporting easier || Read Only || Security Information
|-
| strClient_Retired_LastByWhom || to make retired reporting easier || Read Only || Security Information
|-
|}
=== Security - Retired date time ===
Whilst this information is available through the audit logs it is not easily reported upon.
* When was a user retired?
* Who retired the user?
There will be the addition of two summary data fields to the Client table
* strClient_Retired_LastDateTime
* strClient_Retired_LastByWhom
The reason they have last is that the information will only be the last time an account was retired. So if it was retired multiple times, this field will only hold the last data. This also compensates for the fact that logs are only held for 6 months.
So if you go over the 6 months without manually backing up the logs the information is no longer auditable.
# So the fields will be added for future record changes only
# The columns of information will be made available in the retired functions search abilities
# A dedicated report in SAM will be provided to allow reporting on these fields.
The fields if a user is already retired will be initialised to.
* Last Date Time will be the date that the field is implemented
* By Whom will be associated with the Admin istrator account.
=== System Settings - Tabbed view ===
To reduce space on screen for very long screens with lots of settings, tabs, as used in KeyStats are being implemented system wide. The layout will change for the System Settings page with all the same sections and fields just tabbed.
==== Primary Interface Options ====
A new filed for "Table Styling" discussed later will be made available on this screen. [[Table_Styling]]
==== Form-BEMail SPAM ====
This new tab is for BEmail on arrival of an email to a bxp for SPAM checks to be performed. These values are used by all forms which are using the spam engine.
[[System_Settings#Form_-_BEmail_SPAM]]
==== Google Maps ====
This tab is for customisation and support of Google Maps options system wide.
[[System_Settings#Google_Maps]]
=== System Keywords - Tabbed view ===
To reduce space on screen for very long screens with lots of settings, tabs, as used in KeyStats are being implemented system wide.
The layout will change for the System Keywords page with all the same sections and fields just tabbed.
There are no new fields on this page.
=== SAM - User Administration - Menu Changes ===
Every user in bxp can have a vast amount of information stored about them. As bxp provides more specialised Human Resources tools and expands user specific capability the amount of information available to security becomes cluttered and less secure. For this reason the HR details of a user referred to as "User Details" is being moved to the HR management module. All other security related functions will remain untouched.
As is good security and systems maintenance practice, consistent naming is being applied across bxp menus. One heavily changing is the User Administration menu.
As the "Send Welcome Email" engine for single user is full accommodated by the "Send Welcome Email" engine for multiple users to keep things as clear as possible, the single user engine has been removed.
* "User - Add" becomes the very clear title for the more obscurely named "Add User - Security Details Only"
* "Copy User - Includes selected security permissions" becomes the more appropriately titled "User - Copy (including content access permissions)"
* "Edit User - Security Details" becomes "User - Edit"
* As explained "Edit User - User Details" is removed to the HR manager module
* As explained "Send welcome email (with account details)" is removed
* "Mass Send welcome email (with account details)" becomes "Send welcome email (with account details)"
* "Release Lock Out" becomes "Security - Release Lock Out" in line with the naming convention
* The UAM functionality as discussed above now appears in the menu as options
** UAM - Template User - Add
** UAM - Template User - Edit
{| class="wikitable"
! Was
! Becomes
|-
| [[File:UserAdministration_release10_Was.png|400px]]
| [[File:UserAdministration_release10_Becomes.png|400px]]
|-
|}
=== SAM - System Management - Menu Changes ===
A number of small changes are being applied to the System Management menu for house keeping and tidiness improvements. These are cosmetic name changes, no functionality has been altered to existing functions.
Consoles
* The two consoles are still at the top but slightly renamed to bring them inline with naming conventions used throughout
System level functions
* All System Wide functions have been grouped and moved to the top of the menu
* Module Names has been renamed to System Modules Names to improve menu option consistency
Group user functions
* The group user functions appear together next
Retired user functions
* Edit Retired Users has become Retired - Edit user
* Group User - Modify Details (Retired Users) has become Retired - Group User - Modify Details to help clarity of system use
Custom folder support
* These two new menu items area discussed above as the new function to manage the custom folder via sFTP
Security - Functional Access Matrix is a report not a modification tool. Therefore it has been moved to Security Reports instead.
{| class="wikitable"
! Was
! Becomes
|-
| [[File:SystemManagement_release10_Was.png]]
| [[File:SystemManagement_release10_Becomes.png]]
|-
|}
=== System Information tab ===
With the new tab layout there is the addition of a specific new tab which is a reporting tab not an editing tab. This tab provides at a glance support information for System and Security Champions alike. The tab will take the following format and the layout is dictated by the system chosen layout (see 3.8 below)
[[File:bxpRelease10_securityInfoTab_001.png|800px]]
=== SAM - Security Group - Menu Changes ===
Again making the naming of functions consistent system wide, some minor naming changes
{| class="wikitable"
! Was
! Becomes
|-
| [[File:SecurityGroup_release10_Was.png|400px]]
| [[File:SecurityGroup_release10_Becomes.png|400px]]
|-
|}
=== User Status report ===
A new column has been added to the data of this report to reflect the UAM title of the user.
As per section 3.8, the user status report is now styled using the Table styling selected as per the system.
== BEmail Interface rewrite ==
The BEmail accounts interface has been updated to use tabs. Full documentation updated in place [[BEMail_accounts]]
A log error during the tidy identified that quite a number of fields that should have appeared were not appearing. These now display and are documented properly above.
The search screen now includes the description and server fields to help identification of accounts.
A new delete function has been added to allow deletion of redundant accounts. Before deletion occurs:
* The system checks if the BEmail account chosen is actually connected to a form. If it is a link to edit the form is provided and deletion isn't allowed
* If the BEmail account is not linked to a form, the engine checks who the creator of the account is. If this isn't you a notice is displayed saying retire the user or ask that user to delete the account.
* If BEmail is not linked to a form, was set up by you or the user is retired, then deletion will be allowed to continue.
[[Category:Topic:bxp Release 10 SER 1]]