The SystemWeaver Admin application, called swAdmin2, is a utility used by administrators to maintain user accounts in SystemWeaver Explorer.
The following tasks are available:
- Add, update and delete users
- Assign and unassign users to specific roles
- Set password requirements/policy and security levels of server
- Import users from an LDAP server
- View and handle current licenses
- View active sessions
- You must be assigned the "Administrator" role
When the administration software (swAdmin2.exe) is started, it will first display a general information page and a login form. In order to login, the user will need to enter the server name (TCP/IP address) of the SystemWeaver server, its TCP/IP port, their username and password. Click Login and the application will open to the Users screen. If there are any problems with the login, an error message will show up in red below the Login button. The user should be assigned the Administrator role for full functionality.
The interface consists of six sections:
- Import users
- Logged on
The Users tab is where swExplorer user accounts are managed.
The Users Toolbar
The toolbar provides the tools to edit, add, delete and batch deactivate all user accounts. You can also use the Find text box to filter and search for user accounts. To include inactive user accounts in the display, check the box provided.
The Users tab displays the following information:
- Username: A unique username. Usernames are not case-sensitive. Required.
- Network id: The user's network id that exists in your corporate Active Directory (AD). The user can then login without entering a password if they are already logged in to the corporate Active Directory. Optional.
- Name: The display name that consists of the user's first and last name. Recommended.
- E-Mail: The user's email address. Optional.
- Active: This is checked by default as it is assumed the new account will be active.
- Last Login: The date of the user's last login to the system. A null value indicates that the user has never logged in.
- Roles: The roles assigned to the user.
See Managing User Accounts for how to add, delete, search for and view accounts.
User roles are managed from the Roles tab. Although not required, users can be assigned a role to further define the type of access that they have. A user may have multiple roles.
On the Roles tab, the available SystemWeaver roles are listed to the left. If you select one in the list, the following information will display to the right:
- SID: The role's unique ID.
- Name: The name of the role.
- Info: Any optional information about the role that you want displayed for admin users.
- Description: This is read-only information.
- Users in role: A list of user accounts that are currently assigned to the role.
See Managing User Roles for a description of each role and how to assign and unassign roles.
The password requirements/policy and the security level of the SystemWeaver server is set on the Security tab.
- Min password length: Minimum number of characters in passwords to be accepted when users set new passwords.
- Quarantine period (days): Number of days until reuse of an old password of the user is allowed. The purpose of this setting is to prevent a user from reusing their favorite password by quickly changing a password the number of times required by the setting according to Number of passwords before reuse is allowed.
- Number of passwords before reuse is allowed: Number of passwords required until reuse of an old password of the user is allowed.
- Max password age (days): Number of days after a password was created until the user will be prompted for setting a new password.
- Request password change at login by default: Requires the user to change his/her password from the initial password created for the user account. The purpose of this setting is to minimize possible risks caused by passwords that have been sent via email to users. It also prevents users from saving their notification emails with generated passwords since these will be become obsolete.
- Level 0: Level 0 is equivalent to level 1. Note: In previous releases of SystemWeaver, level 0 meant that access was unrestricted for all libraries and items, regardless of the security setting of these.
- Level 1: In security level 1, any library or item may be freely accessed by any user unless an access right of the library or item has been set limited to a user or group, in which case access will be limited to this setting. However, on level 1 all users always have Read rights regardless of access rights settings.
- Level 2: In security level 2, access to libraries or items is limited to the explicit access rights of the library which applies to all items in that library. This means that no users have rights to a library without those rights being set up in the library. Still, on level 2 all users always have Read rights regardless of access rights settings, similar to level 1.
- Level 3: Security level 3 is equivalent to level 2, apart from that also Read rights are governed by the library and item security setting.
Examples for Security Level 3
If users are to be able to modify items created by other users, they will need "Items Write" rights to the libraries where those items reside.
If users are to be able to take out new versions of or release items created by other users, they will need "Items Change" rights to the libraries where those items reside.
Users without a minimum of Read rights to a library will see a "No access" status if they were to search for a particular item ID for an item in that library that they do not have access rights to. The only information provided is the item Name:
Note: Admin users must have the "Root" role to be able to modify the Security level. This role should be used restrictively and only be assigned to special, dedicated user accounts.
This tool enables Administrators to remove access to a number of standard user capabilities for swExplorer users using the Path Query Language. Learn more in Restricting Capabilities.
Users can be imported to SystemWeaver from an existing LDAP server (Lightweight Directory Access Protocol) using the Import users tab.
The tab displays the following:
Path: Populated with the LDAP configuration added using the Add new LDAP configuration button.
Clear: Clears the Path.
Filter: There are 3 filtering options using the Filter button:
- Name: Enter a string to filter on the name.
- Display name: Enter a string to filter on the Display name.
- Email: Enter a string to filter on the Email.
LDAP user list: Lists the LDAP users from the provided LDAP configuration.
See Importing Users From LDAP Server for more information.
The Licenses tab is used to manage license files. The following information is readily available at the top of the page:
Total available licenses: Number of currently available licenses of type "Read/Write" and "Read".
Activated users: Number of enabled users (using a license). These are the accounts marked as "Active".
Remaining licenses: Number of remaining licenses that exist and are available for use.
Find out more about license types.
The table displayed below the license information lists the current licenses.
Note: The Expiration Date is displayed in the third column. If the expiration date has passed, the license count associated with that License id will not be counted.
See Managing Licenses for how to retrieve your Server Id and add and delete licenses.
This screen is read-only and displays a list of user accounts with a current session. You can click on the column headers to modify the sort. Click Refresh to update.
The tab displays the following:
Username: User name
Name: User name displayed in SystemWeaver
E-mail: Email address (optional)
Active: Account status
Connected: Displays the login time stamp for the specific user session (row). If the user keeps the session up, the time stamp will remain unchanged. If they log out and back in, it will update to the new login time stamp. If multiple sessions are active for the same user account, they will all share the same login time stamp.
IP: IP address from which the connection is made
Computer: Alias name for computer from which the connection is made
User: Computer system user name
Client: Client application used for connection
Connection: Provides additional information helpful for Administrators:
- For connections that have been disabled due to multiple logins from different IP addresses, a "Disabled" message will display. The entry (row) and message will continue to display until the client is closed out (e.g., via the Logout button or Xing out of the client).
- If Slave or MIrror Servers are run, the Write channels will be identified in this column.
Last call: indicates the last time the server received a call from the client.
Mirror: indicates a mirror server connection.
Refresh: will update the page.
Open connections: displays the number of active, successful connections to the server.
Active read/write licenses: displays the number of read/write licenses currently being used.
Active viewer licenses: displays the number of read-only licenses currently being used.
Note: In version R33 or earlier, entries with missing information for Username and Name are failed connections, e.g., due to wrong password, etc., that are hung. A server restart will clear them.