Prerequisites

To invoke the user-manager command, the 'Edit user account' access right is required.

Overview

As of Rhapsody 6.1, users can belong to multiple groups. Groups have been extended to be able to define access rights for a specific locker.

Supported Options

  • print
  • user
  • delete-user
  • group
  • delete-group
  • password-policy

Common Usage

This section describes the tools for setting up users, groups and password policy. It is recommended you set up users and groups as follows:

  1. Use the User Manager to set up users and groups as required.

  2. Print the User Manager settings by running the following script:

    <user-manager>
     <print/>
</user-manager>
  3. Copy the User Manager settings into a new script.
  4. Edit the generated <user> commands, as required. For example, modify user passwords.
  5. Run the new script to recreate the groups and users on another engine.

Each time the Rhapsody Engine is upgraded, it is possible that the access rights on the groups will change. Any automated group creation will have to be regenerated after each upgrade, otherwise it is possible that users may not have the correct permissions.

Example

<!-- Print commands that can be pasted into a script to recreate the current users, password policy and groups -->
<user-manager>
    <print/>
</user-manager>
 
<!-- Set a user's password -->
<user-manager>
    <user name="Administrator" password="yourock"/>
</user-manager>

<!-- Create users: -->
<user-manager>
    <!-- Users can belong to one or more groups -->
    <user name="Emily" password="abracadabra">
        <group name="Administrator"/>
        <group name="Developer"/>
    </user>
</user-manager>

<!-- Remove users and groups -->
<user-manager>
    <delete-user name="Jayma"/>
    <delete-user name="Joshalyn"/>
    <delete-group name="Developer"/>
    <delete-group name="Monitoring"/>
</user-manager>

<!-- Set the password policy -->
<user-manager>
    <password-policy>
        <complexity min-length="3" min-lowercase="1" min-uppercase="0" min-numbers="0" min-symbols="0"/>
        <expiry enabled="true" days="23"/>
        <reuse allowed="true" after-days="32"/>
        <lockout mode="never"/>
    </password-policy>
</user-manager>

<!-- Configure a minimum password length policy -->
<user-manager>
    <password-policy>
        <complexity min-length="8"/>
    </password-policy>
</user-manager>

<!-- Configure a lockout policy after three failed logins -->
<user-manager>
    <password-policy>
        <lockout mode="lockout" failures="3"/>
    </password-policy>
</user-manager>

<!-- Create and configure groups -->
<user-manager>
    <group name="Administrator">
        <access-right>ide view</access-right>
        <access-right>ide edit</access-right>
        <access-right>users edit</access-right>
        <access-right>create locker</access-right>
        <!-- ... -->
    </group>
    <group name="Developer" enabled="false">
        <access-right>ide view</access-right>
        <access-right>ide edit</access-right>
        <access-right>locker edit</access-right>
        <!-- ... -->
        <locker name="HospitalA">
            <access-right>locker view</access-right>
            <access-right>locker edit</access-right>
        </locker>
        <locker name="HospitalB">
            <access-right>locker view</access-right>
        </locker>
    </group>
    <group name="Monitoring" password-never-expires="true">
        <!-- ... -->
    </group>
</user-manager>