Managing users

The Security tab in Manager contains a Users link where you can view a list of your users. The appearance of this panel varies depending on where you're storing your user information. If you're using SQL Server as your user store, you have the option to add, modify, and delete users within Manager. If you are using a custom provider for users, you may be able to add and modify users if the provider supports it. If your users are Windows users, the view on this panel is read-only. When the view is read-only, you need to use the tools inherent in Windows or your custom provider to add, modify, and delete users.

When your user store has many users, you can filter them to show just a portion of the total user list. Use the options near the top of the panel to limit the display to the users you want to view.

If users have been assigned to roles, you can click the plus (+) button to the left of the user name to view, and edit (depending on your user store), the roles the user is a member of.

The following sections explain the Manager tools for adding, modifying, and deleting users that you've stored in a SQL Server database.

Add users

NoteNote:
Before proceeding with the add users instructions, you must define a security store in SQL Server to store users and roles. Otherwise, the add users capability will not display. For more information, please see the topic Setting up users and roles in SQL Server.

In Manager, select the Security module. Add a new user by clicking Add User on the Users panel. This displays a dialog box to add the user. Some custom providers also support adding users through this dialog box. In this dialog box, you can set the following:

Do not use a comma (,) or semicolon (;) in the user name. Other special characters may not be allowed by the membership provider. If you see an error when attempting to add the user, try again without the special character.

Password strength requirement. By default, when adding a user, a strong password is required. With these settings, passwords must be at least seven characters and must contain at least one nonalphanumeric character (such as #, %, or ^). These requirements are based on the membership provider in ASP.NET, which is used when users are added or edited in Manager. These password settings can be modified to require a different length of password or a different number of nonalphanumeric characters. You modify these settings by editing the <providers> tag inside the web.config file of the <ArcGIS Instance>\Security Web application. For example, to not require a nonalphanumeric character, set the attribute for minRequiredNonalphanumericCharacters to 0 (you can add the attribute if it is not present). Any changes to password policy will only affect accounts created or changed after you save the web.config file. For details, see the Microsoft document http://add Element for providers for membership (ASP.NET Settings Schema).

Once you have set the user's properties, click Add User to save the new user to the database and return to the Users panel. Click Cancel to abandon creation of the new user.

Modifying users

To update an existing user, click the corresponding Edit (pencil) icon in the users list. The Edit dialog box resembles the Add User dialog box, except that you cannot change the user name. You also cannot change passwords for users with this dialog box. See the next section for information on changing and recovering passwords.

An account may become locked if multiple failed attempts are made to log in with the user's account within a short period of time. This is a built-in feature in ASP.NET. If an account becomes locked, the Locked status in the user properties will indicate that the account has been locked. To unlock the accounts in SQL Server, use SQL Server Management Studio (Express) to open the user database, Membership table, and change the IsLockedOut column for the user). For users in a custom provider, you must use tools specific to your custom provider to unlock the account.

Once you have made your changes, click the Apply button to save the changes and make additional changes, or click OK to save the changes and return to the Users panel. Click Cancel to abandon any changes made and return to the Users panel.

Changing and recovering lost passwords

Manager cannot be used to change or view passwords once an account is created. Some security storage types do support password management. For example, SQL Server supports changing and recovering passwords, whereas for Windows users, native operating system tools must be used to manage passwords. If the security store supports them, the following tools are available to change passwords and to recover lost passwords:

Several issues may affect the recovery of passwords:

Deleting users

To delete a user, click the Delete icon (red circle with an X) next to the user's name. You'll be prompted to confirm that you want to delete the user.


8/22/2012