Establishing user profiles
4. Establishing user profiles
A user profile must be established for each person who will be using TMWSuite. The user profile gives access to the system. The user profile includes a TMWSuite user account, a database login ID and password, and a database account. You can customize each user profile so that different levels of access can be granted to users.
The following subsections explain how user profiles are administered in TMWSuite:
User logins and accounts 4.2
Setting up and understanding password security measures 4.3
Configuring the system to use case sensitive passwords 4.4
[Misc] CaseSensitivePasswords 4.4
Enforcing Microsoft SQL Server standards for password complexity 4.5
[Security] EnableSQLPasswordPolicy 4.5
Encrypting TMWSuite passwords 4.6
Encrypting TotalMail passwords 4.6
[Misc] EnableTMPasswordEncryption 4.6
Understanding the Edit User Profiles window 4.7
Restricting user access to RevType1 values 4.14
LabelFilterRevtype1 4.14
Adding a user to TMWSuite 4.15
Adding a user to TMWSuite and TotalMail at one time 4.19
Editing an existing user profile 4.23
Resetting TMWSuite passwords 4.25
Resetting a user’s password if you are a system administrator 4.25
Requiring users to change their passwords 4.26
[Misc] AlertToPasswordExpiration 4.26
How users can reset their own passwords 4.27
Removing a user from the system 4.28
User logins and accounts
TMWSuite runs off a Microsoft SQL Server database. SQL Server requires you to have both of the following:
· Database user login
A database login registers a user on the server that stores the master database. The login is like a key to your company’s building. It gives you access to the database.
· Database account
A user must also have an account in the TMWSuite database. A database user login (described above) must exist before he/she can have a database account.
Note: A system administrator may choose to create a user login and a database account viaSQL.
The database account is like an office within your company’s building. The key (user login) allows you into the building (the database). Unless you are the system administrator, you do not have free access to every area within the database. The database account gives you the authority to enter, view and possibly change the contents of one or more offices (tables) in the building (the database). For more information on user logins and database accounts, see your database system administrator's guide.
Although you can use SQL Server to access and change information in a database, the typical user will not have the desire or technical knowledge to do so. TMWSuite acts as the “front end” to the database. It is a more user-friendly gateway to the information. To use the system to make database changes, a user must have a TMWSuite account. The system uses the user's TMWSuite account to establish application-level security.
TMWSuite is like a file cabinet. To create useful categories or “work spaces,” TMWSuite has several file drawers, called applications. Each application has a primary purpose. The key “drawers” within the base TMWSuite system are these applications:
· System Administration
Used to set up user-defined fields, to establish the rules that determine how the system operates, and to record information about users authorized to access the system.
· File Maintenance
Used to record, look up and update information about the key entities in your business, such as companies, drivers, tractors, trailers, carriers and commodities.
· Order Entry
Used to record, look up and modify information about customer requests for service.
· Dispatch
Used to make resource assignments and to update trip information.
· Rate Schedules
Used to set up billing rates and pay rates; also establishes the conditions that determine when individual rates apply.
· Invoicing
Used to prepare invoices to bill customers for services performed.
· Settlements
Used to prepare payment for company drivers, owner/operators and carriers.
As with the drawers to your file cabinet, you may want to look up and compare information in several drawers (applications) at once. You may want to make notes (enter data) on several pages (screens) contained in a particular drawer (application).
In some cases, you may want to prevent unauthorized personnel from looking in some drawers, or modifying information contained in particular drawers or on particular forms (screens). Therefore, you may lock the drawers and/or hide forms away (apply application, screen, field, or menu security). A user’s TMWSuite account determines authorization levels.
Setting up and understanding password security measures
As system administrator, you have several options in setting up and managing TMWSuite user logins and passwords.
· Some of these options are controlled by settings in the TTS50.ini file, and must be configured before you begin creating users. These settings apply to all users.
· Others are accessed in the Edit User Profile screen in the System administration application. They can be assigned per user.
It is important that you understand these options before you begin creating users for a new installation of TMWSuite, or decide to change how existing users log in.
Note: To avoid problems with existing logins, you should not change your TMWSuite login method without first checking with your TMW Support team. In some cases, it may be necessary to apply a SQL script to your database to maintain the usability of existing passwords.
Configuring the system to use case sensitive passwords
By default, when a user enters a TMWSuite or TMW Operations password, the system ignores the SHIFT key and accepts the entry as upper case. The [Misc]CaseSensitivePasswords setting in your TTS50 allows you to configure your system to use case-sensitive passwords. This setting will affect the logon process for TMWSuite, TMW Operations, and Microsoft SQL Server.
[Misc]CaseSensitivePasswords /
Applies to / TMWSuite, TMW Operations
Description / This setting controls whether the system treats TMWSuite and TMW Operations login passwords as case sensitive. 05/21/14 CJ: TBT in CRM, FD, IS.
Options / · OFF (default)
System stores password as all upper case.
Notes:
1. Although the system default is still OFF, TMW has opted to change the value in the installed TTS50 file to ON. If the setting is not present in your INI file, the system default of OFF will apply.
2. When you use this option, you can log on to TMWSuite or TMW Operations by typing your password in mixed case. The system accepts and processes the password as being entered in upper case.
3. When logging on to Microsoft SQL Server 2005 and later, you must type your password in upper case. Press the SHIFT key to do this.
4. If you create a password using this option, but later switch to the ON option, you must type your password in upper case. Use the SHIFT key to do this. This applies to TMWSuite, TMW Operations, and Microsoft SQL Server 2005 (and later).
· ON
System stores the password as it was entered.
Notes:
1. When you use this option, TMWSuite, TMW Operations, and Microsoft SQL Server 2005 (and later) use the case sensitive password during the logon process.
2. Passwords created using this option, will not work if:
· The setting is switched to the OFF option.
· The setting is removed from your TTS50.
If this occurs, contact your system administrator.
1. Additional Notes / 2. If the system is set up to use Microsoft SQL Server standards for password complexity, passwords must contain at least one letter, one number, and one non-alphanumeric character, such as an exclamation point. The password must not contain your entire account name or display name.
Enforcing Microsoft SQL Server standards for password complexity
On systems running TMWSuite V.2010 build 2010.09_08.0536 or later, you can have TMWSuite enforce SQL Server’s policy for password complexity. Password complexity is enforced when the system administrator creates a new user, or when a user changes his or her password. If the password fails complexity checking, an error similar to this example is displayed.
To turn on password complexity checking, use the following setting in the [Security] section of your TTS50.
[Security]EnableSQLPasswordPolicy /
Applies to / TMWSuite: 2010.09_08.0536
Description / This setting controls whether Microsoft SQL Server standards for password complexity are applied to TMWSuite login passwords. 06/02/2014 CJ: TBT in CRM, FD, IS, Ops
Options / · FALSE (Default)
Do not apply Microsoft SQL Server standards for password complexity to TMWSuite login passwords.
· TRUE
Apply Microsoft SQL Server standards for password complexity to TMWSuite login passwords.
Note:
1. To use this option, you must make the entry in your TTS50 before you create TMW users. If you turn on this function after you have created TMWSuite user logins, existing logins will not be affected. In this case, it will be necessary to set the "Enforce Password Policy" manually using SQL Tools or by creating a script. Contact your TMWSuite Support Team for assistance.
2. To use this option, you must use the Windows Server 2003 operating system and Microsoft SQL Server 2005, or later versions of these products.
Encrypting TMWSuite passwords
When you create a TMWSuite user login, you can specify that the password be encrypted. The Encrypt Password check box is located on the Edit User Profiles screen, and can be selected or cleared per user.
Encrypting TotalMail passwords
When you create or change a TMWSuite password for a TMWSuite user who is also a TotalMail user, the system updates the TotalMail password on the TotalMail database server. To support the use of encrypted TotalMail passwords, your TotalMail database must be configured to accept Secure Logins. Contact TotalMail Support for assistance with setup.
Your version of TMWSuite determines whether you can encrypt TotalMail passwords even if they are on separate servers:
· For TMWSuite versions before 2010.09_08.0536, the TotalMail password can be encrypted only if TMWSuite and TotalMail are installed on the same server.
· For TMWSuite 2010.09_08.0536 and later, the TotalMail password can be encrypted even if TMWSuite TotalMail are on different servers.
To use encrypted TotalMail passwords, you must set EnableTMPasswordEncryption=Y in the [Misc] section in your TTS50. This setting controls whether the system will attempt to encrypt the password sent to TotalMail when a user logs on to TMWSuite using an encrypted password.
[Misc]EnableTMPasswordEncryption /
Applies to / TMWSuite: 2010.09_08.0536
Description / This setting controls whether the system will attempt to encrypt the password sent to TotalMail when a user logs on to TMWSuite using an encrypted password. 05/21/14 CJ: TBT in CRM, FD, IS, Ops.
Options / · N (default)
Do not encrypt the TotalMail password.
Note: This option will prevent encryption of the TotalMail password, even if the user’s TMWSuite user profile is set up to provide password encryption.
· Y
Encrypt the TotalMail password.
Notes:
1. TMWSuite password encryption is set in the user’s profile. Profiles are set up in the System Administration application.
2. For TMWSuite versions before 2010.09_08.0536, the TotalMail password can be encrypted only if TMWSuite and TotalMail are installed on the same server.
3. For TMWSuite 2010.09_08.0536 and later, the TotalMail password can be encrypted even if TMWSuite and TotalMail are on different servers.
Understanding the Edit User Profiles window
You create and edit user profiles in the System Administration application’s Edit User Profiles window, which can be accessed in the System Administration application.
Add TMWSuite User / Select this check box to establish a TMWSuite user account.Add User to Server / Select this check box to add a database login ID to the master database.
Notes:
1. If you are uncertain whether the user has a database login, check the Add User to Server check box anyway. If a login account already exists for the user, a note indicating this will be displayed when you save the record.
2. When you select the Add User to Server check box, a Password field is displayed in the lower portion of the window. Normally, you assign a database password when you create a database login.
Add User to TMWSuite Database / Select this check box to add a user account to the database.
Note: If you are uncertain whether the user has a database account, check the Add User to TMWSuite Database check box anyway. If a database account already exists for the user, a note indicating this will be displayed when you save the record.
Add User to TotalMail / Select this check box to add the user to TotalMail.
Note: Although it is not required, it is possible to add user accounts to the TotalMail database at the same time you add them to TMWSuite. For details, see the section Adding a user to TMWSuite and TotalMail at the same time.
Login Id / Unique database login ID assigned to the user.
Note: Use numeric or alphabetic characters. Due to the limitations of Microsoft SQL Server, using spaces or special characters (for example, #$@*!) may cause the creation of the user in the TMWSuite database to fail.
Password / User’s login password.
Notes:
1. When you select the Add User to Server check box, the system displays a Password field in the lower portion of the window. Normally, you assign a database password when you create a database login ID.
2. This field appears only if you have selected the Add User to Server check box.
Name (Last, First, MI) / User’s last name, first name, and middle initial. A separate field is provided for the entry of each.
Windows Login / If you are using Windows Authentication, enter the user's Windows (network) login in this format: DOMAIN/User.
Notes:
1. Windows Authentication is available with TMWSuite V.2005 build 2005.04_10.0211 or higher.
2. For more information, see the “Using Microsoft Windows Authentication to connect to TMWSuite” chapter in this guide.
System Administrator / Options are Yes and No. A value of Yes indicates that the user has the authority to perform functions reserved only for a TMWSuite system administrator. For most users, set this field to No. This authorization applies only to TMWSuite.
E-Mail Address / This is a custom field. Leave it set to UNKNOWN unless directed to do otherwise by TMW.
RevType1 / This field ties the user to a RevType1 classification.
Your company may have the system set up to have the user's default RevType1 value appear in the RevType1 and the Bk:RevType1 fields when he/ she creates an order in Order Entry or Dispatch. This happens when the SetRevType1DefaultFrom=L setting is in the [Order] section of your tts50.