Users - User Accounts

User Accounts maintenance is found in the "SODA Administration and Security" section which can be found in the menu bar on the left hand side of the page once logged in. When the system is first set up, there is one user "admin" which has full access to everything. It's vital that the password for the admin account is changed immediately to prevent unauthorized access to the system. Only trusted people should have access to User Accounts. Groups and specific individuals can be given and denied access to User Accounts in Default Security and User Security.

You may add new users or modify existing user accounts, change their passwords, user types, or time zone.

Each individual who will access the system is provided his or her own account. Sharing of accounts is not recommended.

Users cannot be deleted if they are used in a number of places elsewhere in the system, such as if there are still rows in the audit trail. Note that you are able to delete users if used in some other places, such as if that user has added comments to the system. The system may still display the username, even if it can no longer find a user associated with that username.

User Name: May also be referred to as a "user account". You may not change existing user names, if need be, you may delete an existing account and create a brand new one. Please note that if you delete all user accounts you will prevent any access to the system. If this should occur, contact your system administrator who can create an account in the "backend". Usernames may be up to 20 characters in length, may not contain space, and must contain only letters (a to z), numbers (0 to 9), the hyphen (-) and underline (_). Usernames are not case sensitive and all letters will automatically be shown in lower-case.

Password: The password should be sufficiently complex so that it will be difficult for somebody to guess. When people attempt to log into the system, they will have 5 attempts with the same username and/or from the same IP address. If this is exceeded, attempts will be prevented for the username in question and/or from the IP address being used for a time. By default, when users modify their own passwords, the system will enforce some rules intended to make their password hard to guess (eg. 6 to 20 characters in length, at least 1 lower case, 1 upper case, and 1 special character.) When creating a new user, these rules are not enforced. If you do not enter a password for a new user, the system will automatically make it the same as the username. Passwords may not exceed 20 characters in length and must not contain any spaces. In addition there are some special characters which are not allowed. Usernames and passwords should take effect within 15 minutes of them being entered. Passwords are not stored as text in the database, so if a user forgets his/her password, there is no way to recover it. The user should advise an administrator who can go into Passwords All and create a new password. At this time, users cannot reset their own passwords.

Real Name: You must enter something.

User Type: The system comes pre-loaded with 4 user types, Administration, Candidate, Regular User, and Restricted User. Users set to Administration will have access to all functions in the system. Other users initially have varying levels of permission to access options and perform actions. Permissions may be changed for any user types in Default Security." Please note it is possible to lock yourself out of the system by, for example setting all existing users to user types which do not have access to User Accounts. If this should occur, contact your System Administrator. The "admin" account has access to all functions in the system. To prevent a situation where all users are locked out, it is recommened that the security for the admin account is never changed, and every user is given his or her own account aside from admin.

Status: There are 2 available statuses, Active and Inactive. If a user is set to Inactive, he or she will be able to technically log into the system, but they will be informed that their account is not active, advising them to contact the System Administrator. Please note if you make all existing accounts inactive you will effectively deny access to everybody.

Primary Email Address: The primary email is optional but may be used in future to send alerts from the system automatically.

Time Zone: Entering the time zone will allow the correct "Your Time" to appear at the top of every page.

Daylight Saving Area: Entering whether or not dalight savings time is used by the user will help to allow the correct "Your Time" to appear at the top of every page. Not that daylight savings periods need to be maintained in the Daylight Saving and Daylight Saving Areas options.