Managing Users

From ProcessMaker

Contents 1 Introduction 2 Users 2.1 Creating New Users 3 Groups 3.1 Creating Groups 3.2 Assigning Users to Groups 4 Departments 4.1 Create a New Department 4.2 Edit Department 5 Roles

Introduction

ProcessMaker organizes system users into users, groups, departments and roles.

• User: A user account in ProcessMaker, which usually represents a person in your organization, but can also represent an account with special privileges such as the "admin" account.

• Groups: Users can be assigned to zero, one, or more groups. A group of users simplifies the assignment of tasks. For example, a Help Desk process may involve a pool of customer support clerks, all belonging to a user group named Customer Support.

• Departments: Arranges the users under a organizational structure.

• Roles: Makes it possible to define customized roles with different levels of permissions, so that the functions and privileges of different users can be easily controled and managed.

• Authentication Sources: Defines an external user authentication source such as LDAP or Active Directory to be used by ProcessMaker. An external authentication system allows users to login once and gain access to the resources of multiple software systems.

Users

Go to the USERS LIST tab under the USERS menu to see a list of the user accounts registered in ProcessMaker.

• Search: To find users, enter text found in the full name or emails of users. (From version 1.2-2740 on, the search will include the username as well.) After entering text in the Search box, press Enter to filter the list of users. To remove the filter, delete the text and press Enter again. To do a wildcard search, use "_" (an underscore) to represent any single character and "%" (a percent sign) to represent any number of characters including spaces and zero characters. For instance, "am%o" would find "Bamos Andrew", "Amy@colosa.com" and "Ram Powell". To search for the literal characters "_" and "%", use "\_" and "\%". Note that the search is case insensitive.

The following columns provide information about the user accounts:

• Full Name: This column displays the last and first name of each user.

• Username: This column displays the username.

• Email: This column displays the email for each user.

• Role: This column displays the current role of each user account. There are two default roles: PROCESSMAKER_ADMIN and PROCESSMAKER_OPERATOR. User accounts assigned the PROCESSMAKER_ADMIN role are enabled to create, modify or delete existing processes. User accounts assigned the PROCESSMAKER_OPERATOR role are meant for production mode, with access limited to the CASES interface. Additional roles can be defined to give users a different set of permissions.

• Due Date: This column displays when a user's account is scheduled to be deactivated.

• View link: Click this link to display information about the selected user's account. This information can be altered by clicking on the "Edit" link in the upper right-hand corner of the window which will appear.

• View Groups link: Click this link to see the groups to which a selected user belongs. To remove a user from a group, in the window which appears, click on the "Delete" link to the right of each group. To add a user to a new group, click on the "Assign group" link and select a group.

• Delete link: Click this link to delete a user's account.

     In order for an account to be successfully deleted, two conditions must be met:

1. The user's account can't be a member of any group.
2. The user's account can't have any assigned or completed activities.

     In general, it is easier to simply deactivate an account by switching its status from Active to Inactive.

• Authentication link: Click on this link to configure the external authentication of ProcessMaker users. For organizations which utilize directory services and user access controls, ProcessMaker can be integrated with Active Directory and LDAP (Lightweight Directory Access Protocol). For more information, see External User Authentication.

It is possible to customize which fields will be displayed in the table of user accounts. Right-click on the top of the table in the header area to display a list of the different fields. Select the check box next to each field to activate or deactivate it.

By default the table of users is listed in order by their full names, but the table can be resorted by a particular column by clicking on its header. A arrow will appear next to the header showing whether a column is sorted in ascending or descending order. Click on the arrow to reverse the order.

Creating New Users

Click on the "New" link at the upper left corner of the Users List to create a new user account. Fill out the form and click on the Save button. All required fields are identified by an asterisk (*).

Most of the fields in the form are self-explanatory. We will only clarify the meaning of some of them.

• User ID: The account name that should be provided when the user logs into the system. User ID's can contain letters, numbers and underscores. User IDs can also contain uppercase characters, but they are not case sensitive when logging in.

• E-mail: The email address of the user, which can be used to deliver e-mail alerts concerning open cases.

• Country: If a country is selected which has a known set of locations, then two extra drop-down boxes will appear for State or Region and Location. For other countries, enter the location information in the Address field.

• Expiration date: The date when the account will no longer be allowed access to the ProcessMaker platform.

• Calendar: This drop down box field lists the current calendar for the workspace that the user can have.

• Status: If set to Active, the user is permitted access to the platform. If set to Inactive or On Vacation, the user is denied login access.

• Role: Defines the permissions assigned to each account. ProcessMaker includes the default roles PROCESSMAKER_ADMIN and PROCESSMAKER_OPERATOR (and PROCESSMAKER_MANAGER from version 1.2-3862 on), but other roles can be created for more customized permissions.

• Password: A string of at least 5 characters, which can include spaces and symbols. For greater security, it is recommended to include upper case letters and numbers in the password. To force users to use more secure passwords, see Customizing Authentification.

Groups

Groups are a way to organize users and to simplify the assignment of tasks to multiple users. In the example of the Purchase Request process, the task of "Initiate task" could be assigned to the "Employees" group, which would include everyone in the organization. In that way, anyone in the organization would be able to start a Purchase Request case. If the organization has 2 accountants and both are assigned to the "Generate Receipt" task, then an "Accountants" group could be created and assigned to the task rather than assigning each accountant individually. Assigning groups, rather than individual users will eliminate a lot of hassle for the designer of processes, since it can be difficult to remember to include every individual user when assigning tasks.

Assigning tasks to groups rather than to individual users is much more flexible, since each process process doesn't have to be modify when user accounts are deactivated or modified. Groups can be very convenient when there are frequent changes in personnel in an organization. If tasks assigned to a particular manager in dozens of processes, when that manager is transferred, each task will have to be reassigned to the new manager. In contrast, if the tasks are assigned to the group "Manager", then the only change will be to switch the one user in the group.

Creating Groups

To see the list of groups, go to the Groups tab under the USERS menu.

To create a new group, click on the New Group link at the top left of the list of groups. In the dialog box, enter the "Name" of the new group.

Set the "Status" to Active if the group is currently in use, otherwise set to Inactive. If Inactive no tasks which have been assigned to the group can be executed. Note that when a user's status is set to Inactive, he or she can't login or use ProcessMaker. When a group's status is set to Inactive, however, users assigned to that group can still login and use processmaker. They just can't execute any tasks which are assigned to the group.

After creating a group, it will appear in the list of groups. To edit its name and status, click on the Edit link link to the right. Likewise the group can be deleted by clicking on the delete link.

Assigning Users to Groups

A user account can belong to zero, one, or many groups; and groups can have many users. In other words, there is a many-groups-to-many-users relationship. To see which users are assigned to a group, click on the Members link. A pane will appear to the right displaying a list of users in the the group.

To add a user to group, click on the Assign link at the top left of the list. In the dialog box which appears, mark the checkboxes of all the users to add to the group and click the "Assign" link at the bottom of the list.

To do a case-insensitive search for a particular user, enter part of the first or last name of the user in the "Search" textbox and press Enter. To see all the available users again after doing a search, clear the "Search" textbox and press Enter.

To remove a user from an existing group, click on the Remove link of the selected group on the left pane and confirm in the popup question box to remove the user.

Departments

Departments are another way to organize users based on a Organizational Structure. Organizational structure determines the manner and extent to which roles and responsibilities are delegated, controlled, and coordinated, and how information flows between levels of management. This structure depends entirely on the organization's objectives and the strategy chosen to achieve them. Defining the organizational structure by creating the Departments and assigning a Manager/Supervisor for each Department will allow the process to flow the information easier. For example there are tasks that need an authorization a Supervisor/Manager, by creating the Departments this authorization will be easier to handle.

Go to the DEPARTMENT tab under the USERS menu to see a list of the departments and the users assigned to them.

The window has been divided in two panels:

• The left panel shows a Department's list with three options besides: Edit, New and Delete.
• The right panel is divided in two: the top panel that shows the department information and the bottom panel that shows a list of the users assigned to this department.

It is important to consider that the manager/supervisor of a department is filled automatically in the field Reports to, for all the users in the Department. The only exception is for the manager/supervisor, that has no sense for him to be his own manager/supervisor so his manager/supervisor will be the one from the parent Department.

When a manager/supervisor from a Department changes, there is an update for the dependent Departments.

Create a New Department

To create a New Department:

• Click on New in the left panel. A box named Department information shows with a field to insert the name.
• Type the name and click Save.

To create a New Department that depends on a department already created:

• In the Department list besides the name there are three options: Edit, New and Delete. Click on New. A box named Department information shows with the Parent Department's name and a field to insert the name.
• Type the name and click Save.

Edit Department

To edit a Department:

• In the Department list besides the name there are three options: Edit, New and Delete. Click on Edit.
• Now the right panel shows a form to edit the department and the Department's user list.
• In the form to edit the department define the following fields:

Name: A label to identify the Department's name.

Status: This drop-down box field is to set the department's field to active or inactive.

Manager/Supervisor: this drop-down box field gets a list of users from the department. The default value is No manager. Only one user can be assigned as manager/supervisor.

• In the user list, there is:

Assign users: This link option will assign users. When the user clicks on this option a dialog box shows a list of the users in the workspace in ProcessMaker, mark the check-boxes of all the users to add them to the group and click the "Assign" link at the bottom of the list. If the Department has no users the first time you assign users, ProcessMaker automatically will assign the first user as a Manager/Supervisor, this is done so the functionality for the Reports to will be able to work.

Remove: This link option will remove users from Department.

Roles

A role is a set of permissions to access specified functionalities and resources in ProcessMaker. Each user is assigned a role, which determines what actions that user can perform in ProcessMaker and what parts of the interface that user can access. The following table explains which permissions can be assigned to a role.

Permission	Description
PM_LOGIN	Option/Right to login into the system. Every Role should have this permission assigned.
PM_SETUP	Access to the "ADMIN" (formerly "SETUP"*) menu and permission to setup and modify "PM Tables", "Email" and "Web Services".
PM_USERS	Access to the "USERS" menu and permission to create, edit and delete users, groups and roles.
PM_FACTORY	Access to the "PROCESSES" menu and permission to create, edit and delete processes.
PM_CASES	Access to the "CASES" menu and permission to perform related options with cases.
PM_ALLCASES	Access to the "General" tab under "CASES", giving the right to view all the cases in the system. (This permission must be accompanied by PM_CASES in order to gain access to the "CASES" menu.)
PM_REASSIGNCASE	Right to reassign cases under certain conditions.
PM_SUPERVISOR	Right to become a supervisor in a given process
PM_SETUP_ADVANCE	Permission to access advanced setup options under the "ADMIN" (formerly "SETUP"*) menu, which are available in the "Plugins", "Languages" and "Upgrade System" submenus. (This permission must be accompanied by PM_SETUP in order to gain access to the "ADMIN" menu.)
PM_DASHBOARD	Access to the "DASHBOARD" menu and permission to easily view the progress of different cases.
PM_WEBDAV	Permission to use WebDAV (Web-based Distributed Authoring and Versioning) to upload and download files to the ProcessMaker server from the internet. See this wiki page and this blog entry for more info about configuring WebDAV.
PM_DELETECASE	Permission to delete cases.
PM_EDITPERSONALINFO	Permission for a user to edit his/her personal data such as Address, Telephone, etc.

* Before version 1.2-2552, the "ADMIN" menu was called the "SETUP" menu.

To create new Role please click on the New hyperlink from this window.

Once the Role is created, please click on the Edit link to assign permissions to the current role and assign the related permissions by clicking on the Assign option of this window.