In Lobster Data Platform / Orchestration, a user is an acting person whose rights depend on the role and the company referred to for the context of a session. Multiple roles and companies can be linked to the same user account. Distinct assignments of exactly one role or company will be applied automatically for each login. Otherwise, the user is prompted to select a distinct role and/or company by a second dialog when logging in.

For an extensive description of the interaction between role and company with respect to permissions, please refer to the chapter Roles and the examples in the Tutorial. In brief, roles control, which permissions are categorically granted by the system for a user referring to a role, whereas the context of a company determines which type of access is effectively applicable to individual data objects. However, there are no user specific permissions in Lobster Data Platform / Orchestration. The essential influence of the user regarding permissions is to combine a role a company for a session, either by selection or default.

While ownership of data objects relies exclusively on companies, the status properties 'creator' and 'last modifier', automatically set for many data objects and date elements, refer to individual users. In contrast to the owner property, which is crucial for data access, these are of a rather informative nature.

The clear offset in significance between individual users compared to roles and companies with respect to Lobster Data Platform / Orchestration configuration is not a matter of coincidence. After all, the objective is an implementation of business logic, which would in most cases be described without mentioning individual employees. However, rules for Association criteria or Event handling can specify user accounts as criteria (see User rule), to achieve user specific behaviour or appearance.

Users

Users can be managed via the Users menu item by a combination of a list and details view.

images/download/attachments/62849923/image2018-10-2_11-36-21-version-1-modificationdate-1603449569921-api-v2.png

The list (1) area shows existing user accounts accessible for the current session. Depending on respective permissions, the user may click the ribbon button 'New' to add user accounts or select an existing user from the list to 'Copy', edit and 'Save' or 'Delete'.

Access to the system requires a unique Username, Password and Password confirmation (2). The user account can be set to Active (4) or inactive. Inactive users cannot log in.

The setting for Locale (5) selects the language pack for the user interface. This setting can be changed by the user from a session via Change locale, independent of access to the user account itself.

The value for Max concurrent sessions (3) limits the number of times a user is allowed to login in parallel.

An address (6) can be defined for the user. Next to typical attributes such as salutation, name, street, street number and city (etc.), the address can contain additional information and attributes (6). See the chapter Address book entries for more details. The details area for users can be customized with the Form designer via the menu item Entity forms for users.

The fields Roles (8) and Companies (9) determine the options the user can choose from as a context when logging in.

►NOTE◄ If there is only one role or one company assigned, it serves as a default and the selection in skipped. Inactive roles (see Roles) are not considered as an option. If no active role is available, the user cannot log in.

The ribbon button 'Show'/'Login history' (9) opens a history list of the selected user's sessions with data on login and logout times.

images/download/attachments/62849923/image2018-10-2_13-12-47-version-1-modificationdate-1603449569928-api-v2.png

The Login log shows when a user logged in or logged out and indicates from which client and which server. Additionally, the session is identified and the circumstances of the logout are indicated.

The following 'logout reasons' can occur:

Logout reason	Description
(no reason)	If the session is ongoing, no 'logout reason' is specified.
user	The user has executed a standard logout.
login_from_other	The user has terminated the sessions during a new login, not to exceed the maximum of concurrent sessions (see above).
timeout	The session was terminated automatically because the user was inactive for too long.
killed	Another user (see Id logout user) has terminated the session manually (see Active users).

References

Refer to the menu item Active users to monitor ongoing sessions.
Guest users can be created as an alternative to regular users.