Specifications

System Security 149
ID Works Standard and Enterprise Version 5 Administrator’s Guide
User Privileges
As a System Administrator, you determine what actions a user can
perform when you add a new user. You can also change an existing
user’s privileges. In either case, a wizard enforces dependencies
among privileges.
You can base privileges on an existing user. For example, you can
create a generic Production operator user, ProdOp, that has the
privileges you want all your Production operators to have. Then,
when you need to authorize a new Production operator, you can copy
privileges from the ProdOp user, adding and deleting privileges as
necessary for the new Production operator.
You can restrict users to certain projects. For example, a school
might hire temporary workers to help with enrollment at the start of
the term. If you restrict those workers to the ID Works project for
enrolling students, they will not be able to access other ID Works
projects, such as the one for making faculty IDs.
There can be more than one user with System Administrator
privileges, and there must be at least one user with System
Administrator privileges at all times. To ensure that you do not delete
the last System Administrator, you cannot delete your own user
account.
Locating the Users File
If all your ID Works Production users have access to a network and if
you choose the Custom Install option when installing your ID Works
software, you can install the users file (the file that contains user
account information) on a server. Placing the users file on a server
will prevent accidental deletion of the users files from individual
computers. A single, server-based users file also reduces the time
you must spend on maintaining user account information (you only
have to maintain one file) and ensures that users will have access to
the ID Works software no matter which computer they use.
The ID Works users file is protected by setting the security
permissions on the folder where the file is located. You should deny
Delete and Delete Subfolders and Files permissions for the folder.
These permission settings allow users access to the file for logging in
and changing their password, but do not allow access to the folder so
that the users file could be deleted or overwritten.