The Log in security of Icare is performed in two layers, the first at the server level and the second in the Icare software.
This document describes how to manage users primarily within the Icare software with the minimum of management at the server level.
This is achieved with a single login and password setup on the server and those details are then shared by everyone logging into icare. With that login prepared the rest of the management is performed in the Icare software.
Manage Data Sources
Each installation of Icare has its own configuration called Data Sources. You can access and modify that configuration from the Log in page of Icare by clicking the Manage Data Sources menu on the left.
For a Shared Authentication setup you will need to the configuration as below when you Add or Edit a Data Source:
- Prompt for
User name and password
- Shared Login
(the shared login on the server)
- Shared Password
(the shared password on the server)
Each person logging into Icare will need their own User record in the Manage Users section of Icare. From the Home page click Management then click Manage Users.
Each user has a login. This is what they type into the Log in page to identify themselves. Some example logins might be:
Use whatever scheme is comfortable for you.
To assign a password to a user in Icare, first navigate to the Manage Users page.
If you Add a user you will be asked to Set Password as part of the entry process.
To assign or change a password for an existing user you need to first double click the user or click the View User menu. Then you can use either:
the Set Password menu, or
the Reset Password menu.
The Set Password menu will require you to enter the existing password before entering a new password.
The Reset Password does not require you to know the existing password before entering a new password. But you will need to have the Drop User permission. See the User Roles section below.
The Set Password page contains a Required? field with two options:
- Ignore password when logging on
Select this if you do not want to enter a password whilst logging in.
- Check password when logging on
Select this if you want to set a password that must be entered whilst logging in.
To stop anyone assigning or changing passwords you are advised to setup at least two User Roles, one role that can Reset Passwords and the other that cannot.
User Roles are managed on the Manage User Roles page accessed from the Home page by clicking Management then Manage User Roles.
Add or Edit roles with the menus on the left. For example, enter two roles named:
The simplest permissions would be the following:
click the Entry Permissions menu at the top,
highlight the first Default entry,
click the Add Permission menu on the left,
double click the Standard role,
enter Add = Allow,
enter Edit = Allow,
enter Delete = Deny,
enter View = Allow,
click Save Changes.
The Delete = Deny step is the important one. That means standard users cannot delete any type of record. And importantly, they also cannot Reset passwords, to change (or Set) a password they must know the existing password.