The User List tab of the Admin Console allows you to create and maintain users and groups that use ERES to design or view reports and charts. The left-hand side of the dialog contains a list of all the defined users, and the right-hand side a list of all the defined groups. Normally these users and groups are stored in the ERES database, however ERES can be configured to retrieve the users and groups from existing systems including LDAP servers. To add a new user, click the Add New User button. This will bring up a new dialog allowing you to specify information for the new user.

Add User Dialog

For each user, you need to supply a username, an email address (for schedule delivery), and a password. Each user also has a primary role of a viewer or a designer which is assigned in this dialog. Viewers can see and run reports as well as build ad hoc reports using the QuickDesigner, but they do not have access to the core design/development tools, like Report Designer, Chart Designer, and Organizer. Designers have access to all the interfaces, but are restricted by licensing and can't change server settings and user privileges. Each designer user must be licensed by a developer seat. Administrator can view all the interfaces, change server settings, view detailed logs and modify user privileges. Each administrator must be licensed by a developer seat.

In the user list, you can quickly distinguish user roles by their color. There is a legend for that below the admin console.

Once you have finished adding information for the new user, click Ok and the new user will be added.

You can edit or remove a user by selecting it in the user list, selecting the function you would like to perform (edit or delete) from the drop-down menu, and clicking the Ok button below the user list. If you select to edit the user, a dialog will open allowing you to change the information for that user. If you select to delete the user, it will be removed. The original administrator user (admin) can't be removed.

	Note
	You can't edit users that have been read from LDAP (see the Section 1.4.1.4 - LDAP Settings chapter to learn more about LDAP users). If you select a LDAP user and click the Edit button, the following dialog will open.

Edit LDAP user dialog

You are allowed to edit only the user attributes, that have not been read from LDAP. The rest of the user settings can be edited on the LDAP server.

Also, LDAP user accounts can't be fully deleted. If you select a user that has been read from an LDAP server and click the Delete User(s) button, the user will be deactivated, but it will not be removed from the user list - it will be marked as LDAP user without access.

To add a new group, click the Add Group button under the group list. This will pop-up a new dialog prompting you to specify information for the group and select members.

Add Group Dialog

For each group, you need to name the group, and select members. Members can be individual users or other groups. To add group members, select users and/or groups from the left-hand side, and click the Add button. You can make multiple selections (or de-selections) by holding down the CTRL key when clicking on the user/group.

Once you have finished adding members to the group, click the Ok button and the group will be added.

You can edit or remove a group by selecting it in the group list, selecting the function you would like to perform (edit or delete) from the drop-down menu, and clicking the OK button below the group list. If you select to edit the group, a dialog will open allowing you to change the information for the group. If you select to delete the group, it will be removed.

There is also a button to set security levels for users and groups. Details for the security level dialog can ben found in Section 1.4.1.1.3 - Setting User/Group Security Levels.

You can view all of the user and group relationships by clicking the View User/Group Relationships button. This will bring up a new dialog that shows all of the users and which groups they belong to in a tree format. If the user or group has a certain security level assigned to them, you will also see the name of the security level in brackets.

User/Group Relationships Dialog

1.4.1.1.1. Importing Users and Groups

In addition to adding users and groups via the Admin Console manually, you can directly import users from a delimited file. To import users, you must have a CSV file with the following structure:

[username],[password],[fullname],[email],[role],[groupname],[security level]
            

username is the user login name, password is the user password, fullname is the user's full name, email is the users email address, and role indicates the user's primary role either designer, viewer or admin. The groupname field indicates which group the user belongs to. If that group has already been defined then the user will be added to the group. If the group has not been defined a new group will be created. A sample import file might look something like this:

"amy", "12345", "Amy Swansen", "aswansen@quadbase.com", "admin", "Marketing","Security Level 1"
"tom", "12345", "Tom Weeks", "tweeks@quadbase.com", "designer", "Executive","Security Level 2"
"sarah","12345", "Sarah Jensen", "sjensen@quadbase.com", "viewer", "Marketing","Security Level 1"
            

If you have a convenient delimited file with users that you want to import into the ERES, log in as an administrator and then open the Admin Console. Make sure you are on the User List tab.

In the Import User List from Text File section, there will be a Choose File or Browse button allowing you to import the delimited file. Click on the button.

User List tab of the Admin Console

	Note
	The Choose File button may be different in other web browsers (the screen shot was taken in Safari), but it will always do the same thing - if you click on the Choose File (or Browse) button, a browse dialog will pop up allowing you to select a file.

Select the delimited file and confirm the browse dialog. The following message should show up confirming that the users, groups and security levels were imported successfully.

1.4.1.1.3. Setting User/Group Security Levels

On the User List page, there is also a button to Set Security Levels. When you click this button, a dialog will pop up allowing you to create, remove, and configure security levels within ERES. For more information regarding security levels please see Section 2.3.3 - Security Levels.

Set Security Levels Dialog

To add a new security level, click on the Add Level button and provide a level name. You can add any number of users and groups into each security level. To do so, click on the security level name in the list box and click the Add Member button. This will present a dialog allowing you to select existing members and groups and add it to the security level. You can also remove members and security levels by selecting the item and using the Remove Member and Remove Level buttons respectively. Click Done when you are finished.

Please note that all security level changes will take effect immediately.

The Setting Info tab contains configurations and settings critical to the way ERES functions.

Setting Info Dialog

The first category, System Settings, presents the server information.

Please note that changing protocol here is not enough to setup the system to work with SSL. You also have to configure your application server and update URLs of the existing files in Organizer. The recommended way is to reinstall your product and use the HTTPS option in the installer that sets up everything automatically (see Section 1.3.1 - Installing ERES for more details). It is not enough to do upgrade install, you have to perform full installation. Be aware that full installation overwrites internal ERES database, so you loose all the files inserted in Organizer. Please back them up before making the full installation.

If you cannot or do not want to make the full installation, you can still configure SSL manually. To do that, please follow these steps:

If you are switching from HTTPS to HTTP, use similar instructions. Just replace HTTPS with HTTP and skip generating the SSL certificate.

Database Repository

The second category ERES Repository describes the current database configuration options. You can use either a database connection or through JNDI. For database, you need to specify the following information.

You can use the Database Syntax Assistance drop down box to help in set up the connection by setting up a template of the URL and Driver.

Note that if you make a mistake while entering the database connection details, it may cause ERES not to run properly. In that event, the only way to correct it would be to be open <ERES Install Directory>/WEB-INF/classes/QB.properties file and edit the entries for DatabaseUrl, DatabaseDriver, DatabaseUserName and DatabasePassword. Depending on how the file was generated, the entries may not be grouped together.

The following is an image of the JNDI connection options. Not all components need to be completed in order to connect to the JNDI server.

JNDI Repository

Mail Settings allow you to specify the SMTP information that ERES will use when sending scheduled e-mails to users.

Mail settings

Clustering & Load Balancer Settings are used when you want to run ERES in a Clustered environment.

Clustering & Load Balancing

The Server Options tab contains a number of server configuration options.

The following configuration categories are available from this tab:

Once you've specified any changes to the options on this tab, click the Save Settings button to save the changes.

	Note
	The changes will not take effect, nor will your changes display in the Server Options tab until the server is re-started.

These options can also be directly entered into a Server Command text file. For more information for the Server Commands, please see Appendix 1.B - Server Commands.

1.4.1.3.1. Secured Parameter

ERES contains a feature which allows you to filter data based on a user's security level within the QuickDesigner, Dashboard Builder, Dashboard Viewer and Published Files.

To set up and configure this feature, go to Server Options in the Administration Console, select the Security Options category, Enable Secured Parameters (if it is not checked), and click the Update Secure Parameters button. This will take you to the following dialog.

Secured Parameter Dialog

By default, there will be a secured parameter set up for Customers.Region in the HSQL database. You can add more secured parameters at any time by using the Add or CopyDB option at any time. The Copy DB option will copy the database connection information so you don't have to type it in again. Once you have created a new secured parameter or selected an existing one, the options on the right will enable. Fill in each of the options.

Parameter Name:

This is just a name for the Secured Parameter, you can give it any name.

Database Type:

This is a syntax assistence drop down box. Selecting the database will place default URL syntax and default JDBC Driver in the corresponding fields. You can then go into the URL and fill in the server specific information.

Database URL:

Specify the URL for the database you would like to apply the Secured Parameter on. Use the Database Type drop down to assist in the syntax.

Database Driver:

Specify the driver or use the Database Type drop down to use the default database driver.

Table Name

Specify the table you would like to apply the Secured Parameter.

Column Name:

Specify the column you would like to apply the Secured Parameter.

Data Type:

This field will automatically be configured and is only displayed for verification.

Allow Multiple Values:

This will determine if security levels will each be able to access only one value or multiple values. If you select multiple values, the Values drop down box will become a list box allowing you to select multiple values.

Security Level:

Go through the security levels on the system and specify a value or values for each security level. The first time you select a security level, you will need to click the Update Values List button to retrieve a list of available values for that column.

Values:

The Update Values List button will launch a prompt for username and password to this database the first time it is run. Once you have supplied the information, it will retrieve a list of available values for the specified column. You can map a security level to one or more (if multiple is checked) values by clicking and highlighting the row of data. You can also use the Grant All option which allows that security level to view all data in that column.

Once you have set up mappings for secured parameters, click the Done button. That should bring you back to the Admin Console. Click the Save Settings button. You will be reminded to restart the ERES server. Confirm the message, go back to the ERES start page, shut down the server and then start it again.

After the server has been restarted, the secured parameters settings will carry through to the QuickDesigner, and Dashboards in ERES. To illustrate the concept, let us walk through a simple example.

Suppose you have a secured parameter set up for the REGION column from the CUSTOMERS table in the Woodview sample database. It specifies the behavior of the filter for six different security levels. For level East the query will be automatically filtered so that only rows where region is East will be returned. For level South the query will be automatically filtered so that only rows where region is South will be returned. For the level Midwest only rows where the region is Midwest will be returned. For the level West only rows for West region will be returned. The Allow Multiple Values attribute allows you to indicate whether multiple parameter values can be specified for the filter, like mapping the EastSouth security level to both East and South. For level Executive, Grant All is selected and all values from the region column will be available.

With the options set up, any time a user creates or runs a query, data view, or data view query in the QuickDesigner that includes the CUSTOMERS table, the filter defined for their security level will be applied. These settings reside on the server, and are not saved into the report, chart, or dashboard. Therefore if the user then creates and saves a report in QuickDesigner and transfers the report to another machine, the security will not be apply. Instead, it will follow the security settings sepecified on the new Server.

For information about applying security filters to data views and data view queries, please see Section 2.4.3.3.3 - Data View Security.

The LDAP Settings tab in the Admin Console provides options that allow you to configure ERES to retrieve users from an LDAP server. To set the LDAP connection, select Use LDAP Security Provider option. The following dialog should open.

LDAP Settings Dialog

The dialog contains example setting.

To the Storage Root field, enter the distinguished name of the AD node that contains all the users you want to import.

By default, only the given AD node (i.e. the Storage Root node) will be searched for users, excluding it's sub-nodes. If you want to search for users in the storage root node and all of it's sub-nodes, select the Include Subtree option.

In order to connect with ERES you will need to have an user in your LDAP server that can read from the Active Directory. Enter the user's distinguished name in to the User DN field and then type the user's password to the Password field.

Click on the Save Changes & Test Connection button. If you set the LDAP correctly, the following dialog will show up.

Click OK. The LDAP users were imported, but haven't been activated yet. To activate the users, click on the Users List tab.

There are some users marked as LDAP users without access in the Users list (user roles are distinguised by their colors - there is a legend for that below the AdminConsole).

Select one or more LDAP users without access. The Insert LDAP User(s) button will show up'. Click on it.

	Note
	If you include a non-LDAP user in the selection, the 'Insert LDAP User(s)' button will disappear.

A new window dialog will show up allowing you to select user role for the selected user(s). To learn more about user roles, visit the Part 2, Chapter 3.1.1) User List chapter. Select a user role and click Ok.

The users will not be marked as LDAP Users without access any more. Their color changed from dark red to light red (if you gave them admin privileges), blue (if they are designers) or black (if you gave them viewer rights). They are valid ERES users and they can start using the ERES now.

ERES can be customized to maintain a consistent look and feel for your web application. The customization tab allows the administrator to change the appearance of many components in ERES. When customizing, it is recommended that you save your images and files under different names rather than overwriting existing files in the ERES. This way, you will not have to worry about future updates overwriting your changes.

The Customization Interface

The left window provides a tree of the different elements that can be customized. The customizable elements are broken up into sections based on the components in the ERES application. Most sections contain three types of elements: images, text, and CSS files. By clicking on an image element, the page will display the description, an image URL, and a target URL if available. You can change the image file by providing a different URL. Clicking on the Preview button will display the image at the bottom of the screen. The preview window is only available for images, clicking on a text or CSS element will disable the preview window. The target URL is only available for certain elements. If the selected element allows for a target to be set, this text box will appear beneath the image URL box. Enter a URL in this window if you would like to add a hyperlink for this image. If this link is provided, when users click on the image, the browser will be redirected to the target URL.

Preview Image

If you select a text node, the page will display the description and a text value. Change the text value to adjust the message or link for this element. The text will be used directly in the ERES application, so you can enter any html tags in the tool. Certain elements also contain a link (e.g. ERES Main Page → Text → View Published Reports Link). You can utilize this to redirect the user to another URL if you are not using the default components. For example, if you are using a customized Menu Page, you can modify the link for the Published Files element to point to your customized page. Editing the text value also gives you the ability to add even more CSS to the page.

Customizing Text

Changing the CSS file is quite straightforward, simply enter the url for the new CSS file. It is recommended that you make a copy of the original CSS file and edit the copied version so that future updates will not overwrite your changes. As mentioned earlier, you can specified new CSS elements in customized text elements and enter the style in your CSS file.

When you change the values for any element, the Customized box for that element will automatically check. If you wish to revert back to the default value for this element, simply uncheck the Customized box and choose Okay from the pop up dialog. If you wish to reset all elements to their default values, click on the Reset to Default icon at the bottom.

Once you are finished with your changes, make sure to click Apply Changes to save all changes. To see the changes appear in the ERES application, you will need to shut down the ERES Server and restart it.

There are two full customization examples in the help/examples/Customization folder. To try these examples, rename the ERESCustomization.xml in the ERES root directory and copy the ones from the example directory. Start (or restart) the ERES Server and you will immediately see the changes.

Customization Results

Using this feature, you will be able to alter the look of the application quickly and easily without fear of your changes being overwritten by future upgrades. For image and CSS files, we also add an option that will check the CRC values of the default files to see if these files were changed. After upgrading to a new version of ERES, make sure to click this icon to see if any default files have changed. Sometimes, these changes may need to be implemented in your customized files as well. If files do not match the stored CRC checksum, the tree on the left side will display the elements surrounded by stars.

Default File has Changed

Once you have checked the changed files, reset the CRC checksum by clicking on the button on the bottom right corner. This will recalculate the CRC value for every default image and CSS file.

ERES Main Page

While on the subject of customization, there is another option available that allows you to change the look and feel of ERES. ERES Main Page, the gateway to the many components in the product, has been updated to provide easier integration into your web application. In addition to the original index.jsp page, there is also a second main page index2.jsp that relocates the main sections of the page (ERES Server, Login, Launch) into their own frames. Following this example, you can place these components into your own web application in any way you choose.

ERES in Web Application

For example, the ERES Server and Administration Console component is typically only used by the admin. Therefore, you can place this component on an administration page that is not available to the public. If you are using a different database for user authentication, you may chose to omit the login frame all together and only display the launch frame once users have logged in on your site. Using these modularized frames greatly increase the options you have to integrate the application. This feature in conjunction with the Customization tool makes application integration a simple yet effective process.