Modifying user accounts

You can view and modify the details of an existing user account, such as all the user's group memberships, role assignments, and profiles.

Before you begin

Before you modify user information, see Planning user administration.

About this task

Depending on how user provisioning was configured in your system, you might be able to copy access from one user to another. For information about copying access, see Copying access from one user to another.

Depending on your delegated administrator permissions, you can perform certain functions when you modify a user account, such as editing user information, enabling or disabling a user account, and changing group memberships. For information about which permissions you need for each editing operation, see Administrator permissions for user-provisioning functions.

There are some constraints on your ability to make changes. For example, you cannot disable or lock yourself, the default Super Administrator (OpenPagesAdministrator), or the OPSystem user. You cannot remove a user from special user groups that contain all users, or all users who are not associated with any other user group.

If you are logged in as a Super Administrator, you can add or remove super administrator status from other user accounts. For more information, see Creating a Super Administrator.

Procedure

  1. Click Settings menu > Users and Security > Users.

    Or, in the Standard UI, click Administration > Users.

  2. Search for the user account that you want to modify.
  3. In the User Information section, you can perform one or more of the following actions:
    • Edit user details, such as email, first name, and last name. You cannot change a user name.
    • Disable and enable a user account. When an account is disabled, the user of that account is prevented from logging in, and the user is displayed as inactive and grayed out in user selector lists. If necessary, you can re-enable a disabled user account. User accounts cannot be deleted through the user interface in IBM OpenPages. Depending on how your system is configured, in addition to disabling the user, you can choose to remove their locale, profile, group membership, role assignment, or reports access.
      Tip: If you want to prevent a user from logging in, but you still want the user to appear in user selectors, disable the user and then update the user selectors to set Include Disabled to True. For more information, see Defining user/group fields (Task Focused UI) or Configure user and group selectors display types for simple strings (Standard UI) (Standard UI).
    • Lock and unlock a user account. Depending on your configuration, users might be locked automatically if they exceed a set number of unsuccessful login attempts. When an account is locked, the user of that account is prevented from logging in. The user is displayed as active but locked in user selector lists, and they can be selected. If you do not want the user to appear as active and selectable in user selector lists, disable the user account instead.
    • Reset the user's password or force the user to change the password the next time they log on. Passwords can contain up to 32 characters and cannot contain spaces.
      Important: If you use IBM OpenPages Loss Event Entry, do not modify the dedicated users' passwords by using OpenPages. Always use the Loss Event Entry Configuration tool. Also, the User cannot change password and Password never expires options must be selected for the dedicated user accounts.

      If LDAP authentication is configured, you can also change the authentication method for the user. Click Reset Password, and then click the Authenticate from list.

  4. In the Locale and Profile section, you can change the user's locale, change the Allowed Profiles, and select a different Current Profile.
  5. In the Group Memberships section, you can add and remove group membership assignments by clicking Associate Groups.
  6. In the Role Assignments section, you can add role assignments by clicking Assign Roles.

    You can remove role assignments that were assigned directly to the user. You cannot remove role assignments that are inherited from group memberships.

    When you remove a role from a user or group, the role assignment is explicitly removed from the user or group on a given entity. The user is not, however, disassociated from the security domain.

  7. In the Reports Access section, you can view the reports folder access that was assigned directly to the user and inherited from group memberships.

What to do next

If you removed a role assignment from a user or group, disassociate the user from the security domain.