Users Configuration
Contents
Short Description
Users create, edit, activate and deactivate users in MintHCM.
User Management
In this section you can manage user accounts and passwords.
Basic view of this section is a list of MintHCM users.
From this point you can create new user, using Create New User button on the left side panel.
Also you can edit each user by proceeding to its record view and clicking Edit button or instantly by clicking Pencil Icon.
Create new user
In this section you can create a new user of MintHCM. It opens after clicking Create New User button.
The section contains many fields in four tabs.
First tab - User Profile - contains general user information, such as position, status and personal data, Username, status and Last Name fields are required.
At the bottom of this tab, there are Email Settings.
Note Email Client field, where you can choose how the user will send emails. You can choose from:
- MintHCM Mail Client: Send emails using the email client in the MintHCM application.
- External Mail Client: Send email using an email client outside of the MintHCM application, such as Microsoft Outlook.
In second tab - Password - you can set new password for thew user.
If in Password Management you chose system generated password, this tab is not available.
In Advanced tab you configure usere's export/import preferences, reminders, date, time and currency format and so on.
Here you can also configure Calendar Options.
Publish Key - set to prevent unauthorized publishing of your calendar. If set, it generates URLs in fields below: Publish at my location, Publish at my location, iCal integration URL (Use this URL to subscribe to the MintHCM calendar within iCal).
Also, you can choose a First Day of Week displayed in Week, Month, and Year Views in Calendar.
Role Management
In this section you can manage role membership and properties. Roles allows to grant or restrict permission to access each module.
Roles are used to allow or restrict access to each pice of data in MintHCM, particularly modules and their records. There is a vast variety of configuration possibilities, so that each role can fit the needs of users.
Roles can be assigned to individual user or Organizational Unit.
Using left sidebar options, you can easily navigate through roles - using List Roles. And by using List Roles By User option you can select each user to preview their permission matrix and check to which roles they are assigned to.
Create Role
To create new Role, click Create Role button at top left side of Roles section.
Its quite simple, you just have to fill Name field (it is required) and eventually provide Description.
In second step, you should proceed to newly created Role record. Here you can set role's permissions for Accessing each MintHCM module. You can either Enable or Disable permission. You can also leave it as Not Set, which in fact equals to Enabled.
However, if user has several roles, that are contrary to each other, system will behave differently - it will take into consideration the most strict settings. So, if one role permission for module is Not Set and another is Disabled, in general permission is Disabled. If one role permission is Enabled and another is Disabled, in general, permission is also Disabled.
To edit permission click on Not Set text and choose permission value form the list. After all permission are set as wished, remember to save changes.
For Delete, Edit, Export, Import, List, Mass Update and View actions you can set several more options.
All - users will have access to all records.
Group - users will have access to all records assigned to members of the same group.
Owner - users will users access only to their own records.
None - users will not have access to this function for this module.
Assigning Users
To assign each user to a particular role, you have to go to role's record view and scroll to the bottom of the page. There, in the users subpanel, you can link an existing user to the role. To find a particular users, you can use filters.
Password Management
In this section you can manage password requirements and expiration
System-Generated Passwords
Enable System-Generated Passwords Feature - when this feature is enabled, users will be emailed a system-generated link to reset their passwords. Requirements for this feature are: 1) a outbound email server must be configured properly in Email Settings, 2) users must have valid email addresses in their user records
System-Generated Password Expiration - this option is enabled, only if system-generated password is also enabled. You can choose from:
- None
- Password Expires in [ ] [ ] - here you can set amount of time, after which the password will expire. You can choose between days, weeks and months and determine their number.
- Password Expires upon [ ] logins - determine number of logins after, which the password will expire.
Password Security Settings
Here you can set requirements that passwords must fulfill.
Password minimum length Information - if selected, password minimum length.
Password should contain uppercase characters - if selected, password should contain uppercase characters.
Password should contain lowercase characters - if selected, password should contain lowercase characters.
Password should contain numbers - if selected, password should contain numbers.
Password should contain special characters - if selected, password should contain special characters.
User Reset Password
Enable Forgot Password feature - when enabled, users will have the ability to reset their own passwords at the Login page. Requirements to use this feature: 1) users must have email addresses provided in their user records, and 2) an outbound email server must be configured in the Email Settings page.
Generated Link Expiration - when enabled, a link is generated by the system and sent to the user to allow the user to access the Reset Password page. You can also determine time, after which link will expire.
Enable reCAPTCHA Validations - when enabled, user will have to do reCAPTCHA Validation. Captcha is a challenge-response test used to ensure that the response is not generated by a computer. Obtain a Public key and a Private key from reCAPTCHA at http://recaptcha.net/.
Email Templates
In this section you can choose, create or edit email templates for emails regarding system-generated password, system-generated link to reset password and system-generated two-factor authentication code.
LDAP Support
Enable LDAP AuthenticationI - when LDAP authentication is enabled, passwords can only be handled through LDAP. None of the MintHCM Password Management feature settings will apply. You can find more information in your LDAP provider documentation.
SAML Authentication
Enable SAML Authentication - when SAML authentication is enabled, passwords can only be handled through SAML. None of the MintHCM Password Management feature settings will apply. You can find more information in your SAML provider documentation.
Organizational Unit Management
In this section you can create and manage Organizational Units.
Creating Organizational Units
Organizational Units allow for defining a set of permissions for a specific group of users. Using this module, we can create the structure of an organization by establishing parent and child groups. Each group can have different permissions for viewing, creating, editing, or deleting records in the system.
To set permissions for an organizational unit, you need to have a specific role created and assign it specific permissions. Instructions on how to do this can be found above.
To create a new Organizational Unit, click the Create an Organizational Unit button.
When creating a new Organizational Unit, you must provide its Name (this field is required). You can also write a Description or check the Not Inheritable option.
After creating a new organizational unit, users must be added to it.
To complete the process, add a role to the organizational unit. This way, all users added to the organizational unit will be granted permissions provided by the role associated with the organizational unit.
For example: If you create a role with all permissions set only to Owner, all members of the organizational unit will have Owner permissions. Thus, in the example below, both John Smith and Anna Williams have Owner permissions for modules because only the Owner role is configured in this way. Any other user added to the organizational unit will receive the same permissions.
Types of Organizational Units
When creating more complex organizational structures, it is beneficial to use Type field. This field is located next to the name and includes options such as Standard, Business Unit, Department, Team, and Other.
For example our structure of organization might look like this: we can designate a Business Unit type as encompassing our entire organizational structure. Then we can use the Department type and divide our organization into appropriate departments. Remember to fill in the Parent Unit field with a relation to the Business Unit when creating a department. Next, we can create units of the Team type corresponding to teams in our organization. Here too, remember to fill in the Parent Unit field with relations to units of the Department type. Permissions will inherit primarily from the Department unit and only then from the Business Unit unit.
Another configuration field is Not Inheritable - if selected, the organizational unit will not automatically be attached to any record.
Organizational Units Settings
In this section you can configure advanced options of Organizational Units.
Additive Rights - user gets greatest rights of all roles assigned to the user or the user’s organizational units. TODO
Strict Rights - if a user is a member of several groups only the respective rights from the organizational units assigned to the current record are used.
New User Organizational Unit Popup - if this is checked, a Organizational Unit popup will open when a new user is created, allowing you to add the user to a organizational unit.
User Role Precedence - if any role is assigned directly to a user that role should take precedence over any organizational unit roles.
Filter User List - with this selected, non-admin users can only assign records to users who are in the same organizational unit.
Use Creator Organizational Unit Select - adds a panel to a record creation screen if a user is a member of more than one inheritable organizational unit that allows a user to select one or more organizational unit (that the user belongs to) that should be associated with the newly created record. If a user is in just one organizational unit the normal inheritance rules will instead be applied.
Inherit from Created By User - the record will inherit all the organizational units assigned to the user who created it.
Inherit from Assigned To User - the record will inherit all the organizational units of the user assigned to the record.
Inherit from Parent Record - e.g. If a case is created for a contact the case will inherit the organizational units associated with the contact.
Inbound email account - locks down inbound email accounts in the email client to only list those that belong to the same group as the current user.
Default Groups for New Records - using this mechanism you can set organizational units that will be always attached to record created in a chosen module. You can add several of this dependencies.
Repair
The system repair function allows administrators to perform maintenance procedures on the MintHCM instance. Repair Function which will launch automatically after clicking a link. The menu with a list of repairs options is accessible only to administrator users and can be accessed through the administrative settings module. Navigate to the Administration module, then in Admin Tools section select the Repair option.
Recomended types of Repair
The most recommended functionis is Quick Repair and Rebuild, which is necessary, among other things, after installing a new module, for example, using the module loader or to display changes to code during development when Developer Mode is not set. When running this Quick Repair and Rebuild option, scroll down the page to check for any SQL code that may need execution to ensure the database tables are properly synchronized after the changes have been made. If we want to perform a full system repair, after Quick Repair and Rebuild we need to use functions:
- Repair JS Files
- Rebuild Javascript Languages
- Rebuild JS Compressed File
- Rebuild JS Grouping Files
- Rebuild Minified JS Files
You should also clear your web browser's cache.
List of Repair types
The following repair options are available in the menu:
Quick Repair and Rebuild - recommended form of repair and rebuild for DB, extensions, Vardefs, Dashlets MintHCM, etc.
Expand Column Width - expands certain char, varchar, and text columns in the database (MSSQL ONLY).
Rebuild .htaccess File - rebuilds .htaccess to limit access to certain files directly.
Rebuild Config File - rebuilds config.php by updating version and adding defaults when not explicitly declared.
Rebuild Relationships - rebuilds relationship metadata and drops the cache file.
Rebuild Schedulers - rebuilds out-of-the-box Scheduler Jobs.
Rebuild SuiteCRM Dashlets - rebuilds the MintHCM Dashlets cache file.
Rebuild Javascript Languages - rebuilds JavaScript versions of language files.
Rebuild JS Compressed Files - copies original Full JS Source files and replaces existing compressed JS files.
Rebuild JS Grouping Files - re-concatenates and overwrites existing group files with the latest versions of group files.
Rebuild Minified JS Files - copies original Full JS Source Files and minifies them, then replaces existing compressed files.
Repair JS Files - compresses Existing JS files - includes any changes made but does not overwrite original JS Source files.
Repair Non-Lowercase Fields - repairs mixed-case custom table(s) and metadata file(s) to fix issues where code expects lowercase field names.
Repair Roles - repairs Roles by adding all new modules that support Access Controls and by adding any new Access Controls to existing modules.
Repair Inbound Email Accounts - repairs Inbound Email accounts and encrypts account passwords.
Sync Inbound Email Accounts - sync Inbound Email Accounts and Emails.
Remove XSS - removes XSS Vulnerabilities from the database.
Repair Activities' end dates - repairs Activities' end dates (Calls, Meetings).
Enable/Disable Seed Users - quickly enable or disable seed users populated during a demo installation.
Remove missed files from the upload directory - please note that removal can take a lot of time.