SecurityUpdateAddUserGroup and SecurityUpdateAddUserGroupPwd

This method updates or adds the database security credentials. This script call creates or updates the BIC users, roles, and groups.

When updating the security policy of BIC through a custom script, only the database tables update. You cannot modify the project security after a script update.

  • Use the SecurityUpdateAddUserGroupPwd method to import user accounts with predefined passwords.
  • Use this method between SecurityUpdateStart and SecurityUpdateCommit.
Note: If a user existing in the DB is not presented in SecurityUpdate, then the user is considered as being deleted from the system and marked as "deleted = true".

The user is recovered and marked as "deleted = false" as soon as the user is present in SecurityUpdate.

The password updates only at creation or recovering of a user. If an administrator needs to change the password for a script imported user, the administrator first needs to exclude the user from the SecurityUpdate call so the user is deleted, and then re-add the user with a new password into the next iteration of the SecurityUpdate.

Note: The minimum character length for a password is 7, the maximum character length is 20. The password must include both alphanumeric and numeric characters.

Syntax

SecurityUpdateAddUserGroup (UserName as String, ExternalGroupID as Long, UserRole as String, UserDomain String)
SecurityUpdateAddUserGroupPwd (UserName as String, UserPassword as String, ExternalGroupID as Long, UserRole as String,UserDomain String)
Parameter Description
UserName The user name to create or update within the database. These are the user credentials to enter to log on to the system. If Domain is populated, the user must enter MyDomain\UserName for logging in to the verification application.
UserPassword This password applies only when creating or recovering a user. For those auto-imported users that were previously imported into BIC, the password remains unchanged.

Use case rules

  • Auto-imported users with empty passwords are required to set their password upon first login.
  • Auto-imported users with non-empty passwords are not required to change their password upon first login. However, if the password does not meet the minimum requirements, the user will be prompted to change their password upon first logon.
  • Auto-imported users who already changed their password upon first login are not required to change their password again.
ExternalGroupID The external group ID is a security number. A batch and a user are assigned a group ID that enables the user to verify only batches that fall under the same group ID assigned to that user.
UserRole The user role assigned to the Verifier user.

The role can be one or a logical combination of the following text strings.

  • ADM: Administrator
  • AEB: Authorization for External Batches
  • SET: Can access settings
  • VER: Verifier user
  • SLV: Verifier supervisor (learnset nomination)
  • SLM: Learnset Manager (global learnset manager)
  • FLT: Filtering
The following combinations of roles are possible.

Create a user with Verifier and Filter roles, but with no SET role: 

 Project.SecurityUpdateAddUserGroup "User2", 999,
											"VER|FLT", "BDomain"

Create a user with Verifier, Settings and Filter roles: 

Project.SecurityUpdateAddUserGroup "User2", 999,
											"VER|SET|FLT", "BDomain"

Create a user with Verifier role only, with no SET and FLT role: 

Project.SecurityUpdateAddUserGroup "User2", 999,
											"VER", "BDomain"
Note: There is no need to combine SET/FLT roles with ADM, SLV, or SLM as these already contain FLT and SET roles by default.

Sample Code

The example below updates the database user security on a regular basis. The script can be modified to lookup users/roles and update the BIC user table. 

Private Sub ScriptModule_UpdateSystemSecurity(ByVal InstanceName as String)
   Project.SecurityUpdateStart
   Project.SecurityUpdateAddUserGroup "User1", 777, "VER|SET", "BDomain"
   Project.SecurityUpdateAddUserGroup "User1", 999, "VER|SET", "BDomain"
   Project.SecurityUpdateAddUserGroup "User2", 222, "AEB", "BDomain"
   Project.SecurityUpdateAddUserGroup "User10", 777, "ADM", "BDomain"
   Project.SecurityUpdateAddUserGroupPwd ("User2", "pass", 777, "VER|FLT", "")
   Project.SecurityUpdateCommit
End Sub

See also