7.1.1 Setting the security settings for user accounts Prerequisites
You are logged in as administrator.
1. Open the Admin tab. Click on the Account entry.
2. Open the Settings tab.
Only applicable to users belonging to the user group Administrator.
Admin
Period of validity for
passwords • Define the period of validity for passwords in days.
After the period of validity has expired, epBlue will prompt the user to change his password.
• Enter 0 (zero) for an unlimited period of validity for passwords.
Allowed maximum
number of login retries • Define the maximum number of unsuccessful log-in retries.
If a user exceeds this number by entering an invalid password several times in
succession during the log-in process, epBlue will automatically lock the user account in question.
A locked user account can be unlocked again by a user belonging to the user group Administrator.
User accounts belonging to the user group Administrator are not affected by the locking of user accounts.
epBlue™ GxP — Software manual
3. Click on the Apply button to apply the settings.
Click on the Reset button to discard any changes made to the settings.
4. The Please enter reason dialog is shown when the settings are applied. Enter a reason for the change in the dialog, which is recorded in the audit trail.
7.1.2 Configuring the authorization scheme
You can individually define how many signatures are required for applications and logs in order to place these documents in authorized status.
1. Open the Admin tab. Click on the Signatures entry.
2. Open the Signatures tab.
3. Under Applications select the authorization scheme for applications (the default setting is Create -> Review -> Authorize).
Lock application after
user inactivity • Define the period of time in minutes, after which the epBlue window is automatically locked if the logged in user has not carried out any activity.
The logged in user must re-enter his password in the unlock window to unlock the epBlue window lock.
If the user enters the password incorrectly several times in the unlock window, the account will not be locked.
Hint!
A description of how to set up user accounts and define the period of validity of a user account is contained in the basic operating manual (see p. 5).
epBlue™ GxP — Software manual
4. Under Logfiles select the authorization scheme for logs (the default setting is Authorize).
In both cases, the following authorization schemes are available:
5. Click on the Apply button to apply the settings.
Click on the Reset button to discard any changes made to the settings.
6. When applying the settings, the Please enter reason window is displayed. Enter a reason for the change in the dialog, which is recorded in the audit trail.
Details on the authorization of documents are available separately (see Electronic documents on p. 11).
7.1.3 Defining signature rights
In epBlue, the rights for using digital signatures are defined for the user groups. To grant a specific signing right to a user account, you must assign the suitable user group to it.
To display the signature rights and other rights, open the Admin tab and click on the Group entry.
To set the signature right for a new or an existing user account, use the Member of setting of the New account or Edit account function. Additional information on this can be found in the basic operating manual (see p. 5).
Additional information on selecting suitable user groups is available separately (see User roles and user rights on p. 10).
7.1.4 Unlocking a user account
To unlock user accounts which have been automatically locked because an incorrect password was used, proceed as follows.
1. Open the Admin tab. Click on the Account entry.
2. Open the Edit tab.
3. In the Account list area, select the locked user account.
Create -> Review ->
Authorize
Three signatures from three different users are required to place the document in authorized status.
Create -> Review One signature each with the meaning created and authorized is required from two different users in order to place the document in authorized status.
Authorize One signature with the meaning authorized is required to place the document in authorized status.
User group Signing applications Signing logs Signing PDF files
Guest – – –
User Level 1 Created Created –
User Level 2 Created, reviewed Created, reviewed –
Administrator Lab Created, reviewed,
authorized Created, reviewed,
authorized Archive, PDF export of
applications and logs, IQ protocols
Administrator – – Archive
Hint!
If the system locks a user account, this is recorded in the audit trail with the log type False Login User Disabled.
epBlue™ GxP — Software manual
4. Click on Set a new password.
5. Enter a new password for the locked user account and click on the Submit button.
The user account is now unlocked. The user can log in with the new password.
The process of unlocking a user account is recorded in the audit trail with the log type Password Changed.
7.1.5 Deleting a user account
Only applicable to users belonging to the user group Administrator.
Admin
Hint!
• You cannot delete a user account as long as signed applications are stored under it. If necessary, archive all of the user's signed applications in order to remove them from the system (see Data archiving on p. 37).
• After a user account has been deleted it is no longer possible to create a new user account with the same user name. Thus, the system ensures that user names are unique during the entire period of system operation.
• After a user account has been deleted, any of the affected user's signatures in the system continue to remain valid and the digital certificate of the deleted user account can still be exported (see Exporting digital certificates on p. 22).
epBlue™ GxP — Software manual
To delete user accounts, proceed as follows.
Prerequisites
There are no signed applications stored under the user account to be deleted.
1. Open the Admin tab. Click on the Account entry.
2. Open the Edit tab.
3. In the Account list area select the user account to be deleted.
4. Click on Remove account.
The user account details are displayed.
5. Click on the Remove button and confirm the deletion.
6. Enter the reason for the deletion (appears in the audit trail) and confirm.
The process of deleting a user account is documented in the audit trail with the log type User Deleted.