Security Settings

IMS User management is regulated and monitored in the Security section of the Settings Menu. This section is used to configure Approval Levels, Roles, Users, and User Profiles, and keeps track of User Authentication Events.

Approval Level

Each IMS user is assigned an Approval Level (0, 1 or 2) for each processing Unit. Privileges can be assigned to each User in the Security section. A single User can be assigned to different Site / Plant / Units with different privileges.

To assign an Approval Level to a user:

• Click the Plus button.

• Click on the search button in the User Floc field to show the available Approvers by location (Site / Plant Unit).

• To add a new Approver for a Location (Site / Plant Unit), click the Plus button.

• Select the location (Site / Plant Unit) and User.

• Click Save.

Also, when a User is being created (see Users section below), you can directly assign one or multiple (maximum) Approval Levels for different locations and choose whether the new user is the Preferred user.

Roles

Each user can have one or more Roles assigned. The Role determines what the user can view and edit in IMS. For instances users that need to make use of the S-RBI functionality in IMS PEI, must be assigned an RBI role. If multiple Roles are assigned to a user, the highest Role will always win. For example, if you have both the PEI Viewer and INSP GENERAL Role, your rights will be that of the INSP GENERAL.

The different Roles available can be viewed and edited here. Per Role, one can define, by ticking the checkbox, if that Role has permission to work with attachments.

Note that Roles are also mapped to a Discipline.

For more on the different Roles see: PEI User Roles, FMA User Roles, Civil User Roles, RCM User Roles, FCM User Roles, PLSS User Roles, SIS User Roles, and TAT User Roles.

Users

This section shows all registered Users within the Site. Multiple users can be added and assigned to a Site.

The search field can be used to search for specific users. The user list can also be filtered by user account properties, e.g., Role, Approval level, User Profile, Discipline (as defined in Common Data Settings), etc.

Users can also be added, deleted, or edited. When a new user is added, or an existing user is being edited, an Activation Code can be generated. Click on More to find the Activation Code. Non-active directory users require an Activation Code for first-time login or to reset their passwords.

For Users that received an Activation Code, it is recommended after first login to set a new password in My Account.

For more information on User Management for Shell see Shell IMS User Management.

When new users are created in IMS an email will be sent with a welcome message and some additional account information.

Bulk Updating User Account (Export for Import)

User Accounts can be Exported for Import. This way User Accounts can be edited in Bulk.

An Expired date is included in the import template, as well as in the  export for import sheet. When an Expired date has been set, users will not be able to login after this date.

Who can Change/Add Roles?

Your User Role will determine whether or not you can assign a specific Role to a User.

• The CSA has the absolute power, he can assign any Role to anyone.

• Users with Admin Roles can assign Roles from their own methodology to users from any methodology. The Roles assigned must be lower or on the same level as their own. For example the PEI ADMIN can assign this same Role to an RCM user.

• Any user can upgrade another user in the same methodology as his own, up to the same Role level, unless the other user is only a Viewer. For example INSP GENENRAL can assign an additional PEI Role like INSP CLERK to an INSP TECH, but he cannot assign this Role to a RCM Viewer or PEI Viewer (only).

• VIEWER Roles can be added to anyone by anyone.        

Take note: Only users with an Admin Role can edit other users.

Password Reset

Non-active directory users can also request new passwords, when forgotten, via the login screen. A reset link is shown on the login screen. When the link is clicked, a modal will pop-up asking for the username.

When a password reset is requested, an email is sent to the user with a temporary link, which the user can click to receive an Activation Code. With the Activation Code, the user can log in. He then needs to set a new password in My Account. This way, IMS provides new passwords to users in a secure environment.

Note: A user account must have a defined email address to receive a password reset link.

Login detected from new device

When a user logs into IMS from a new device, IMS will send an email notification to the user. This way one can control unauthorized usage of one’s account – change password in such a case!

Note: A User account must have a defined email address to receive email notification.

Notification for CSA Role

To have more control over CSA Roles and for security reasons, the IMS support team receives an email notification when someone’s account is granted the CSA Role.

Training

This is also where training can be assigned to a User. The available Training are defined in Common Data Settings.

In My Account, a list of trainings assigned to the user is shown. A warning will show when the training expired, i.e., when the Valid Until date has passed. Attachments from trainings will also show if available.

Visibility

This is where user access to specific sites, plants, or units can be limited. As a result, users can only view and interact with objects within their designated locations. Multiple locations can be assigned to a single user. This limitation applies to all main grids where site, plant, and unit information is available, including dashboards and custom queries. This feature is particularly useful when granting limited access to contractors.

Location limits can be modified only by users with administrative roles.

To set the visibility limit:

• Navigate to Settings / Maintenance / Security / Users.

• Find the user who’s access you want to limit.

• Click the blue Edit button on the left.

• Under Visibility, click on the green Plus button.

  

• Click on the Magnifier glass.

• Select the applicable Site, Plant or Unit from the list.

• Click OK.

• Click Save in the bottom left corner.

User Authentication Events

To track unusual logins, IMS remembers when users log in, request new passwords, or log out, as Authentication Events. The list of events is shown in this section. The Authentication Events can be filtered by username, type of event, and status.

Hierarchy Type Discipline

Here for each hierarchy Type a Discipline Owner is defined. This can be edited by INSP ADMIN, RCM ADMIN, DISCIPLINE ADMIN.

User Profiles

User Profiles allow Admin Users to configure other User Profiles. In this section User Profiles are created and assigned to Users. Your User Role will determine whether or not you can create User Profiles and assign them to the Users. See more about User Profiles.