Download Livelink Users and Groups Explained With Best Practices (Ver 1 - Feb 2008)...
Product: Livelink ECM – Enterprise Server Version: 9.5.x, 9.6.0, 9.7.x Task/Topic: Features & Functionality Audience: Administrators Platform: All Document ID: 700036 Updated: February 29, 2008
Best Practices
Livelink Users and Groups Colin T. Sim, Senior SDK Support Specialist (Certified Livelink SDK Developer & System Administrator)
Document Title
Livelink Users and Groups
Best Practices
Contents Abstract .................................................................................................................. 1 Overview ................................................................................................................. 1 Application .............................................................................................................. 1 Background ............................................................................................................ 2 The Basics ...................................................................................................................4 User and Group Settings from the Admin Pages ................................................... 5 Configure Department Selection (drop-down list or department dialog) ........................................................................................................ 5 Configure Domain ............................................................................................ 7 Configure Group Settings (Prevent Recursive Groups) .................................. 7 Configure Password Settings........................................................................... 7 Configure User Name Display ......................................................................... 8 User Tab Permissions ...................................................................................... 9 User and Group Settings from the Opentext.ini file .............................................. 13 Explanation of the Opentext.ini settings ............................................................... 14 User Setting Section ...................................................................................... 14 License Key Section ...................................................................................... 14 Lang Section .................................................................................................. 14 General Section ............................................................................................. 15 Key Tables that Affect Storage and Maintaining of LES Users and Groups ......... 15 Main User and Group Tables ......................................................................... 15 Related Tables ............................................................................................... 15 Directory Services, LDAP and Other Considerations ........................................... 15 Understanding User Licensing ................................................................................ 17 What Does this Mean? ......................................................................................... 18 Configure Server Parameters Page ............................................................... 18 Using Up Available Licenses ................................................................................ 19 Distinguishing Active, Disabled and Deleted User Accounts .............................. 21 How Customers Secure New License Keys ........................................................... 22 General User and Group Best Practices and Considerations.............................. 26 General Naming Conventions ........................................................................ 26 User Login names .......................................................................................... 26 User Account Passwords ............................................................................... 26 Managing User Accounts ......................................................................................... 28 Disabling and Enabling Accounts .................................................................. 28 Rename User Account (Change Login) or Change Password ...................... 28 Deleting User Accounts .................................................................................. 29 What is stored within the user profile? ........................................................... 29 Groups........................................................................................................................31 Group Nesting .............................................................................................. 32
Champion Toolkit Document
www.opentext.com
Document Title
Livelink Users and Groups
Best Practices
Best Practices and Group Nesting ................................................................. 32 Recursive Groups ................................................................................................. 32 Group Strategy and Design Principles ................................................................. 33 Group Naming Conventions and Best Practices ........................................... 33 Useful List of Group Name Abbreviations ...................................................... 34 Group Naming Conventions for Usability ............................................................. 34 Acronyms (also refer to the previous abbreviation table): ............................. 35 Number Scheme ............................................................................................ 36 Group and User Types ................................................................................... 36 Creating a Group .................................................................................................. 38 Are More Groups Better? ............................................................................... 40 Group Notification ................................................................................................. 40 Deleting a Group .................................................................................................. 41 User Rights or Privileges ...................................................................................... 43 Assigning Rights (Privileges) to a User Account............................................ 43 System administration rights .......................................................................... 44 Assigning Rights (Privileges) to Users or Groups ................................................ 45 Group Management and the Responsibility for Creating and Managing Groups ................................................................................................................. 47 Who Specifically Can Create, Edit and Delete Users and Groups? ..................... 50 Group Leaders ............................................................................................... 51 Best practice considerations for assigning User and Group privileges: ................................................................................................ 52 1. Why the 1000 user/group per group limit as found in the Opentext.ini file? ................................................................................................ 53 2. How can an organization establish a company-wide group if there is a limit? ................................................................................................................. 53 Directory Services .................................................................................................... 54 Back to the Basics -- Modeling ................................................................................ 56 Turn Public Access On or Off for Livelink Users .................................................. 58 Consequences of Disabling a User’s Public Access ............................................ 59 No Single Way ............................................................................................... 62 User Group Modeling Methodology ............................................................... 62 Data Gathering ..................................................................................................... 63 Key Questions in information gathering ......................................................... 63 Analysis .......................................................................................................... 64 Design ............................................................................................................ 64 Implementation .............................................................................................. 64 Impact of User and Groups on Deployment of Access Rights to Livelink Documents ..................................................................................................... 64 Mature Systems ........................................................................................................ 68 Taking a Survey of Current System and Where Things are Right Now .............. 70 User and Group Verification ................................................................................. 70 Deal with Group Recursivity ................................................................................. 72
Champion Toolkit Document
www.opentext.com
Document Title
Livelink Users and Groups
Best Practices
Completely Lost: Must Output List of Users and Groups? ............................ 72 Glossary .....................................................................................................................73 Appendix A: Database Activity during Creation and Deletion of a Livelink Group .................................................................................................... 75 Appendix B: Example of LAPI Code for Outputting Livelink Users and Groups ................................................................................................................. 77 Appendix C: Summary of User and Group Best Practices ................................... 79 User Login names .......................................................................................... 79 User Account Passwords ............................................................................... 79 Group Nesting ................................................................................................ 79 Group Names ................................................................................................. 80 Group and User Types ................................................................................... 80 Creating a Group ........................................................................................... 80 Assigning User and Group privileges: ........................................................... 80 Group Modeling ............................................................................................. 81 [Department:] setting in the User Profile: ....................................................... 82 Credits ........................................................................................................................ 83 General Reference where no specific pages have been cited ............................. 83
Champion Toolkit Document
www.opentext.com
Document Title
Livelink Users and Groups
Best Practices
Abstract Best Practices document dealing with Livelink 9.5.x, 9.6.0 and 9.7.x concerning Users and Groups, how they work and a series of suggested design and maintenance Best Practices.
Overview This document was written in an effort to enhance product information that may not be covered in documentation to date and to expand on information that is presently provided either in Livelink Training Courses or Customer Support materials.
Application The following document was written to provide additional information and best practice recommendations in the following topical areas of Livelink Users and Groups: •
Users and Groups from the Admin Pages
•
Users and Groups from the Opentext.ini File
•
Key Tables that Affect Storage and Maintenance of Users and Groups
•
Understanding User Licensing
•
Distinguishing Active, Disabled and Deleted User Accounts
•
How Customers Secure New License Keys
•
General User and Group Best Practices and Considerations
•
Managing User Accounts
•
Groups
•
Recursive Groups
•
Group Strategy and Design Principals
•
Group Naming Conventions for Usability
•
Creating a Group
•
Group Notification
•
Deleting a Group
•
User Rights or Privileges and Assigning Rights to Users or Groups
•
Group Management and the Responsibility for Creating and Managing Groups
•
Who Specifically Can Create, Edit and Delete Users and Groups?
•
Why 1000 Users/Groups per Group Limit?
•
Directory Services
Champion Toolkit Document
www.opentext.com
1
Document Title
Livelink Users and Groups
Best Practices
•
Back to the Basics – Modeling
•
Turn Public Access On or Off for Livelink Users
•
Consequences of Disabling a User’s Public Access
•
User Group Modeling Methodology
•
Data Gathering
•
Impact of User and Groups on Deployment of Access Rights to Livelink Documents
Background In order to implement, maintain and support a Livelink System, “Administrators” require a level of competency that is both technical and practical with respect to understanding how LES (Livelink Enterprise Server) Users and Groups work and operate. To achieve this level of competency, it is necessary to present both technical and practical information concerning Livelink Users and Groups. Recognizing that some readers may only be interested in the Users and Group best practices from a purely Business Management perspective, these Best Practices have been appropriately summarized within an appendix of this document, targeted specifically for the Business Management audience. The remainder of the document contains the necessary technical information in addition to the strategic placement of User and Group best practices. This document is further targeted towards two separate audiences or groups, each with their own unique issues and requirements. There are a common set of considerations, including best practices, which need to be addressed by everyone, regardless if the LES system is a new installation or one which is mature and has been operating for years. The first group includes those involved with the installation and configuration of a new Livelink system who are not dealing with any previous legacy ECM system. This group needs to consider how to structure their user and group community in a manner that will provide for sustainable growth over time and that can be managed or maintained with reasonable resources and overhead. An understanding of how Livelink operates with users and groups will be important to successfully applying many of the concepts and best practices presented in this document. The second group includes those who already have one or more Livelink installations that could be considered as being mature. A mature LES system was originally installed some time ago and has enjoyed considerable growth, perhaps during various stages in its lifecycle. This group needs to review how their user and group community has been implementing and consider how it is affecting the overall usability and performance of their Livelink System. Over time, the Corporation with a mature LES system may have experienced growth spurts or may have merged or assimilated other companies into itself. Perhaps some of this assimilation may not have been adequately planned or been less than perfect creating subsequent difficulty in maintaining the users and groups within the system. During the examination and reassessment of the user and group structure of a mature LES
Champion Toolkit Document
www.opentext.com
2
Document Title
Livelink Users and Groups
Best Practices
system, a review of best practices is also in order and implementation of any needed changes to the existing structure based on the presented best practices in this document. There is also additional troubleshooting and remedial actions that can be undertaken to keep the LES system in good working order. Readers unfamiliar with Livelink and its administration are encouraged to attend the appropriate training courses (http://www.opentext.com/training/ ) if they have not already done so. In situations where Customers may be upgrading from versions of LES that are considered Past Maintenance (side bar note and URL link to Knowledge Center regarding maintenance lifecycles) they may wish to consider attending updated training classes to understand many of the new features and changes that have been implemented in recent LES versions that have been released. An alternative to instructor lead training may be to replay recorded Webinars that touch on some of the new features and changes to the LES product which are available from Communities at the following URL: http://communities.opentext.com/communities/llisapi.dll?func=ll&objId=5906659&objA ction=browse&sort=name&viewType=1 For illustrative purposes, this document will use LES 9.7.1 as the example system when referring to functionality and illustrated screenshots. The establishing of LES Users and Groups is of equal importance to establishing correct permissions and access rights to documents and other materials stored in Livelink. If the User and Group implementation is ineffective, users who implement and manage the granting of permissions or access rights within the LES system will be challenging. A solid understanding of how LES will be used within the Corporation is also of considerable importance. This understanding will prove to be beneficial in the designing and testing of users and group structures.
Champion Toolkit Document
www.opentext.com
3
Document Title
Livelink Users and Groups
Best Practices
The Basics When LES is first installed the system and its key components can be illustrated as follows:
Figure 1
Of course, in larger scaled or enterprise systems, there may be a need to cluster or have multiple server installations to service a larger population. For discussion purposes, use of a Tri-server or distributed configuration will be used where the Livelink and Web Server is located on one computer system while the External File Store and Relational Database are on their own respective computer systems. The Admin server, responsible for searching and indexing, would also be on another computer system. NOTE: The Knowledge Center contains a page which deals with the concept of Past Maintenance or where a software package has a period of its existence where it is actively supported, enhanced, fixed / patched etc. https://knowledge.opentext.com/knowledge/llisapi.dll/fetch/2001/7 44073/2598689/3692538/customview%2Ehtml?func=ll&objId=369 2538 Generally speaking, Open Text maintains active support for a product for a period of 18 months following the month in which a version was released. The page details what Maintenance resources are available during the Current Maintenance and the Past Maintenance portions of the software’s lifecycle.
During the installation, Livelink will automatically create an Admin User account and a Default Group. There are several best practices or guidelines to remember: •
Admin User account cannot be disabled
•
Admin User account cannot be renamed
•
There is only one Admin user account
•
Every user must belong to at least one group
•
Do not attempt to remove the Admin User from the Default Group immediately following LES installation (more on this later)
For those interested in a comparison of rights and capabilities the Admin User account they are published in a separate document available at the following URL:
Champion Toolkit Document
www.opentext.com
4
Document Title
Livelink Users and Groups
Best Practices
https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=9808343&objActi on=properties&nexturl=%2Fknowledge%2Fllisapi%2Edll%3Ffunc%3Dll%26objid%3D 6849437%26objAction%3Dbrowse%26sort%3Dname
User and Group Settings from the Admin Pages Livelink User and Group Administration links are available from the Admin Pages:
Figure 2
Configure Department Selection (drop-down list or department dialog) Beginning with LES 9.7.1, there is an option to select the kind of interface that is available when selecting groups within a user profile. By default it uses the preexisting drop-down list box interface (see illustration on next page) From the Administration Pages, it is possible to change the Department Selection interface from the drop-down to a Dialog interface, This option is recommended where a LES system has a large number of groups (see illustration on next page). When selected, the Department Dialogue interface has a Select button that provides a dialogue to enter some or all of the desired Group names to perform a query, returning all Groups that meet the name query are returned. Displayed groups from the Department Dialogue or form the drop-down list are permission based. If the user who is editing the User Profile is not the Admin User, does not have User Administration Privilege or did not create the particular groups, it will not appear on the list or interface. Conversely, if the user who is editing the User Profile, is logged in as the Admin User or as someone who has the User Administrator Privilege, then no restrictions will apply, and all LES system groups should display on the list (more details on this later). The classic drop-down interface for selecting a group. Please note that the Default Group should appear regardless of who is logged into the Livelink system.
Champion Toolkit Document
www.opentext.com
5
Document Title
Livelink Users and Groups
Best Practices
Figure 3
The Admin Page option for changing from the classis drop-down list style to a Department Dialog:
Figure 4
This is the Department Dialog as opposed to the classic drop-down list which is very useful once an organization has a considerable number of groups that cannot be readily accommodated by the drop-down list interface.
Figure 5
Champion Toolkit Document
www.opentext.com
6
Document Title
Livelink Users and Groups
Best Practices
Configure Domain This option allows you to activate and provide administrative support for Livelink Domains. A discussion of this particular topic is outside of the scope of this document.
Configure Group Settings (Prevent Recursive Groups) A number of Livelink functions and reporting options routinely query the tables responsible for storing user and group information including the KUAF and KUAFChildren tables. Handling of this “look-up” information is treated differently depending on the database server being used; MS SQL Server or Oracle. The existence of recursive groups forces Livelink to reference user/group information in a manner that is less efficient that translates into a performance hit against the system. For complete details, refer to the Note posted on the Knowledge Center at the following URL: https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=9727109&objActi on=properties&nexturl=%2Fknowledge%2Fllisapi%2Edll%3Ffunc%3Dll%26objid%3D 6849437%26objAction%3Dbrowse%26sort%3Dname If you are using LES 9.6.0 or later, there is a setting available from the Admin Pages that will aid in the prevention of recursive groups being created. This setting will not remediate any pre-existing recursivity that might already exist within a system. Those systems that are likely to be afflicted with recursivity will be the ones running against Oracle or SQL Server 2005 databases. To remedy any pre-existing recursive groups, readers should consult the note posted to the KC. To prevent future recursively, enable the Prevent Recursive Groups check box.
Figure 6
Configure Password Settings From the Configure Password Setting page, the LES Admin User has the ability to specify a number of password-hardening measures including: •
Minimum Number of Characters
•
Passwords Must Contain Digits
•
Password Cannot Begin with a Digit
•
Password Cannot End with a Digit
Champion Toolkit Document
www.opentext.com
7
Document Title
Livelink Users and Groups
Best Practices
•
Changed Passwords Must be Different
•
Change Password at First Login
•
Password Expiration
•
Days to Prevent Password Use
•
Days Required Between Password Changes
The Livelink administrative page controlling the password setting may have the features or settings illustrated below:
Figure 7
Configure User Name Display The Configure Name Display page provides the opportunity to specify the general display format for the user’s name. When activated, the user’s full first name and last name (etc) will be appended to their login ID.
Champion Toolkit Document
www.opentext.com
8
Document Title
Livelink Users and Groups
Best Practices
Figure 8
User Tab Permissions The User Tab Permissions page provides the LES Admin User with the ability to specify whether: •
Users are/are not allowed to change their General Profile information
•
Users are/are not allowed to change their Personal Profile information
Figure 9
Champion Toolkit Document
www.opentext.com
9
Document Title
Livelink Users and Groups
Best Practices
Specific users (or groups) can change the General Profile information of ANYONE within the system. Specific users (or groups) can change the Personal Profile information of ANYONE within the system.
Figure 10
This User Tab Permission information is stored to the UserTabRights table. By default, users with the System Administration Rights privilege also receive full Edit Anyone privileges. The entry below referring to Right ID 2643 corresponds to the student1 login account.
Figure 11
However, all of the names of users and groups appearing on the Access List are NOT taken entirely from the UserTabRights table. Anyone with the necessary User Administrator Rights or above will also appear on the Access List.
Champion Toolkit Document
www.opentext.com
10
Document Title
Livelink Users and Groups
Best Practices
Figure 12
NOTE: If and organization, for security reasons, was to disable the ability for a user to edit the information on their Personal Tab using the provided User Tab Permissions interface, it may result in an inability for the user(s) to change their Livelink passwords 1 . This issue presently affects all Livelink versions beginning with 9.5.0 though to 9.7.1. The change involves un-checking the Personal Tab and the General Tab for “Allow Edit of Self”. An error message stating Access is Denied will result when the user attempts to change their password.
Check the Knowledge Center for monthly patches and/or individually issued patches for a fix to this issue once it becomes available.
Here is a SQL statement that can be executed, perhaps as a Live Report to generate a list of those user accounts with User Administrator Rights or higher in the LES system: select k.ID, k.name, k.firstname, k.lastname, k.userprivileges from kuaf k where k.userprivileges in (2079, 2111, 2175, 2431) order by k.userprivileges
1
Bancroft, Chris. “Referencing Bug LPAD-12694 and ITSM ticket 353499”. Internal Customer Support
Communication (email). Feb 2008.
Champion Toolkit Document
www.opentext.com
11
Document Title
Livelink Users and Groups
Best Practices
The following table represents a synoptic view of these bit-masked KUAF.userprivileges binary and digital values used in the SQL statement above: Privilege
Bit(s)
Binary Value
Decimal Value
Login Enabled
0
Have a record
1, 2, 3
000000001111
15
User Administration
4
100001111111
2175
Create/Modify Users
5
100000101111
2095
Create/Modify Group
6
100001101111
2159
System Administration
8
100010111111
2431
Public Access
11
100000001111
2063
Attending the Livelink Advanced LiveReports and Schema Course (www.opentext.com/training) provides the necessary background in understanding of bit-masking permissions and privileges. And here are the corresponding results. Please note that the KUAF.userprivileges is based on bit-masked values as previously noted.
Figure 13
Additionally, the e-link and Admin User accounts have full rights (16777215), thus we are able to ‘construct’ the corresponding seven (7) individuals in the list. The lack of the function button for these 6 users (excluding student1) is due to the fact that their User Administration rights cannot be revoked from this interface.
Champion Toolkit Document
www.opentext.com
12
Document Title
Livelink Users and Groups
Best Practices
User and Group Settings from the Opentext.ini file Here is an abridged series of settings from an opentext.ini file that governs a variety of user and group setting. [general] MaxUsersToListPerPage=30 MaxListingOnGroupExpn=100 MaxUsersInGroup=1000
[Lang_en_US] UserNameDisplayFormat=1
[UserSetting] RowColorOptions=#FFFFFF,#EEEEEE,#FFFFCC,#CCFFFF,#CCFFCC,#DDDDF F ColumnHeaderColorOptions=#CCCCCC,#A0B8C8,#83D8A4,#CCCC99 Row1Color=#FFFFFF Row2Color=#EEEEEE ColumnHeaderColor=#CCCCCC UserNameAppendID=1
[LicenseKeyInfo] CompanyName=Open Text - Customer Support ExpireDate=? NumUsers=500 LicenseKey=*******************************
Champion Toolkit Document
www.opentext.com
13
Document Title
Livelink Users and Groups
Best Practices
Explanation of the Opentext.ini settings User Setting Section The user setting section of the opentext.ini file contains information corresponding to the interface that can be seen by users on their Tools Settings Color page. The row and column color options are specified by the hexadecimal colors in this section of the ini file.
Figure 14
The appending of a user name, as previously discussed in the last section, is controlled in this section. The Append to Display Name setting is enabled when the ini value is (1) and disabled when the value is (0). More help on these ini sections are available from the LES installation files, for example: \support\adminhelp\_en_us\webadmin\ot_ini-usersetting.html
License Key Section A discussion of the license key and licensing will follow in the next section.
Lang Section The UserNameDisplayFormat setting defines the format which LES displays a user’s name, for example infields such as Created by, Owned by, and User. Although the default value is 1 (Log-in ID), other valid values include: 2 = FirstName LastName, 3 = FirstName MiddleInitial LastName, 4 = LastName, FirstName, 5 = LastName, FirstName MiddleInitial, 6 = LastName FirstName.
Champion Toolkit Document
www.opentext.com
14
Document Title
Livelink Users and Groups
Best Practices
General Section MaxUsersToListPerPage=30 The maximum number of users to display per page on a user search result list. MaxListingOnGroupExpn=100 This setting specified the maximum number of users to display when opening the members of a group. If you search for groups and then click a group to display its members, maximum number of members displayed on the page is defined by the value of the MaxListingOnGroupExpn parameter. MaxUsersInGroup=1000 This setting specifies the maximum number our users per group. This will be explained in greater detail later on in the document.
Key Tables that Affect Storage and Maintaining of LES Users and Groups Main User and Group Tables •
KUAF
•
KUAFChildren
•
KUAFPrefs
•
KUAFProxy
•
KUAFRightsList
Related Tables •
AgentSchedule
•
NotifyInterests2
•
OldPasswords
•
UserTabRights
Directory Services, LDAP and Other Considerations •
Topics and issues dealing with Directory Services and LDAP are outside of the scope of this document.
•
Each user or group that exists in Livelink has a unique identifier corresponding to the KUAF.ID information. This could be roughly equated to a unique identifier, like a SID
•
You cannot xml import or export users and groups. Since users and groups are not llnodes, the current XML Import and Exporting capabilities cannot be used to export and import users from one LES system to another.
Champion Toolkit Document
www.opentext.com
15
Document Title
Livelink Users and Groups
Best Practices
•
To maintain user and group IDs (i.e., the unique identifier corresponding to the KUAF.ID), the database in which they exist must be either upgraded or imported in its entirety.
•
Developers could use LAPI (or Web Services) to create users and groups programmatically. Creating users and/or groups programmatically using LAPI or Web Services is beyond the scope of this document NOTE: A document containing useful LES XML Export and Import information is has been published to the Knowledge Center and is available at the following URL: https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objI d=13621570&objAction=properties&nexturl=%2Fknowledge%2Flli sapi%2Edll%3Ffunc%3Dll%26objid%3D13621345%26objAction% 3Dbrowse%26sort%3Dname
Champion Toolkit Document
www.opentext.com
16
Document Title
Livelink Users and Groups
Best Practices
Understanding User Licensing To better understand current LES licensing, a review of licensing concepts is in order. For full details, consult the respective EULA or End User Licensing Agreement. Conceptually, licensing can be illustrated in the following pair of diagrams: Per Server Licensing
Per Seat Licensing
Per server licensing was typified by the presence of Primary and Secondary Livelink Servers. This kind of licensing was implemented years ago around the time that LES 9.0.0 was released. Secondary Servers were used to augment indexing and search provided by the Primary Server. Licensing was usually on a per-server basis. The number or users logging into the system did not matter and there was no License Key
Per seat licensing was typified by the presence of any possible number of Livelink Servers. This arrangement provides for scalability and redundancy in the case of fail-over. Licensing is on the basis of named user accounts. A license key is issued to each Livelink Customer based on a maximum of named accounts in their system.
The Livelink End User License Agreement or EULA 2 defines the nature and scope of end user licensing while using a number of terms or concepts are common to the software industry including: Client Named User(s) means an individual employee of the Licensee which: a) uses a unique login name/password combination assigned to such individual by the
2
Dobbie, Stacey. “ELUA Text and Terminology Used to Explain Livelink Licensing.” Internal Customer Support Communication (email). 29 Jan 2008.
Champion Toolkit Document
www.opentext.com
17
Document Title
Livelink Users and Groups
Best Practices
Licensee to access and/or use Client Module(s), and b) is authorized by a Client Named User License to access and/or use a Client Module; Client Named User License means an OTC license purchased by Licensee hereunder authorizing: (a) Licensee to install a specific Client Module on one Desktop; and (b) one Client Named User to access and use all available functions within such Client Module on such Desktop Named User means an individual employee of the Licensee which: a) uses a unique login name/password combination assigned to such individual by the Licensee to access and/or use the Server Application Software or Vista Plus Server Software (as the case may be), and b) is authorized by a Named User License to access and/or use the Server Application Software or Vista Plus Server Software (as the case may be) Named User License means an OTC license purchased by Licensee hereunder authorizing one Named User to: (a) access and/or use Server Application Software; (b) have a Personal Workspace; (c) create, modify, and/or delete Object(s); and (d) participate in any Workflow.
What Does this Mean? It means a single Licensee (use of the term Company will be used interchangeably here for the sake of readability) will have a license key issued to them composed of a Company Name, a possible expiration date, a specified number of users and an encrypted string. During the installation or updating of a Livelink server, this key information is entered in the GUI interface and incorporated into the corresponding Livelink’s opentext.ini file. In distributed, load balanced or clustered systems, the same key information must be entered into each server and/or its corresponding opentext.ini file.
Configure Server Parameters Page The provided license key is entered in the GUI interface on the Configure Server Parameters page
Figure 15
Here is the corresponding information from the Opentext.ini file: [LicenseKeyInfo] CompanyName=ODG - A GreenSquare Company
Champion Toolkit Document
www.opentext.com
18
Document Title
Livelink Users and Groups
Best Practices
ExpireDate=D/2008/8/8:0:0:0 NumUsers=1000
LicenseKey=MTAwMEQvMjAwOC84Lzg6MDowOjA5Ljcu In this context, Outdoor Gear - A Green Square Company can have 1000 named users licensed for read and write access to the above Livelink 971 system.
The concept of concurrency (http://en.wikipedia.org/wiki/Concurrent_user) does not really apply. Unless security settings have been implemented to prevent the same named user from logging into Livelink multiple times. https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=12782424&objAc tion=properties&nexturl=%2Fknowledge%2Fllisapi%2Edll%3Ffunc%3Dll%26objid%3 D13586326%26objAction%3Dbrowse%26sort%3Dname While it is possible for multiple users to share a single login account, there is no practical business application of doing this. Some modules or client applications can also be licensed in the same way as the Livelink server. Here is an example of the Web Reports and its Web Reports Licensing page:
Figure 16
Using Up Available Licenses Which users within our company (that have Livelink named accounts) use up licenses?
Champion Toolkit Document
www.opentext.com
19
Document Title
Livelink Users and Groups
Best Practices
Admin user is going to take up one (1) license. If elink is in use, another (1) license will be used up. Each and every named user in the system who has an account that is NOT deleted, counts towards the total. If a user account has been disabled, it too counts towards the total usage. To free up the license, the user account must be deleted. When the system reaches its user limit, based on the licensing key, an error message will result the next time someone attempts to create an additional user account above the specified limit:
Figure 17
When a license key similarly expires, Livelink functionality (excluding creating new user accounts) will continue to operate normally without any impact to its usability.
Champion Toolkit Document
www.opentext.com
20
Document Title
Livelink Users and Groups
Best Practices
Distinguishing Active, Disabled and Deleted User Accounts Livelink Administrators can use Live Reports to generate a count or tally of user accounts that are presently defined in their system. To list or identify all named user accounts in the system: select k.id, k.ownerid, k.name, k.groupid, k.mailaddress from kuaf k where k.type = 0 order by id To tally all named user accounts in the system: select count(*) from kuaf k where k.type = 0 Similarly, to generate a count or tally of user accounts that are presently deleted in their system. To list or identify all users who’s user accounts have been deleted: select k.id, k.ownerid, k.name, k.groupid, k.mailaddress from kuaf k where k.deleted = 1 and k.type = 0 order by id To tally all named user accounts that have been deleted in the system: select count(*) from kuaf k where k.deleted = 1 and k.type = 0 To list or identify all users who’s user accounts have been disabled: select userprivileges, * from kuaf where deleted in (0,1 )and floor(k.userprivileges / Power (2, 0)) %2 = 0 To tally all named user accounts that have been disabled in the system: select count(*) from kuaf k where deleted floor(k.userprivileges / Power (2, 0)) %2 = 0
in
(0,1
)and
In the above statement, administrators can change this SQL so the statement reads deleted in (0) for accounts where user has not been deleted or deleted in (1) to identify where user accounts have been deleted. A document detailing technical aspects and considerations of deleting Livelink users is published to the Knowledge Center at the following URL: https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=12981313&objAc tion=properties&nexturl=%2Fknowledge%2Fllisapi%2Edll%3Ffunc%3Dll%26objid%3 D6849437%26objAction%3Dbrowse%26sort%3Dname
Champion Toolkit Document
www.opentext.com
21
Document Title
Livelink Users and Groups
Best Practices
How Customers Secure New License Keys Each time a new major version of Livelink is installed, (such as when performing an upgrade), a new license key needs to be secured. Generally speaking, updating to service pack levels of Livelink does not require the re-issuing of a license key. The following diagram illustrates many of the various LES versions.
Figure 18
Other situations may arise, such as increasing the number of named users in a system, thus requiring the issuing of a new license key. For Customers and Affinity Partners who require a new licensing key to be issued, they can log into the Knowledge Center and make the form-based key request. Users making the license key request need to complete one request for EACH Livelink Version and if they have multiple systems with different licensing quantities, for EACH Livelink system. The following series of screen shots shows how to navigate the through the Knowledge Center to the page where the form-based license key request can be made.
Champion Toolkit Document
www.opentext.com
22
Document Title
Livelink Users and Groups
Best Practices
Login to the Knowledge Center (http://knowledge.opentext.com) : Select the Downloads link:
Figure 19
Select the Livelink – ECM Enterprise Server -> Enterprise Server link:
Figure 20
Champion Toolkit Document
www.opentext.com
23
Document Title
Livelink Users and Groups
Best Practices
From this page, select the appropriate Livelink Server version
Figure 21
Clicking on the Expand/Collapse button opposite the specific LES Server Version will result in a page where the user can then click on the key icon to open a formbased page to request a new key.
Figure 22
Champion Toolkit Document
www.opentext.com
24
Document Title
Livelink Users and Groups
Best Practices
Click on the key icon to open the License Key Request Form
Figure 22
Once the request has been processed, an automated email will be sent to the applicant. If the applicant does not get an email within 24 hours, they should ensure that their supplied email address is not blocked for filtered in a way that would prevent reception of the email. If, after further investigation, they still do not have the needed key, they should open a support ticket with
[email protected] .
Champion Toolkit Document
www.opentext.com
25
Document Title
Livelink Users and Groups
Best Practices
General User and Group Best Practices and Considerations General Naming Conventions An Application Note has been previously published concerning naming conventions. Although the document does not specifically address naming conventions for users and groups, it could be reviewed to familiarize Administrators as to some of the characters that are or are not supported within Livelink in general. https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=13698124&objAc tion=properties&nexturl=%2Fknowledge%2Fllisapi%2Edll%3Ffunc%3Dll%26objid%3 D6849437%26objAction%3Dbrowse%26sort%3Dname
User Login names 3 User login names should conform to the following series of best practices (additional naming restrictions may need to be imposed based on the operating system) •
Provide unique login name (
