How to Add New Operator10 and Synexus Users

This article will serve as a guide for Operator10 and Synexus administrators needing to add new users to the application

A note regarding Active Directory: we recommend that an Active Directory user group be created for each of the AllMax applications you have purchased.

Once each user group has been created, the users of each application should be added to their respective group via Active Directory, and then the entire group should be mapped with at least db_datawriter, db_datareader, and public roles to the AllMax license database for the application they will use, and each user database they will need access to from the Microsoft SQL Server Management Studio application.

Once the user group has been created and added to SQL, and the roles above applied to it, anytime a new user needs to be added to Operator10 or Synexus, the user will simply need to be added to the Active Directory user group, and then added to the User Security section of the Operator10 or Synexus application, and granted a role in Operator10 or Synexus User Security.

If Active Directory is not available, and the client PCs and the serving computer are not attached to a domain, each user that accesses Operator10 or Synexus from their own Windows login on their device will need added to the serving computer as a local computer user, and then granted a login to the SQL instance. Next, the login for each user needs at least db_datawriter, db_datareader, and public permissions mapped to it. Authenticating the users against the SQL instance requires that the local account created on the serving computer matches EXACTLY the Windows username of their login on their client PC, and the password on their client PC. For adding users in a Workgroup Environment, please see the section of this document labeled Adding Operator10 or Synexus Users in a Workgroup Environment

If the users will share a Windows login to access Operator10 or Synexus, only that shared login will need to be added as a local account on the serving computer.

This article will describe adding users in the presence and absence of Active Directory.

Adding Operator10 or Synexus Users in a Domain Environment via Active Directory User Group

1. Create the Operator10 Wastewater, Operator10 Water, or Synexus user group, and add each future user of the application to it.

2. Open Microsoft SQL Server Management Studio, and connect to the SQL instance that stores the Operator10 Wastewater, Operator10 Water, or Synexus license database, and the user databases.

3. SSMS will connect to the SQL instance. From the Object Explorer pane on the left, expand the Security folder, then expand the Logins folder as in the image below.

4. Click the Search… button on the right-hand side of the Login-New window. The Select Users or Group window will open.

5. Select the Object Types… button, and ensure that the Groups checkbox is checked, then select OK to close the Object Types window. Click the Locations… button, then select Entire Directory, and press OK to close the Locations window. 

6. In the field labeled “Enter the object name to select”, enter the name of your User Group. 

7.  Click the Check Names button, and if the item was found, click the OK button. If it was not found, you will be presented with a window informing you that the item was not found. In the case it was not found, ensure that the correct Location and Object Types are selected, and that the username/user group was spelled correctly. 

8.  Once the OK button is clicked in step 7, the login name will be displayed in the Login – New window from step 3. 

 The next steps involve “mapping” the logins we created to the databases they’ll need access to. Mapping simply means setting the level of permissions or role each group requires to each database. Adding the user group has already given the users in the group access to the SQL instance so that they can connect to it via their AllMax application. Mapping the group gives the users in the group the roles/permissions to the actual databases on a per-database level.

AllMax Software creates one license database for each purchased application, and the actual “production”, or user database, and each group needs to be mapped to each one they need access to. For example: a client purchases Operator10 Wastewater, configures SQL for use with AllMax products, then installs Operator10 Wastewater, and creates a new license (license database), and a new Operator10 (production/user) database.

For users to open and use Operator10 or Synexus, they will need mapped to the license database, and each user database they will work in, since we can add many user databases, but there will only ever be one license database per product. 

9. At this stage, you should have a license database, and at least one user database. Operator10 Wastewater license databases are always named WAS000000, Operator10 Water license databases are always named WTR000000, and Synexus Pretreatment license databases are always named PRE000000, where the zeroes represent your unique, six-digit account number.

If you have not created the license database or a user database, please do so before continuing.

10. User databases can have any name acceptable by SQL. Make a note of the name of the user database.

11. In the Login – New window, select User Mapping from the top-left pane. 

12. In the mapping page, you will see two panes. The top pane is a list of all databases in the SQL instance, including the AllMax user databases, AllMax license databases, some databases related to the functioning of SQL, and any other databases. The bottom pane has a list of checkboxes with each relating to a ‘role’ in the database selected in the top pane. 

13. Select the license database from the top pane by checking the checkbox next to it.

14. In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below:

15. Next, select the user database you have created from the list in the top pane of the User Mapping window. 

16. In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below:

17. Now that the database roles for the user group have been mapped to the license database, and to each of the user databases to which the group needs access, you may press the OK button to apply the mappings. 

The user group now has access to SQL, and to the Operator10 or Synexus license database, and each user database. Next up will be adding the users in the group to the Operator10 or Synexus User Security section in the Operator10 or Synexus application(s) and then setting their respective role, which will require being logged in to Windows as a user that has the DB Admin role in Operator10 or Synexus.

18. Open Operator10 or Synexus, and click the File tab at the top of the main application window. The Application Information section will be displayed.

19. Select Security from the left-hand side of the application window. The User Security window will be displayed.

20. In the User Security window, click the blue add symbol/Add User button as in the image below:

21. You will now see the DB User window.

22. The only required field is User Name, and it is not generally recommended to set a Password since each user already logs in to Windows with a unique username and password, which is the same username and password used by Operator10 or Synexus to authenticate the user against SQL. Enter the domain username for the user, then press the TAB key on your keyboard to enable the Save button in the top-right area of the DB User window. Click Save to add the new DB User, and you will be returned to the User Security window.

23. Now that a user has been added, we will configure Security Settings for overall access to the administrator-level sections and features of the application. On the right-hand side of the User Security window under Security Settings, choose the user's level of access or permission for Audit Trail, Backup, Dashboard, Database Admin, and User Security.

24. Next, we will configure Facility-level permissions and access for the new user. Select the Facilities tab of the User Security window.

25. Select the blue plus sign to add a user to an existing Facility as in the image below. The User Security window will be displayed.

26. First, select the Facility to which the user will be added by clicking the button in the Facility Name field, and selecting the Facility from the Facility window that is displayed.

27. Click the button in the User Name field and select the user from the DB User window.

28. Click the button in the Group field to select an appropriate group for the new user.

29. Once all fields have been filled, select the Save button to add the user to the Facility.

30. On the Facility tab of the User Security window, select the user to see the Facility-level Security Settings applied to the group the user now belongs to.

31. The Operator10 or Synexus application can now be installed on the user's PC, and connected to the SQL instance hosting the Operator10 or Synexus license database.

 

Adding Operator10 and Synexus Users in a Workgroup Environment

Operator10 and Synexus is primarily designed to run in a Domain environment, and authenticates users against SQL Server using their Domain username and password. In the absence of a Domain, a workaround needs to be implemented so that users can still be authenticated against SQL Server. In summary, each user will need to have a local account created on the server, and then that local account will be granted a login in the SQL instance. The local account created on the server must have the EXACT same username and password as the user's username and password that they use to login to Windows on their client PC and access Operator10 and Synexus. If the user is currently using a PIN, or bio-metrics to login to Windows, they will need to switch to an account type that uses a username and password in order to run Operator10 and Synexus and authenticate against the SQL Server instance.

1. From the user's PC that they will use to run Operator10 or Synexus, collect the exact username and password used by the user to login to Windows. If they use a PIN, or bio-metrics to login to Windows, see the above note.

2. On the server, run the lusrmgr application by pressing windows key + R, and entering 'lusrmgr.msc' without the quotes, and then pressing the OK button from the Run dialog. See the screenshot below:

3. Once the lusrmgr application has started, you will see a folder in the farthest-left pane labeled Users. Right-click the Users folder, and select New User. The New User window will open. 

4. In the User name field, enter the username collected in step 1 of this section. Ensure that it is exactly the same as the username used by the user to login to their PC.

5. In the Password and Confirm Password fields, enter the password collected in step 1 of this section. Ensure that it is exactly the same as the password used by the user to login to their PC.

6. Configure the check boxes as in this screenshot, and press the Create button:

7. Repeat steps 1 - 6 for each user.

In the Workgroup scenario, any time the user's password changes on the PC they use to login to Windows and run Operator10 or Synexus, the password for the local account created for that user on the server must have the password changed to match it exactly.

At this stage, the local accounts on the server have been created.

Next up, we will grant those local accounts a login to the SQL instance, and then map roles for each SQL login to the necessary databases so that the Operator10 or Synexus application can connect to the SQL instance, and will have the correct roles for each database the user must access.

8. Open Microsoft SQL Server Management Studio, and connect to the SQL instance storing the Operator10 or Synexus license database, and the Operator10 or Synexus user databases.

9. From the Object Explorer pane on the left, expand the Security folder, then expand the Logins folder as in the image below.

10. Click the Search… button on the right-hand side of the Login-New window. The Select Users or Group window will open.

11. Select the Object Types… button, and ensure that the Users checkbox is checked, then select OK to close the Object Types window. Click the Locations… button, and ensure that the local computer is displayed.

12. In the field labeled “Enter the object name to select”, enter the name of the User. 

13.  Click the Check Names button, and if the item was found, click the OK button. If it was not found, you will be presented with a window informing you that the item was not found. In the case it was not found, ensure that the correct Location and Object Types are selected, and that the user name was spelled correctly. 

14.  Once the OK button is clicked in step 7, the login name will be displayed in the Login – New window from step 3. 

 The next steps involve “mapping” the logins we created to the databases they’ll need access to. Mapping simply means setting the level of permissions or role each group requires to each database. Adding the user group has already given them access to the SQL instance so that they can connect to it via Operator10 or Synexus, mapping gives them roles/permissions to the actual databases on a per-database level.

AllMax Software creates a license database, and the actual “production”, or user database, and each group needs to be mapped to each one they need access to. For example: a client purchases Operator10 or Synexus, configures SQL for use with AllMax Software products, then installs Operator10 or Synexus and creates a new license (license database), and a new Operator10 or Synexus (production/user) database.

For users to open and use Operator10 or Synexus, their SQL login will need mapped to the license database, and each user database they will work in, since we can add many user databases, but there will only ever be one license database per product. 

15. At this stage, you should have a license database, and at least one user database. Operator10 Wastewater license databases are always named WAS000000, Operator10 Water license databases are always named WTR000000, and Synexus Pretreatment license databases are always named PRE000000, where the zeroes represent your unique, six-digit account number.

16. User databases can have any name acceptable by SQL. Make a note of the name of the user database.

17. In the Login – New window, select User Mapping from the top-left pane. 

18. In the mapping page, you will see two panes. The top pane is a list of all databases in the SQL instance, including the AllMax user databases, AllMax license databases, some databases related to the functioning of SQL, and any other databases. The bottom pane has a list of checkboxes with each relating to a ‘role’ in the database selected in the top pane. 

19. Select the license database from the top pane by checking the checkbox next to it.

20. In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below:

21.  Next, select the user database you have created/restored from the list in the top pane of the User Mapping window. 

22. Next, select the user database you have created from the list in the top pane of the User Mapping window. 

23.  In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below:

24. Now that the database roles for the user group have been mapped to the license database, and to each of the user databases to which the group needs access, you may press the OK button to apply the mappings. Repeat steps 12 - 24 of this section for each user.

The user now has access to SQL, and to the Operator10 or Synexus license database, and each user database. Next up will be adding the users to the Operator10 or Synexus User Security section and then setting their respective role, which will require being logged in to Windows as a user that has the User Security permission for the given database in Operator10 or Synexus. 

25. Open Operator10 or Synexus, and click the File tab at the top of the main application window. The Application Information section will be displayed.

26. Select Security from the left-hand side of the application window. The User Security window will be displayed.

27. In the User Security window, click the blue add symbol/Add User button as in the image below:

28. You will now see the DB User window.

29. The only required field is User Name, and it is not generally recommended to set a Password since each user already logs in to Windows with a unique username and password, which is the same username and password used by Operator10 or Synexus to authenticate the user against SQL. Enter the domain username for the user, then press the TAB key on your keyboard to enable the Save button in the top-right area of the DB User window. Click Save to add the new DB User, and you will be returned to the User Security window.

30. Now that a user has been added, we will configure Security Settings for overall access to the administrator-level sections and features of the application. On the right-hand side of the User Security window under Security Settings, choose the user's level of access or permission for Audit Trail, Backup, Dashboard, Database Admin, and User Security.

31. Next, we will configure Facility-level permissions and access for the new user. Select the Facilities tab of the User Security window.

32. Select the blue plus sign to add a user to an existing Facility as in the image below. The User Security window will be displayed.

33. First, select the Facility to which the user will be added by clicking the button in the Facility Name field, and selecting the Facility from the Facility window that is displayed.

34. Click the button in the User Name field and select the user from the DB User window.

35. Click the button in the Group field to select an appropriate group for the new user.

36. Once all fields have been filled, select the Save button to add the user to the Facility.

37. On the Facility tab of the User Security window, select the user to see the Facility-level Security Settings applied to the group the user now belongs to.

38. The Operator10 or Synexus application can now be installed on the user's PC, and connected to the SQL instance hosting the Operator10 or Synexus license database.