SPEC 5971 - D24 Security/Admin - Phase II
Date Released: Sept 2019
Modules: Decor 24, Navigator FM
Description:Adds additional settings to the user security added via spec 5449.
New Fields Added to the User Settings (D24 2)
New Option to Force Password Reset on User Settings (D24 2)
New Password Settings in the Global Settings (D24 1)
Global Settings for Deleting and Disabling Users
Updates to Navigator FM file Nav-Online Account Request
New Fields Added to the User Settings (D24 2)
The new fields are accessed by pressing F9 - View.
The following fields were added:
- Creation Date - For existing users this setting is set to the last accessed date.
- Days Since Creation - Update the D24 NJs process to update this field by calculating Creation Date to current date. If the Last Accessed Date is 0 the Creation Date is set to the to current date.
- Disabled Date - When a new user is created this date gets set to 00/00/00. This date is updated if the user becomes disabled.
- Last Password Change Date - The user profile maintenance option updates this field to current date when the user changes their password.
- Days Since Last Password Change - Update the D24 NJs process to update this field by calculating days from Last Password Change Date to current date.
- Password Expired Flag - This flag is set to Y when an admin uses the new option to force password reset.
New Option to Force Password Reset on User Settings (D24 2)
The new option is P= Expire Password.
When P is entered into a user Opt field the following message is displayed.
If Yes is entered into the field Enter YES to expire the password, a Yes is also entered in the Password Expired Setting on the main User Settings screen.
Presentation Settings (D24 3)
Screen 24 contains settings for login and new user screens.
Screen 25 of the Presentation Settings contains options pertaining to Expired Passwords.
- The email sent to the email address in D24 2 for the user having the password expired.
- If the settings are blank, the defaults of Subject: Expired D24 password and Body: Your D24 account password has expired are used.
New Password Settings in the Global Settings (D24 1)
The new settings are found on screen 10.
- REGEX user ID validation - Regular Expression (REGEX) passwords use a sequence of characters that define a search pattern.
- REGEX: (?=.*[0-9]+.*)(?=.*[A-Z]+.*)[0-9A-Z]{6,}$
- Must contain at least one number ...[0-9]
- at least one uppercase letter ...[A-Z]
- consist only of uppercase letters and numbers ...[0-9A-Z]
- be longer than 6 charaters ...{6,}
- Matches: A1B2C3 | ABCDEFG123 | 12345A
- Non-matches: abcdefghij | 1234567890
- REGEX: ^(?=[^\d_].*?\d)\w(\w|[!@#$%]){7,20}
- Must be 8 to 20 alphanumeric characters {7,20}
- select special characters: ...!@#$% [!@#$%])
- Can not start with a digit, underscore or special character but must contain at least one digit...[^\d_].*?\d)\w
The following examples show how the REGEX code is used. The part of the exmple REGEX statement that pertains to the parameter is shown in italics.
Example 1
Example 2
Global Settings for Deleting and Disabling Users
Screen 11 contains several settings for Deleting and Disabling Users.
The recently added settings are:
-
Disable user IDs that have never used and are older than
-
Disable used user IDs that are inactive
-
Disable user IDs with expired passwords - If the password is expired the D24 Login screen displays the message Account disabled by expired password. The message can be changed via the presentation settings.
-
Disable users with too many failed login attempts - this setting is checked when the user hits too many attempts. The email can be customized via settings on screen 24 of the Presentation Settings.
- On the Decor 24 Login screen:
If the user enters a correct password set the Failed Login Attempts to 0.
If the user enters an invalid password add 1 to Failed Login Attempts.
If Failed Login Attempts is 1 less than the Disable users with too many failed login attempts setting the warning Account will be disabled on the next failed login attempt is displayed.
If failed login attempts = this setting the account is disabled. The active flag for the user to is set to N and the disabled date is set to current date. An email is sent to the admin email address.
- On the Decor 24 Login screen:
-
Expiration interval to expire passwords
Interval to lockout a user after last password reset - Night Jobs checks this setting. If greater than zero (>0) check to see if the current date > last password change date + set days. If true: the D24 user record is set to N.
Delete users that have been disabled for more than - An email is sent to the email shown on the screen. The user's active status is set to N. The email can be customized via settings on screen 24 of the Presentation Settings.
-
Send email when a user’s password is force expired - this setting is checked to determine whether or not to send an email. The To email address is the address set in the D24 user record. The email can be customized via settings on screen 24 of the Presentation Settings.
-
Send email when a user’s password is going to expire soon - The To email address is the address set in the D24 user record. Screen 25 of the Presentation Settings is checked for the title and body of the email. If the settings are blank, the default title is D24 password expiring and the default body is Your D24 will expire in X days.
Updates to Navigator FM file Nav-Online Account Request
The following updates were made to the Navigator FM Nav Online Account Request
- Copy Settings From - The default for this setting was changed to None. If the Copy Settings From setting is left at None:
A new D24 User record is created with ONLY the selected parameters.
All the other fields remain blank/empty so that the forward D24 User logic pick up the Global Settings.
- Send Email - The Send Email option was added to let the user choose whether or not to send an email when the approval status is updated. Prior to the addition of this setting an email was sent automatically when the approval status was updated.
- The default is Yes.
-
Duplicate Request - This option can be used when someone tries to register for an account twice. It allows you to tag the record as a duplicate request. The account is not created and no email is sent.
-
When a new user is approved the D24 record is created:
- The Creation Date is set to the current date
- The Disabled Date is set to 00/00/00
- The Last Password Change Date is set to the to current date
- Failed Login Attempts is set to 0.