Product Documentation

    Selecting Users → View Users on the menu or the View Users item on the side panel brings up the following panel. This form contains several filters for searching the internal database for existing users.

    Currently connected to SAKA

    The URL of the SAKA to which DACTool is currently connected.

    Currently connected to Domain

    The unique identifier of the encryption domain to which DACTool is currently connected.

    Retrieve which groups of users?

    Specifies the filters on which to search the internal SAKA database.

    • All Users (including Administrators)

    • Administrators Only

    • Users authorized for Encryption

    • Users authorized for Decryption

    • Users authorized for Deletion

    • Users authorized for Search

    • Users authorized for Encryption and Decryption

    • Users authorized for Encryption, Decryption, and Deletion

    • Users authorized for Encryption, Decryption, Deletion, and Search

    • Users not authorized for any operation: Useful to search for sers who might not need to be in the internal database

    • Specific User: Search for a specific username—the text field next to the radio button becomes enabled when it is selected. The username must match exactly for this choice to work.

    • Like Username: Specify SQL-like queries where only part of the username is provided with a % symbol as a wild card for matches. For example, search for jo% would result in successful matches for john, joe, jonas, jo-ellen, etc. It is also possible to specify the wild card in the middle or towards the end of the search parameter. The text field next to this radio button becomes enabled when it is selected.

    Cancel

    Cancels the operation and returns to the Home panel.

    Retrieve

    Disabled by default, but if an appropriate radio button is selected (and text-fields are filled in where necessary), this button becomes enabled. When selected, it submits the query to SAKA to retrieve the users, if any are found.

    Clicking Retrieve results in a list similar to the following figure. A description of the fields follows.

    #

    Serial number of the record.

    Username

    Name of the user in alphabetical order.

    Encrypt?

    A green check mark indicates that the user is authorized to request encryption web services from SAKA; a blank in this column indicates that the user does not have this privilege.

    Decrypt?

    A green check mark indicates that the user is authorized to request decryption web services from SAKA; a blank in this column indicates that the user does not have this privilege.

    Delete?

    A green check mark indicates that the user is authorized to request deletion web services from SAKA; a blank in this column indicates that the user does not have this privilege.

    Relay?

    A green check mark indicates that the user is authorized to request relay web services from SAKA; a blank in this column indicates that the user does not have this privilege.

    Search?

    A green check mark indicates that the user is authorized to request search web services from SAKA; a blank in this column indicates that the user does not have this privilege.

    KMO?

    A green check mark indicates that the user is authorize to request web services which require KMO privileges from the SAKA; a blank in this column indicates that the user does not have this privilege.

    KMA?

    A green check mark indicates that the user is authorize to request web services which require KMA privileges from the SAKA; a blank in this column indicates that the user does not have this privilege.

    KMC?

    A green check mark indicates that the user is authorize to request web services which require KMC privileges from the SAKA; a blank in this column indicates that the user does not have this privilege.

    Administrator?

    A yellow check mark indicates that the user is a Domain Administrator, authorized to administer this SED; a blank in this column indicates that the user does not have this privilege.

    HMAC Key

    Every user's password is processed with a symmetric encryption key to create a hashed message authentication code (HMAC). This is a one-way cryptographic operation that cannot be reversed, but can be verified with the same password, key, and algorithm. This column indicates which specific key was used by SAKA to generate the user's HMAC.

    Edit

    Opens a dialog to edit user information.

    Delete

    Deletes a user's record.

    Cancel

    Cancels and returns to the Home panel.

    The only exception to the display format shown above is if a Specific User is chosen. Since DACTool knows only one user will result, it opens the View/Edit user information dialog, as shown here:

    Using this form, the password and encryption/decryption/deletion privileges of this user may be changed.

    To change a user's password, just delete the obfuscated characters from the two fields and type the new password—using at least one alphabet character, one numeral, one special character, and a minimum of 8 characters.

    The behavior of these fields is identical to that described in Changing DA Passwords.

    NOTE: It is not possible to change the privileges of administrator1 from this panel. Only his/her password can be changed by another DA. If a DA's password is changed on this screen, the DA must also change the password on their BCFKS keystore to match the password in the internal database.

    When a list of users are displayed in the table in DACTool, selecting a user—except administrator1—enables the Edit and Delete buttons. Clicking Edit opens a dialog as if Specific User had been chosen. If the user is a DA, you can take away their administration privileges. However, you cannot give someone DA privileges on this panel; you must add them as a new user with DA privileges.