Selecting Users → View Users on the menu or the View Users item on the side panel brings up the following panel. This form contains several filters for searching the internal database for existing users.
Currently connected to SAKA |
The URL of the SAKA to which DACTool is currently connected. |
Currently connected to Domain |
The unique identifier of the encryption domain to which DACTool is currently connected. |
Retrieve which groups of users? |
Specifies the filters on which to search the internal SAKA database.
|
Cancel |
Cancels the operation and returns to the Home panel. |
Retrieve |
Disabled by default, but if an appropriate radio button is selected (and text-fields are filled in where necessary), this button becomes enabled. When selected, it submits the query to SAKA to retrieve the users, if any are found. |
Clicking Retrieve results in a list similar to the following figure. A description of the fields follows.
# |
Serial number of the record. |
Username |
Name of the user in alphabetical order. |
Encrypt? |
A green check mark indicates that the user is authorized to request encryption web services from SAKA; a blank in this column indicates that the user does not have this privilege. |
Decrypt? |
A green check mark indicates that the user is authorized to request decryption web services from SAKA; a blank in this column indicates that the user does not have this privilege. |
Delete? |
A green check mark indicates that the user is authorized to request deletion web services from SAKA; a blank in this column indicates that the user does not have this privilege. |
Relay? |
A green check mark indicates that the user is authorized to request relay web services from SAKA; a blank in this column indicates that the user does not have this privilege. |
Search? |
A green check mark indicates that the user is authorized to request search web services from SAKA; a blank in this column indicates that the user does not have this privilege. |
KMO? |
A green check mark indicates that the user is authorize to request web services which require KMO privileges from the SAKA; a blank in this column indicates that the user does not have this privilege. |
KMA? |
A green check mark indicates that the user is authorize to request web services which require KMA privileges from the SAKA; a blank in this column indicates that the user does not have this privilege. |
KMC? |
A green check mark indicates that the user is authorize to request web services which require KMC privileges from the SAKA; a blank in this column indicates that the user does not have this privilege. |
Administrator? |
A yellow check mark indicates that the user is a Domain Administrator, authorized to administer this SED; a blank in this column indicates that the user does not have this privilege. |
HMAC Key |
Every user's password is processed with a symmetric encryption key to create a hashed message authentication code (HMAC). This is a one-way cryptographic operation that cannot be reversed, but can be verified with the same password, key, and algorithm. This column indicates which specific key was used by SAKA to generate the user's HMAC. |
Edit |
Opens a dialog to edit user information. |
Delete |
Deletes a user's record. |
Cancel |
Cancels and returns to the Home panel. |
The only exception to the display format shown above is if a Specific User is chosen. Since DACTool knows only one user will result, it opens the View/Edit user information dialog, as shown here:
Using this form, the password and encryption/decryption/deletion privileges of this user may be changed.
To change a user's password, just delete the obfuscated characters from the two fields and type the new password—using at least one alphabet character, one numeral, one special character, and a minimum of 8 characters.
The behavior of these fields is identical to that described in Changing DA Passwords.
NOTE: It is not possible to change the privileges of administrator1 from this panel. Only his/her password can be changed by another DA. If a DA's password is changed on this screen, the DA must also change the password on their BCFKS keystore to match the password in the internal database.
When a list of users are displayed in the table in DACTool, selecting a user—except administrator1—enables the Edit and Delete buttons. Clicking Edit opens a dialog as if Specific User had been chosen. If the user is a DA, you can take away their administration privileges. However, you cannot give someone DA privileges on this panel; you must add them as a new user with DA privileges.