Users
The Users screen is the central administration interface for managing user accounts in Commander4j. It is accessible to administrators from the System menu.
User Account States
A user account can be in any combination of the following states, all of which affect whether the user can log in:
| State | Description |
|---|---|
| Enabled | The account is active. If set to No, the user cannot log in regardless of any other setting. |
| Locked | The account has been locked, either manually or automatically after too many failed login attempts. Can be configured to unlock automatically after a set number of minutes, or require manual administrator intervention. |
| Expired | The account has passed its expiry date. Only applies when Account Expires is enabled for that user. |
| Password expired | The user's password has not been changed within the configured expiry period. |
| Password change required | The administrator has flagged that the user must change their password at next login. |
User Properties
Each user account has the following properties:
| Field | Description |
|---|---|
| User ID | Unique identifier, stored in uppercase. Cannot be changed after creation (use Rename instead). |
| Description | Free-text comment identifying the user (up to 40 characters). |
| Email Address | Used for notifications. |
| Language | The default UI language for this user (English, French, German, and others). |
| Account Enabled | Set to No to disable login without deleting the account. |
| Account Locked | Locks the account. Normally set automatically after exceeding the maximum bad password attempts. |
| Account Expires | When enabled, the account will be rejected after the Account Expiry Date. |
| Password Expires | When enabled, the user must change their password after the configured number of days. |
| Password Change Allowed | Controls whether the user can change their own password. |
| Password Change Required | Forces the user to change their password at next login. |
| Last Logon | Read-only. The timestamp of the user's most recent successful login. |
| Last Password Change | Read-only. When the password was last changed. |
| Bad Password Attempts | Read-only. Count of consecutive failed login attempts since last success. |
Password Policy
Password rules are configured globally through System Keys and apply to all users:
| Setting | Default | Description |
|---|---|---|
| Minimum length | 6 | Shortest permitted password |
| Maximum length | 20 | Longest permitted password |
| Complexity | Off | When enabled, requires minimum numbers of uppercase letters, lowercase letters, and special characters |
| History | 5 | Number of previous passwords remembered to prevent reuse |
| Expiry days | 90 | Days before a password must be changed (when Password Expires is enabled) |
| Max bad attempts | 5 | Failed logins before account is locked |
| Auto unlock | 0 | Minutes before a locked account is unlocked automatically (0 = manual only) |
Passwords cannot contain the user's own User ID, and cannot match any password within the history limit.
Managing Users
From the User Admin list, the following actions are available:
| Action | Description |
|---|---|
| Add | Creates a new user account with an initial password. |
| Edit | Opens the user properties dialog for the selected user. |
| Delete | Removes the user account. The currently logged-in user and the system INTERFACE account cannot be deleted. |
| Copy | Duplicates an existing user, including their group memberships. |
| Rename | Changes a user's ID to a new value. |
| Lock / Unlock | Manually locks or unlocks the selected account. |
| Permissions | Opens the Permissions screen to assign the user to Groups. |
The list can be exported to Excel or printed in User ID or Last Logon order.
Audit Trail
All user management actions (create, delete, lock, unlock, enable, disable, password change, group assignment) are recorded in the audit log, including the administrator who performed the action and a timestamp.
Security Model
A user's access to application screens and reports is determined entirely by group membership. A user with no group assignments can log in but cannot access any module. See Permissions and Groups for details.
See also: Logon, Groups, Permissions, System Keys, Default Username & Password