EM: Security > Users

Description

In BBj 19.20 and higher, the Users provides a control panel for creating, editing, and managing user authentication credentials and system-level privileges within Enterprise Manager. Administrators can define individual user properties, such as username, email, and display name while assigning granular permissions across core EM operations including replication, SQL session management, password policies, and trigger configuration. Permission flags are applied through a dynamic checklist interface, and user entries can be grouped using predefined security roles to enforce consistent access control policies across distributed environments.

Location

EM Navigator → Security → Users

Toolbar

Button	Function
	Adds a new entry and opens new application.
	It sets user password.
	Removes/deletes selected application(s) or files from the system.
	Refreshes the displayed list of applications and their status.

New User Dialog

To access the New User Dialog, click the icon, and the dialog prompts administrators to define a new user account by specifying a unique case-sensitive username and a secure password, which must be re-entered for confirmation. It enforces direct input validation and secure credential setup during account creation. The interface defaults to the admin account in the user list column unless additional users are defined.

Settings	Description
User Name	Specifies the case-sensitive identifier for the new user, used as the unique key for login and permission control within Enterprise Manager.
Password	Accepts a secure, case-sensitive password string required to authenticate the user during login and associate credentials with the defined username.
Confirmed Password	Ensures the re-entered password exactly matches the initial entry to complete account creation and prevent credential mismatch.

User Profile Details

The User Profile Details section defines core identity fields: email, first name, and last name, associated with the selected user account. These values enable administrative identification and system mapping, while the static Username field reflects the currently selected account in the user list.

Settings	Description
Username	Serves as the immutable identifier for the selected user account and cannot be modified once the user is created.
Email	Serves as the primary contact field associated with the user account, supporting notification delivery and user identity mapping within the Enterprise Manager.
First Name	Accepts the given name associated with the user account for identification in system logs, audit records, and user-facing interfaces.
Last Name	Defines the user’s Last Name for account identification, record association, and administrative referencing across Enterprise Manager.

System Permissions List

The System Permissions List defines the scope of operational privileges assignable to each user or group, including administrative actions such as creating databases, managing BBj processes, configuring JDBC/ODBC connection pools, and enabling access to Enterprise Manager. Each permission is granted individually through an interactive checklist, ensuring granular control over system-level functionality.

Settings	Description
All/None	When unchecked, no individual system permissions are applied to the selected user or group. When checked, all available system permissions in the list are enabled simultaneously for rapid assignment.
Add Users	When unchecked, the user is restricted from creating new user accounts within Enterprise Manager. When checked, the user is granted permission to add new users through the Users panel interface.
Allow Enterprise Manager Access	When unchecked, the user cannot access the Enterprise Manager interface or perform any associated administrative tasks. When checked, access is granted, enabling the user to log in and interact with Enterprise Manager components according to their assigned permissions.
Asynchronous Trigger Jobs (View, Create, Modify)	When unchecked, the user is restricted from accessing, defining, or modifying asynchronous trigger job configurations within Enterprise Manager. When checked, the user is authorized to view existing asynchronous jobs and create or update job definitions that execute specified tasks based on trigger events.
Attach To Existing Database	When unchecked, the user is restricted from linking Enterprise Manager to existing BBjServices-managed databases. When checked, the user gains the ability to attach pre-existing databases through the Enterprise Manager interface for administrative access and configuration.
Audit Jobs (View, Create, Modify)	When unchecked, the user cannot access or manage audit jobs within the Enterprise Manager. When checked, the user is authorized to view, create, and modify audit jobs within the Enterprise Manager.
BBj Processes (View, Terminate)	When unchecked, the user is restricted from viewing or terminating BBj processes running in the Enterprise Manager environment. When checked, the user gains permission to monitor active BBj processes and initiate termination actions through the BBj Process Control interface.
Create New Database	When unchecked, the user cannot access the interface or actions required to define and register new BBj database configurations within Enterprise Manager. When checked, the user is granted explicit permission to initiate the creation process for new databases, enabling interaction with configuration fields such as name, port, data location, and other initialization settings.
Document Indexes	When unchecked, the user is restricted from performing any operations involving index documentation within the Enterprise Manager interface. When checked, the user is granted access to view, create, and manage document index definitions used in Enterprise Manager's data indexing and retrieval operations.
Email Services	When unchecked, the user cannot configure, initiate, or manage email-based notification services within Enterprise Manager. When checked, the user gains access to create, modify, and manage outbound email functionality for system events and alerts.
JDBC/ODBC Connection Pools (Create, View, Modify)	When unchecked, the user cannot access the JDBC/ODBC Connection Pools configuration panel, and is restricted from viewing, creating, or modifying any JDBC or ODBC connection pool definitions within the Enterprise Manager environment. When checked, the user is granted full access to the JDBC/ODBC Connection Pools section, including the ability to view existing pool configurations, create new pools, and modify or update connection parameters for database integration via JDBC and ODBC.
Online Copy Jobs (Create, View, Modify)	When unchecked, the user is restricted from accessing, initiating, or modifying any Online Copy Jobs within the Enterprise Manager environment. When checked, the user is granted permission to create, view, and modify Online Copy Jobs, enabling asynchronous data duplication tasks across configured BBj databases.
Open Files (View ONLY)	When unchecked, the user cannot access the Open Files interface in Enterprise Manager and is restricted from viewing file lock details or file usage sessions. When checked, the user gains view-only access to currently open files, including filename, user, session ID, and lock information, but cannot perform actions such as unlocking or modifying files.
Open Files (View, Force Close)	When unchecked, the user is restricted from accessing the Open Files interface and cannot view or forcibly close any active file handles managed by the BBjServices server. When checked, the user is authorized to view a list of open files across the system and forcibly close any of those file handles through Enterprise Manager, which is a high-level administrative action typically used for terminating locked or hung resources.
Remove A Database	When unchecked, the user is restricted from removing any registered SQL database entries within Enterprise Manager. The Remove option is disabled in the Databases panel, ensuring no accidental or unauthorized deletions occur. When checked, the user is permitted to delete existing database configurations from the system. This action unregisters the database from Enterprise Manager, but does not delete the physical database files from disk.
Remove Users	When unchecked, the current user lacks permission to delete existing user accounts from the Enterprise Manager system. The Remove operation remains disabled in the user management interface. When checked, the current user gains permission to permanently delete user accounts via the Users panel in the EM interface, subject to system constraints and authentication requirements.
Replication Jobs (View, Create, Modify)	When unchecked, the user cannot access the Replication Jobs interface or view, create, or modify any replication jobs within the Enterprise Manager. When checked, the user is granted permission to access and interact with the Replication Jobs interface, allowing them to view existing replication jobs, create new ones, and modify configuration settings for replication tasks.
SQL Connections (View, Terminate)	When unchecked, access to view or terminate active SQL Connections through the Enterprise Manager interface is restricted for the associated user or role. When checked, permission is granted to monitor all active SQL Connections and forcefully terminate them if necessary.
Scheduling Jobs (View, Create, Modify)	When unchecked, access to view, create, or modify job scheduling configurations is restricted. The user cannot interact with the scheduling interface in the Enterprise Manager, including the creation of new job entries or editing existing schedules. When checked, grants full access to the Job Scheduling interface, enabling the user to create new scheduled jobs, view job details, and modify job properties within the BBj Services environment through the EM interface.
Server Configuration	When unchecked, access to the Server Configuration panel is denied. The user cannot view or modify any server-related settings such as BBj services, server ports, memory settings, or security configurations. All interactive elements on this page remain inaccessible. When checked, grants full access to the Server Configuration section. The user is permitted to view and modify server-level settings, including network configurations, JVM memory parameters, server logging, and BBj Services.
Set Passwords	When unchecked, prevents the user from modifying or assigning passwords for any user accounts through the Enterprise Manager interface. Access to the password-setting functionality in the Users panel is disabled. When checked, grants the user explicit permission to set or change passwords for existing user accounts via the Users management section of Enterprise Manager.
Set System Permissions	When unchecked, access to assign, modify, or revoke system-level permissions for Enterprise Manager users is disabled. The user cannot configure or manage role-based access controls or permission group settings. When checked, grants the ability to assign and manage system permissions, including editing permission group mappings, controlling feature-level access, and configuring user roles in Enterprise Manager.
Table Analysis Queue (View, Terminate)	When unchecked, access to view or terminate table analysis queue jobs is restricted in Enterprise Manager, preventing the user from monitoring or interrupting any ongoing table analysis operations. When checked, enables the user to view the status of active and queued table analysis jobs and terminate them as needed for performance or administrative control.
Triggers(Create, View, Modify)	When unchecked, prevents access to all trigger-related functions in the Enterprise Manager. The user cannot view existing triggers, create new ones, or modify any trigger configurations associated with database tables or events. When checked, grants permission to access the Triggers section. The user can view existing trigger definitions, create new triggers to automate specific database behaviors, and modify current trigger settings, including execution timing and event conditions.
View Metrics Results	When unchecked, access to the Metrics Results section in Enterprise Manager is restricted. The user cannot open or view any collected metrics data, including historical performance summaries or diagnostic reports generated by the Metrics Engine. When checked, grants permission to open and review metrics output, including system health indicators, query performance metrics, and resource usage analytics. This access is strictly read-only and does not include any options to modify metrics definitions or collection behavior.

Security Group Memberships

Defines the administrative access scope by assigning the user to one or more security groups configured within the Enterprise Manager. Group membership determines the user's permissions across EM-managed tasks, including database operations, system configuration, and job control. Membership in AdminGroups enables elevated privileges managed by system policy.

setting	Description
AdminGroups	When unchecked, the user is excluded from all administrative group roles and cannot perform system-level administrative tasks. When checked, the user is granted membership in one or more AdminGroups, enabling elevated permissions tied to those specific group definitions, such as system configuration, security management, or resource control.