Hi Everyone,
Has anyone ever told you that SuperUser is the only user that can access the ADempiere or iDempiere Server Management Page to view logs or manage services? Does everyone in your IT team use the SuperUser / System Admininstrator username/role for making changes to the application dictionary? Probably so, and this is bad! This seems to be a common issue and misconception in the community.
Sharing the same username means that application dictionary changes go untracked and unaccountable. Giving out the same SuperUser password, means changing the password everytime there is employee turnover, and it means you cannot give someone temporary access to the System Administrator role.
The purpose of this post is to offer best practices when it comes to managing users and application dictionary changes.
My recommendation is to create two users for your IT team – one for business purposes and one for IT purposes. Make the usernames are the same for each person and change the passwords by a few characters.
- The first user will be your business user. This user will have role names like GardenWord Admin or YourCompany Admin. The client (AD_Client) for this user will be the same client as all of your orders, invoices, etc…
- The second user will be your IT user. This user will probably have only one role named ‘System Administrator’. The Client for this user will be ‘System’. This user will probably be created by SuperUser logged in as the System Administrator role.
Here is an example:
Business User: Name=”Chuck Boecking”, Role=”GardenWorld Admin”, Password=”sillywilly5″, Client=”GardenWorld”
IT User: Name=”Chuck Boecking”, Role=”System Administrator”, Password=”sillywilly!!”, Client=”System”
Notice the passwords and clients are different; however, the names are the exact same.
After completing the above steps:
- Any given IT person can now use the same username on both sides of the system (business admin and system admin – depending on what password you enter). All Table and Column and Window, Tab and Field changes will now be tracked to the originator.
- Any given IT person can access the ADempiere iDempiere Server Monitor (also known as the ADempiere iDempiere Server management) using their own username/password instead of sharing the SuperUser name.
By default, only people with the System Administrator role can access the Server Management/Monitor page. To change this behavior, change the method named: MUser.isAdministrator() to include other roles.
I hope this helps!! Please be quick to provide feedback if I can make this post better.
ADempiere vs iDempiere vs Openbravo vs Compiere
Please note that ADempiere, iDempiere and Openbravo are forks or copies from Compiere. Therefore, they have similar abilities mentioned above. The biggest difference is that ADempiere and iDempiere are pure open source. There are no features held behind a commercial or paid license.
About Chuck Boecking: I am an ERP educator. I believe that open source ERP have achieved mainstream capabilities, and as a result, more companies can create greater efficiency across their organization. I started using the iDempiere code base in 2003. Back then, it was called Compiere. In 2006, I started my first multi-million dollar installation. Since then, ADempiere has helped me create great success with distribution and manufacturing companies all over the world. My vision of success is to find companies that can best use open source ERP to help them achieve a single, global instance that drives a discontinuous increase in profitability. I believe that organizations win when they own their technology.
If you have questions, comments or concerns, let me know. I definitely want your feedback.
You can contact me by phone using 512.850.6068.
My email is chuck@chuboe.com.
You can complete the form on this page.
Thank you for taking the time. I look forward to speaking with you.
Regards,
Chuck Boecking
http://www.linkedin.com/pub/chuck-boecking/10/970/17b