Cleopatra Enterprise - Cost Engineering
Cleopatra Enterprise - Cost Engineering
Cleopatra Enterprise - Cost Engineering
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Cleopatra Enterprise
Administrator Training
Version : 3.5
Administrator Training
Agenda
> 9:00 - 9:16 Introduction
> 9:16 - 9:44 Configuration
> 9:44 - 10:30 Security overview
> 9:58 - 10:30 Security configuration
> 10:30 - 10:45 Break
> 10:45 - 11:45 Security configuration exercise
> 11:45 - 11:53 IT - Installation (optional)
> 11:53 - 11:57 IT - DBMS Configuration (optional)
> 11:57 - 12:00 IT - Backup and restore databases (optional)
> 12:00 Conclude
www.costengineering.eu
License
A license determines the amount of users that can (concurrently) use the different modules.
Modules
User
In Cleopatra you can specify which users have access. The permissions of a user are specified in
the following parts.
Roles
A role defines the function one or more user have within the system. Roles can be
assigned certain permissions. Permissions control the rights to perform certain actions.
Modules
ADMIN MODULES REPORTS PLUGINS
Workgroups
For a workgroup you can specify the permissions on a folder. A workgroup is a group
of users working on the same project.
Folder control
FOLDERS
Workflow
Document control
Workflow enables secure routing of documents. Users can only view or change
documents for which they have sufficient (workflow role) permissions.
Workflow Roles
STATES
TRANSITIONS
Table Of Contents
1 Configuration ____________________________________________________________ 1
1.1 Path settings 1
1.1.1 Shared / Personal configuration 2
1.2 User preferences 3
1.2.1 User preferences 3
1.2.2 How to make a user preferences template 6
1.2.3 Custom Languages 7
2 Security overview _________________________________________________________ 9
2.1 Quick reference 9
2.2 Licensing 10
2.2.1 How to import a license 10
2.2.2 Validate license 11
2.2.3 Concurrent users per module 13
2.3 The security model 14
3 Security configuration ____________________________________________________ 15
3.1 Users 15
3.1.1 How to create users 16
3.2 Roles 17
3.2.1 How to create roles 18
3.2.2 How to add users to roles 19
3.2.3 The tab Administrator rights 20
3.2.4 The tab Modules 22
3.2.5 The tab Plugins 23
3.2.6 The tab Reports 24
3.3 Workgroups 25
3.3.1 How to create 25
3.3.2 How to set security on folders 26
3.4 Workflow 28
3.4.1 workflow designer 28
3.4.2 How to create a new workflow 29
3.4.3 Workflow permissions 30
3.4.4 How to create a new workflow role 31
3.4.5 How to assign users to a workflow role 32
3.4.6 How to create a new workflow state 32
3.4.7 How to assign a role to a workflow state 33
3.4.8 How to create a new state transition 34
3.4.9 How to assign a role to a state transition 35
3.5 Security facts 36
4 Exercise ________________________________________________________________ 38
4.1.1 Introduction 38
4.1.2 How to setup user security 39
4.1.3 How to setup role security 43
4.1.4 How to setup role security for reports 49
4.1.5 How to setup workgroup security 53
4.1.6 How to create a workflow design 58
i
Administrator training
4.1.7 How to setup workflow roles (part 1) 61
4.1.8 How to setup workflow roles (part 2) 66
4.1.9 Conclusion 68
4.2 Security trouble shooting 69
4.2.1 How to resolve security problems 69
4.2.2 How to determine permissions 71
5 Installation ______________________________________________________________ 73
5.1 MS SQL server 73
5.1.1 Introduction 73
5.1.2 Encrypting connections to SQL server 73
5.1.3 Installing MS SQL server 74
5.1.4 Configuring MS SQL Server for Cleopatra Enterprise 75
5.1.5 Choosing an authentication mode 76
5.1.6 Opening a Port on the firewall 76
5.2 Cleopatra Enterprise 77
5.2.1 Downloading Cleopatra Enterprise 77
5.2.2 Installing Cleopatra Enterprise 78
5.2.3 Common installation issues 79
5.2.4 Remote access 80
5.2.5 How to prevent out-of-memory-errors 80
6 DBMS configuration ______________________________________________________ 82
6.1 Database server registration 82
6.1.1 How to create a database server registration 83
6.1.2 How to open a database server registration 84
6.1.3 How to create a database 85
6.1.4 How to create a database user 86
6.1.5 How to reset a database user password 87
6.2 Database connections 88
6.2.1 How to create a database connection 89
6.2.2 How to verify database connection 91
7 Backup and restore database ______________________________________________ 92
7.1 Backup 92
7.1.1 How to create a backup of a database 92
7.2 Restore 93
7.2.1 How to restore a database 93
7.3 Migrate 94
7.3.1 How to migrate your data 94
7.3.2 How to migrate shared database connections 95
7.3.3 How to migrate personal database connections 96
ii
Cleopatra Enterprise
www.costengineering.eu
Configuration
> Path settings
> Personal / shared configuration
> User preferences
> Custom languages
www.costengineering.eu
Security overview
> Quick reference
> License model
> Security model
www.costengineering.eu
Security configuration
> Users
> Roles
> Workgroups
> Workflow (optional)
www.costengineering.eu
Security configuration exercise
> Exercise
www.costengineering.eu
IT – Installation (optional)
> Setup
> MS SQL Server installation
> Cleopatra Enterprise installation
> Provided documentation
> Path settings
www.costengineering.eu
IT - DBMS Configuration (optional)
> Database server registration
> Create database
> Database users
> Database connections
www.costengineering.eu
IT - Backup and restore databases (optional)
> Backing-up database
> Restoring database
> Migrating database
www.costengineering.eu
Administrator training
1 Configuration
1.1 Path settings
A path setting defines the location where the configuration settings are stored. In Cleopatra Enterprise path
settings are defined for a "Shared configuration" as well as a "Personal configuration". For more information
on the difference between the two see "Shared / Personal configuration".
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Shared configuration => Path settings" or
Select "Personal configuration => Path settings".
The current configuration path is displayed.
Personal configuration settings are typically stored on the following location:
"C:\Documents and Settings\[user profile]\CleopatraEnterprise\" where [user profile] is the profile directory of
the current user.
Path settings for shared configuration can be modified as follows:
Select "Shared configuration => Path settings".
Press the "Change path" button.
A message appears explaining that Cleopatra Enterprise needs to be closed before the
configuration path can be changed
Press the "Yes" button.
The application is closed and the "Cleopatra Enterprise path configuration" dialog is
shown.
Press the browse ("...") button behind the "Configuration path" edit field.
Select the desired directory.
This path must be accessible for all Cleopatra Enterprise users that use the same
configuration and all these users should have access rights (Read and Write) to this
configuration directory.
Press the browse ("...") button behind the "Installation path" edit field.
Select the install directory of Cleopatra Enterprise.
Press the "OK" button.
Press "Yes" to restart Cleopatra Enterprise.
1
Administrator training
1.1.1 Shared / Personal configuration
Shared configuration
The "Shared configuration" directory is a directory which contains all configuration data for all users. All users
participating in the same Cleopatra Enterprise license should have access rights (Read and Write) to this
configuration directory. It is possible to configure this location within Cleopatra Enterprise.
Personal configuration
The "Personal configuration" directory is a directory which contains all configuration data (like user
preferences) specific for this user. This directory can not be configured instead it uses the user’s home
directory defined by the operating system.
Personal configuration settings are typically stored on the following location:
"C:\Documents and Settings\[user profile]\CleopatraEnterprise\" where [user profile] is the profile directory of
the current user but on a network this location can be different.
2
Configuration
1.2 User preferences
1.2.1 User preferences
With "User preferences" the system will remember certain choices and settings that users make, and offer
these as the default option next time.
Most user preferences will be explicitly set by the user, through the "My user preferences" section of the
configuration screen. Other preferences will be saved automatically such as the "Recently-used-documents
list" when a document is opened and the window position and size when a dialog is closed.
It could be desirable to use certain user preferences as a company standard e.g. the default currency, the
default language or the column layout of a document. See "How to make a user preferences template" and
"How to import a user preferences template" for more information.
User preferences in the configuration dialog
Currency The default currency for new document.
Date format Define the way dates are shown in Cleopatra Enterprise.
Default file The default folder when a file dialog is shown. If an empty path is used, the file dialog
folder will open in the default home folder.
Default login The default database connection and user name to use when logging in, so that only
a password has to be filled in. Optionally the "Login dialog" can be shown right after
Cleopatra Enterprise is started.
Document When creating a new document, often you want to use a template with standard
Template information filled in, such as company name or standard breakdown structures. The
Folder template folder gives quick access to the templates in the "New document Wizard".
Default The language to be used in Cleopatra Enterprise. Note that you can customize a
language language to use the terms you are familiar with. See "Custom languages".
Layout The default layout of the various windows in Cleopatra Enterprise. Using the "Load
last used layout" option, restore the windows to the same layout as the last time you
were logged into the same database. For more information, see "Layout".
Log file Enables a log file used for solving problems with Cleopatra Enterprise. It is best to
leave this option off unless asked for a log by the Cleopatra Enterprise help desk.
Number The format in which numbers are shown in Cleopatra Enterprise. The number
format formatting can also be used in reports.
Recently
used
documents
Document
column
preferences
Show the recently used documents on the welcome screen and the file menu. Clicking
on a recent document link will open the login dialog for the correct database and
automatically opens the document. For more information, see "Login with recent
document link".
The default columns to show when a estimate or knowledgebase is opened. These
preferences are also saved when a document is closed. For more information on how
to arrange columns when a document is opened, see "Add and remove properties".
Other user preferences
Dialog sizes Most dialogs will remember their position and size from the last time they were
opened.
Table Most tables (besides the document ones) also save which columns are visible, in what
columns order and their widths. For more information on how to arrange columns, see "Add
and remove properties".
Spare text
columns
Both a documents and components have spare text fields which can be customized to
add extra codes or information. By default these properties are not visible unless they
have been given a custom name. This preference can be changed on the "Object
inspector" properties tab.
3
Administrator training
Date format
You can design your own patterns to format dates and times from the list of symbols in the following table:
Symbol Meaning Presentation Example
G Era designator Text AD
y Year Number 96 or 1996
M Month in year Number and Text 07 and July
d Day in month Number 10
h Hour in AM/PM (1-12) Number 12
H Hour in day (0-23) Number 18
m Minute in hour Number 30
s Second in minute Number 55
S Millisecond Number 978
E Day in week Text Tue or Tuesday
D Day in year Number 189
F Day of week in month Number 2 (2nd Wed in July)
w Week in year Number 27
W Week in month Number 2
a AM/PM marker Text PM
k Hour in day (1-24) Number 24
K Hour in AM/PM (0-11) Number 0
z Time zone Text
Pacific Standard Time, PST or GMT-
08:00
' Escape for text Delimiter (none)
' Single quote Literal '
In some cases it is possible to repeat the symbol which will change the way the result will be displayed. The
following table summarizes these rules:
Presentation Number of Symbols Result Example Result
Text 1 - 3 Abbreviated form, if one E, EE or EEE Mon
exists.
Text >= 4 Full form. EEEE Monday
Number Minimum number of digits
is required
Shorter numbers are
padded with zeros (for a
year, if the count of 'y' is 2,
then the year is truncated
to 2 digits).
d
dd
y
yyyyy
Text & Number 1 - 2 Number form. M
MM
Text & Number 3 Text form. MMM
MMMM
Next follow some more examples:
Example Result
yyyy MM dd 2004 06 02
y MMMM d 04 June 2
E M d yyyy Wed Jun 2 2004
K:mm a
6:15 PM
HH:mm:ss:SSS 18:15:32:964
1
01
09
2009
1
01
Jan
January
4
Configuration
Number format
The number format can be split up into several formats, which format is used for a particular number
depends on it value. If a number falls in to a specified range, the format for that range is used. If a number
doesn't fit into any of the defined ranges, the default format is used.
Rounding The rounding determines how many decimal places are visible for a number or to
what multiple of ten the number should be rounded. For example, 150.7568 is
shown as 150.76 with two decimals, but as 200 when rounding to multiples of
hundred.
Engineering
notation
The engineering notation show large or small numbers with an exponential
notation where the exponent takes steps of three. For example, 1000 will be
shown as 1x10 3 , 1000000 as 1x10 6 and 0.0001 as 1x10 -3 .
5
Administrator training
1.2.2 How to make a user preferences template
It could be desirable to use certain user preferences as a company standard e.g. the default currency, the
default language or the column layout of a document. To make a user preference template, you'll need to do
the following:
Select "File => Configuration" from the main menu.
Select "My user preferences".
Configure the desired default user preference.
Select "Export user preferences".
The "Save" dialog appears.
Select a location to save the preferences template to.
Distribute this file to all the desired users.
Import the preferences template on the user's machine. See "How to import a user
preferences template" for more information.
6
Configuration
1.2.3 Custom Languages
The "Custom Languages" functionality is meant for users who have their own terminology for a certain
concept. For example, the term "cost" may be referred to as "price" in some organizations. Through the
control panel, users with sufficient permissions can supply their own values for the strings on most elements
(such as dialog titles, textbox labels, table headers etc). This can be done on a per-language basis. The
language overrides are stored in the system configuration directory on the network, so it is shared between
all Cleopatra Enterprise users within a company, rather than being per database.
Change resource strings
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Shared configuration".
Select "Custom languages".
Select the "Language" button on the toolbar and choose the desired language.
Select the word that needs to be changed from the "All keywords" list.
Enter the new description in the "Modified" field of the desired language(s) at the right.
Press the "Close" button.
The "Configuration" dialog is closed.
Filter or find resource strings
Follow steps 1 through 4 from "Change resource strings" above.
Select the "Terms" field in front of the "Search" button.
Enter the search or filter value.
Press the "Search" button.
Continue from step 5 of "Change resource strings" above.
7
Administrator training
Create new language:
Follow steps 1 through 3 from "Change resource strings" above.
Press the "New language" button.
Select the base language to use. If you do not translate a term, the base language
translation will be used.
Optionally select a region where this language is used. This setting can change how some
standard texts are translate.
Choose a flag to represent the new language.
Continue from step 5 of "Change resource strings" above to translate the terms of new
language.
You can export all terms with their current translations to a text file if you prefer you
translate them outside Cleopatra Enterprise.
8
Security overview
2 Security overview
2.1 Quick reference
9
Administrator training
2.2 Licensing
2.2.1 How to import a license
When starting Cleopatra Enterprise for the first time the "License wizard" will appear. You will need to import
the license file provided by Cost Engineering. If you did not receive a license file, please contact our sales
department. See "Contact" for more information.
When you need to replace an existing license (e.g. because you updated the number of users) you will need
to start the license wizard manually.
When replacing an existing license you will need to make sure nobody is logged in into a
database connection (including yourself) otherwise the "Import license" button will be
disabled.
Select "Help => License" from the main menu.
The "License" wizard appears.
Press the "Import license" button in the license wizard.
If you are already using a license a "Question" dialog appears.
Press the "Yes" button.
The "Open" dialog will appear.
Select the license file.
Press the "Open" button.
The "Open" dialog is closed.
Press the "Finish" button.
The "License" wizard is closed and the license will be imported.
10
Security overview
2.2.2 Validate license
When starting Cleopatra Enterprise for the first time the "License wizard" will appear. You will need to import
the license file provided by Cost Engineering. If you did not receive a license file, please contact our sales
department. See "Contact" for more information.
When you need to replace an existing license (e.g. because you updated the number of users or you
purchased new modules) you will need to start the license wizard manually.
Most licenses need to be activated before they can be used. To activate a license you will need to do the
following:
When replacing an existing license you will need to make sure nobody is logged in into the
program (including yourself) otherwise the "Import license" button will be disabled.
Select "Help => License" from the main menu.
The "License" wizard appears.
Press the "Import license" button in the license wizard.
If you are already using a license the "Import new license" dialog appears.
Press the "Yes" button.
The "Open" dialog will appear.
Select the license file.
Press the "Open" button.
The "Open" dialog is closed.
11
Administrator training
Press the "Next" button.
The "License activation" page will appear.
Press the "Create activation request" button.
A folder browser appears.
Select a location for the activation request file.
Press the "Create activation request" button.
The activation request will be created at the selected location. Send this file to our support department. Cost
Engineering in return will send an activation file which should be imported as follows:
It is possible to close the program until you receive the activation response from Cost
Engineering. To continue, just restart Cleopatra Enterprise and the license wizard will be
shown again.
Press the "Import activation" button.
The "Open" dialog appears.
Select the activation file.
Press the "Open" button.
The "Open" dialog is closed.
Press the "Finish" button.
The license will be activated and the program is ready for use.
12
Security overview
2.2.3 Concurrent users per module
The license specifies how many people can use a particular module at the same time. If that number is
reached, no more users will be able use that particular module. The users will still be able to use other
modules (provided that the license contains enough users for those modules).
Press "Help => License => View License" to view the license details. The product should be licensed to your
company. You will be able to use Cleopatra Enterprise until the "Expiration date". You will be able to update
the licensed modules until the "Expiration date for updates". This dialog will also display the number of
current users per module and the maximum number of users for each module.
13
Administrator training
2.3 The security model
Security and privacy of cost and project data has a high priority. The architecture of Cleopatra Enterprise
provides a flexible and enhanced security technology. This provides an easy way to customize the security
within the application to align with your business processes. The security architecture is divided into three
layers. For each layer the authorization level can be configured per user. A user is only allowed to execute
certain actions if all the layers grant him access.
The three security layers are:
Functional
Information
Workflow
The functional security layer:
The functional security layer specifies which users can perform certain functions and actions. For most
modules this consists of "no access", "read only" or "all". For some other administrative functions you can
define the user permissions on a very detailed level. Most of the time, certain groups of users will need to
have the same permissions regarding the functionality of the program. Therefore, permissions will not be
assigned to individual users, but to "Roles". A "Role" can consist of multiple users. In that case, you only
need to define the permissions once after which they can easily be applied to a group of users. Permissions
of the functional security layer can be set in the configuration dialog.
The information security layer:
The information security layer determines which users can see or edit what information. Most of the time this
is related to the fact that multiple people are working on the same project. Other users who are not working
on that project should not have access to the project’s information. These kind of permissions can be set in
the data explorer and are known as the folder permissions. Like the functional security, it is not necessary to
specify the permissions per individual user. Permissions can be assigned to workgroups, where a workgroup
consists of users working on the same project for instance.
The workflow security layer:
The workflow security layer is optional and can only be used if you have purchased the Workflow module. In
the workflow security layer users can see or edit documents depending on the workflow state the document
is currently in. These permissions are defined in the workflow designer. Again, permissions are not assigned
to individual users, but to groups of users, in this case the workflow roles. These permissions only apply if
the document is linked to a certain workflow. The workflow state of a document determines whether the user
can view or edit the document or possibly doesn't grant access to the document at all.
14
Security configuration
3 Security configuration
3.1 Users
Users need to be created to be able to control their permissions. By assigning users to roles and workgroups
their permissions can be defined. A role defines the function one or more user have within the system (see
"roles" for more information). A Workgroup is a collection of users with specific folder permissions (see
"workgroups" for more information).
For a newly created database, a demo user (password demo) is created. This user has all
rights and is useful when investigating all features of the product. It is recommended to delete
this user in a production environment.
Every newly created database contains the "admin" user (password "admin"). This user has
all permissions to perform basic administrative task like setting up the security. This user
cannot be deleted, nor can his security permissions be changed. It is recommended that the
password is changed in a production environment.
Changes to user rights can only be done by users with sufficient rights. It is possible to login
as a different user from within the configuration dialog. See "Select database" for detailed
information.
15
Administrator training
3.1.1 How to create users
Login if not already logged in.
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Security management => Security".
Select the "Users" tab if not already selected.
Press the "New user" button.
All edit fields are cleared if they weren't empty already
Enter the "Login name".
Enter a value in any other desired field (usually a password should be set).
Press the "Close" button.
The "Configuration" dialog is closed.
For a newly created database, a demo user (password demo) is created. This user has all
rights and is useful when investigating all features of the product. It is recommended to
delete this user in a production environment.
Every newly created database contains the "admin" user (password "admin"). This user
has all permissions to perform basic administrative task like setting up the security. This
user cannot be deleted, nor can his security permissions be changed. It is recommended
that the password is changed in a production environment.
Changes to user rights can only be done by users with sufficient rights. It is possible to
login as a different user from within the configuration dialog. See "Select database" for
detailed information.
16
Security configuration
3.2 Roles
A role defines the function one or more user have within the system. Roles can be assigned certain
permissions. Permissions control the rights to perform certain actions. Within the application there is a
distinction between three types of permissions:
Functional permissions: permissions which allow users to perform certain functions.
Workgroup permissions: permissions which allow users to access certain data.
Workflow permission: permissions which allow users to perform certain workflow actions or view
data in certain states.
Permissions can be grouped in (workflow) roles or workgroups. Users can be assigned to these roles or
workgroups. In this way they get the permissions defined.
17
Administrator training
3.2.1 How to create roles
Login if not already logged in.
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Security management => Security"
Select the "Roles tab" if not already selected.
Press the "New role" button.
All edit fields are cleared if they weren't empty already and all available users are in the
excluded list.
Enter the "Role name".
Optionally: enter the "Role description".
Press the "Close" button.
The "Configuration" dialog is closed.
Changes to role assignments can only be done by users with sufficient rights. It is possible
to login as a different user from within the configuration dialog. See Select database for
detailed information.
18
Security configuration
3.2.2 How to add users to roles
Login if not already logged in.
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Security management => Security".
Select the "Roles" tab.
Select the role to which one or more users need to be added.
Users can be a member of multiple roles. When rights of a certain user need to be
determined, rights of the different roles are examined and the highest right (the right that
grants the user the most access) will be used.
It is not possible to change the rights of a role when a user that is a member of that role is
logged in.
Select the desired user(s) in the "Excluded" users list.
Press the "Add to selected" button.
Press the "Close" button.
The "Configuration" dialog is closed.
It is possible to add users to the "Administrator" role but it is recommended to create a
'custom administrator' role and assign users to that. This because the "Administrator" role
has only very restricted rights and cannot be changed. A 'custom administrator' role can
be setup to fit your own needs.
Changes to role assignments can only be done by users with sufficient rights. It is possible
to login as a different user from within the configuration dialog. See Select database for
detailed information.
Changes to the security settings might not take affect until the next login of the affected
user(s).
19
Administrator training
3.2.3 The tab Administrator rights
The "Administrator rights" tab contains the settings that define the permissions that are usually associated
with Cleopatra Enterprise administrators. Various user management permissions and role and workgroup
permissions can be set here. We recommend that only a few users have (some of) these permissions.
Usually there is one Cleopatra Enterprise administrator who is responsible for the administrative tasks like
user management and management of roles and workgroups. In larger companies there could be more then
one administrator. In that case we usually see an 'administrator' that manages the role and workgroup
permissions and a 'user manager' that is responsible for the management of Cleopatra Enterprise users.
Add and remove roles, and assign permissions to roles:
Users within a role with this permission have full rights on the roles page (of the "Configuration" dialog)
except for adding and removing users to / from roles. For that the "Add and remove users to/from roles"
permission needs to be set.
Add and remove users to/from roles:
Users within a role with this permission can add users to roles or remove them from roles. For all other role
manipulation permissions the "Add and remove roles, and assign permissions to roles" permission needs to
be set..
Add and remove users to/from workgroups:
Users within a role with this permission can add users to workgroups or remove them from workgroups. For
all other workgroup manipulation permissions the "Add and remove workgroups" permission needs to be set.
Add and remove workgroups:
Users within a role with this permission have full rights on the workgroups page (of the "Configuration"
dialog) except for adding and removing users to / from workgroups. For that the "Add and remove users
to/from workgroups" permission needs to be set.
20
Security configuration
Administrate folders and documents:
Users within a role with this permission can modify folder permissions in the "Data explorer" even when they
don't have any permissions on a certain folder. A user with this permission can always modify folder
permissions in the "Data explorer". It is recommended that at least one person should be member of a role
which has this permission, set so that there is always someone who can change permissions on folders. All
other users should NOT have this permission because they need to comply to the permissions that are set
on the different folders.
Create new users:
Users within a role with this permission can create Cleopatra Enterprise users. See "Delete existing users",
"Modify user information" and "View user information" for more user management permissions.
Delete existing users:
Users within a role with this permission can delete other Cleopatra Enterprise users. Keep in mind that it is
not possible to delete a user when that user is logged in. See "Create new user", "Modify user information"
and "View user information" for more user management permissions.
Delete locks for a specific user:
Users within a role with this permission can remove user locks. Locks on users are set as soon as the user
logs in and are not released until the user logs out. In some rear cases the lock is not released properly (e.g.
when the application is aborted improperly or when it crashes). In that case the user cannot login for a
certain time (the lock is released automatically after a set time, usually 20 minutes). In such a situation an
administrator with this permission can unlock the user so that the user can login immediately. Keep in mind
that removing locks can cause problems if the 'unlocked user' is still working in Cleopatra Enterprise.
Modify user information:
Users within a role with this permission can modify all user information of every user. The "View user
information" permission also needs to be set in order for this permission to work. Keep in mind that it is not
possible to modify user information when that user is logged in. See "Create new user"and "Delete existing
users" for more user management permissions.
View user information:
Users within a role with this permission can view all user information of every user. Changes to other users
information is not possible until the "Modify user information" permission is also set. See "Create new
user"and "Delete existing users" for more user management permissions.
21
Administrator training
3.2.4 The tab Modules
The "Modules" tab contains the settings that define the module permissions for the users that are a member
of this role.
Users can be a member of multiple roles. When rights of a certain user need to be
determined, rights of the different roles are examined and the highest right (the right that
grants the user the most access) will be used.
There are three different security settings:
No access: This means the user has no permissions on the module. A user with this
permission cannot open the module and cannot view any content of this module.
Read only: This means the user cannot make modification within this module. A user with this
permission can use this module for viewing purposes.
Full access: This means the user has full permissions on the module. Other security settings
still can prevent the user to perform certain actions. See other parts of the "Security" chapter
for more information.
The "Modules" security settings for "Reporting" only affect the permissions on the manage
reports module and the header and footer designer. Permissions on the individual reports
need to be set on the tab "Reports".
The "Modules" security settings for "Plug-ins" only affect the permissions on the manage
plug-ins module. Permissions on the individual plug-ins need to be set on the tab "Plug-ins".
To change the module permissions follow the next steps:
Set a tick mark for the module(s) that need to be changed.
To select all, clear or inverse the selection, press the change selection button.
Select "No access", "Read only" or "Full access" on the top slider to set the permissions
for all selected modules at once or
Move the slider behind the module name to set the desired permissions for that single
module.
Changed security settings might not take effect until the next login of the affected users.
22
Security configuration
3.2.5 The tab Plugins
The "Plugins" tab contains the settings that define the plugin permissions for the users that are a member of
this role.
Users can be a member of multiple roles. When rights of a certain user need to be
determined, rights of the different roles are examined and the highest right (the right that
grants the user the most access) will be used.
There are three different security settings:
No access: This means the user has no permissions on the plugin. A user with this
permission cannot open the plugin and cannot view any content of this plugin.
Read only: User permissions can vary depending on the design requirements of the plugin.
Usually this setting means the user cannot make modification within this plugin, the user with
this permission can use this plugin for viewing purposes.
Full access: This means the user has full permissions on the plugin.
The "Plugins" security settings only affect the permissions on the individual plugins. The
permissions to manage plugins needs to be set on the tab "Modules".
To change the plugin permissions follow the next steps:
Set a tick mark for the plugin(s) that need to be changed.
To select all, clear or inverse the selection, press the change selection button.
Select "No access", "Read only" or "Full access" on the top slider to set the permissions
for all selected plugins at once or:
Move the slider behind the plugin name to set the desired permissions for that single
plugin.
Changed security settings might not take effect until the next login of the affected users.
23
Administrator training
3.2.6 The tab Reports
The "Reports" tab contains the settings that define the report permissions for the users that are a member of
this role.
Users can be a member of multiple roles. When rights of a certain user need to be
determined, rights of the different roles are examined and the highest right (the right that
grants the user the most access) will be used.
There are three different security settings:
No access: This means the user has no permissions on the report. A user with this
permission cannot open the report and cannot view any content of this report.
Read only: This means the user cannot make modification to this report. A user with this
permission can use this report for viewing purposes.
Full access: This means the user has full permissions on the report.
The "Reports" security settings only affect the permissions on the individual reports. The
permissions to manage reports and headers and footers need to be set on the tab "Modules".
To change the report permissions follow the next steps:
Set a tick mark for the report(s) that need to be changed.
To select all, clear or inverse the selection, press the change selection button.
Select "No access", "Read only" or "Full access" on the top slider to set the permissions
for all selected reports at once or:
Move the slider behind the reports name to set the desired permissions for that single
report.
Changed security settings might not take effect until the next login of the affected users.
24
Security configuration
3.3 Workgroups
Cleopatra Enterprise offers the possibility for users to work in groups on the same project.
A Workgroup is a collection of users with specific folder permissions.
3.3.1 How to create
Login if not already logged in.
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Data store configuration => Security".
Select the "Workgroups" tab.
Press the "New workgroup" button.
All edit fields are cleared if they weren't empty already.
Enter the "Work group name".
Optionally Enter the "Work group description".
Press the "Close" button.
The "Configuration" dialog is closed.
To assign users to work group see "Change work group assignment".
25
Administrator training
3.3.2 How to set security on folders
Folder permissions can be set for different workgroups. A Workgroup is a collection of users with the same
specific folder permissions. Users can be assigned to workgroups in the configuration dialog.
Select "Data Explorer" from the main toolbar.
Select the folder that needs security settings.
Press the "Security" button.
The "Workgroup permissions" dialog appears.
Remove the tick mark from the "Inherit folder permissions from parent folder".
The "Workgroup permissions" dialog appears.
When the Inherit folder permissions from parent folder" tick mark is disabled, you don't
have sufficient rights to change the security properties. To find out what causes this see
"How to determine permissions".
Press the "Yes" button.
Add the desired workgroup(s) to the "Selected workgroups" list using the "Add to selected"
button.
Set the desired permissions for the added workgroup(s). See table below for more
information.
When you select one of the permissions the "Permission hint" panel will show a
description of the permission.
Press the "OK" button.
The "Workgroup permissions" dialog is closed.
26
Security configuration
Workgroup permissions:
Workgroup permissions control the permissions for all users within the selected workgroup. If a user is a
member of multiple workgroups, the set permissions of all workgroups will apply. So if a user has a certain
right in any of the workgroups, this will allow the user to perform the action.
Browse
folder
Rename
folder
Add or
delete sub
folders
Allows the users of this workgroup to view the folder and the documents located in this
folder.
Allows the users of this workgroup to rename this folder.
Allows the users of this workgroup to add or remove folders located in this folder.
To see the documents in this folder, the workgroup also needs to have the "Browse folder"
permission, which will automatically be set.
Open
documents
Allows the users of this workgroup to view and open documents located in this folder.
To see the documents in this folder, the workgroup also needs to have the "Browse folder"
permission, which will automatically be set.
Edit
documents
Allows the users of this workgroup to modify and rename the documents located in this
folder. Users can also create documents in this folder.
To actually edit the documents in this folder, the workgroup also needs to have the
"Browse folder" and the "Open documents" permission, which will automatically be set.
Delete
documents
Allows the users of this workgroup to delete the documents located in this folder.
To actually delete the documents in this folder, the workgroup also needs to have the
"Browse folder", the "Open documents" and the "Edit documents" permission, which will
automatically be set.
Change
ownerships
Allows the users of this workgroup to change ownership of this folder. Users who will
create a folder or document will automatically become owner of that folder or document.
Owners have all permissions related to that folder or document.
27
Administrator training
3.4 Workflow
The Workflow Module enables you to thoroughly yet easily manage specific workflow processes and link any
document from the data explorer to specific steps in a work process. Workflow capabilities are ideally suited
for handling all aspects of established procedures required for internal sub tasks.
The Workflow Module is designed to let you conduct organizational processes accurately and efficiently. As
a result, you can count on shortened process-cycle times, reduced costs, improved accountability, better
visibility of process status, reduced errors, enhanced ability to adhere to compliance regulations and
improved quality.
The workflow module enables intelligent and secure routing of documents within the data explorer.
During the processing of workflow tasks, users always have access to all relevant information available in the
process and can view any document(s) for which they have corresponding permissions. Not only does the
workflow enforce a certain route for your documents, it also secures the documents based on the specific
workflow state the documents are currently in.
3.4.1 workflow designer
With the help of the workflow designer it becomes a simple task to define your workflow. It does this by
offering you a visual designer which helps you to define states, transitions and roles with a couple of mouse
clicks. It is even possible to design multiple workflow's, so support for multiple work processes within your
company is possible. Please note that a document can only be in one workflow at the time.
28
Security configuration
3.4.2 How to create a new workflow
Select "Module navigator" from the main toolbar.
Expand the "Workflow" module.
Select "Workflow designer".
The "Workflow designer" dialog appears.
Press the "Create a new workflow" button.
The "New workflow" dialog appears.
Enter a "Name" and a "Description".
Press the "OK" button.
The workflow will be created.
29
Administrator training
3.4.3 Workflow permissions
To be able to add documents to a workflow, at least one of the states need to have the "Initial
state" set.
Workflow role permissions:
Workflow role permissions control the permissions for all users within the selected role. State permissions
apply to all users within that role. If a user is a member of multiple roles, the set permissions of all roles will
apply. So if a user has a certain permission in any of the roles, this will allow the user to perform the action.
Assign documents
Open documents
Edit documents
Remove documents
Export documents
Allows the users of this role to assign documents to this workflow state.
Allows the users of this role to open documents in this workflow state.
Allows the users of this role to edit documents in this workflow state.
Allows the users of this role to remove documents in this workflow state from
the workflow.
Allows the users of this role to export documents from and import into this
workflow state. It also controls the right to unlock exported documents. See
"Export and import of documents in a workflow" and "How to unlock exported
documents" for more information.
Transition permissions:
Transition permissions control the permissions for all users within a role to move documents form one state
to another. Only users that are member of the role that has been given rights to the transition will be able to
move the documents to the next (or previous) state.
Transition between
states
Allows the users of this role to transfer documents along this workflow state
transition. (this depends on the direction of the transition.)
It is possible to add transitions in two directions: from A to B and from B to A.
30
Security configuration
3.4.4 How to create a new workflow role
Open a workflow.
Press the "Create a new workflow role" button.
The "New workflow role" dialog appears.
Enter a "Name" and a "Description".
Press the "OK" button.
The workflow role will be created.
31
Administrator training
3.4.5 How to assign users to a workflow role
Open a workflow.
Select the desired workflow role in the "Workflow roles" list.
Press the "Assign users to role" button.
The "Assign users to role" dialog appears.
Select one or more users in the "Excluded" list.
Press the "Add to selected" button.
The user(s) will appear in the "Included" list.
Press the "OK" button.
The user(s) will be assigned to the Workflow role.
3.4.6 How to create a new workflow state
Open a workflow.
Press the "Create a new workflow state" button on the toolbar.
The "New workflow state" appears.
If you want to add more workflow states, repeat step 2.
New states will be created at the same base position.
Select the state and move it to the desired position.
The workflow state will be created.
32
Security configuration
3.4.7 How to assign a role to a workflow state
Open a workflow.
Select a "Workflow state".
Press the "Edit" button on the toolbar.
The "Edit workflow component" dialog appears.
Press the "Roles" tab.
Select one or more roles from the "Available" list.
Press the "Add to selected" button.
The available role(s) will appear in the "Selected" list.
Select a role from the "Selected" list.
Set the desired permission(s).
Press the "OK" button.
The role(s) will be assigned to the workflow state.
To select all, clear or inverse the permissions, press the "Change Selection" button
33
Administrator training
3.4.8 How to create a new state transition
Open a workflow.
Press the "Add a new state transition" button on the toolbar.
Select the first state (from).
Select the second state (to).
The state transition is created.
It is possible to add state transitions in two directions: from A to B and from B to A.
34
Security configuration
3.4.9 How to assign a role to a state transition
Open a workflow.
Select a "State transition".
Press on the "Edit" button on the toolbar.
The "Edit workflow component" dialog appears.
Press the tab "Roles"
Select one or more roles in the "Available" list.
Press the "Add to selected" button.
The added role(s) will appear in the "Selected" list.
The "Selected" role has always the permission "Transition between states".
35
Administrator training
3.5 Security facts
General
It is not possible to modify a role when a user that is a member of that role is logged in.
It is not possible to change the rights of a role when a user that is a member of that role is
logged in.
It is not possible to modify a user when the user is logged in.
It is not possible to modify a workgroup when a user that is a member of that workgroup is
logged in.
Changed security settings might not take effect until the next login of the affected users.
License
When replacing an existing license you will need to make sure nobody is logged in into a
database connection (including yourself) otherwise the "Import license" button will be
disabled.
It is possible to close the program until you receive the activation response from Cost
Engineering. To continue, just restart Cleopatra Enterprise and the license wizard will be
shown again.
You can still connect to the server database with a single user license. This will not use up a
concurrent user of the server license.
In case you are using Cleopatra enterprise off-line you will not be able to access the shared
reports - make sure you make a local copy of those you need for personal use.
Users
For a newly created database, a demo user (password "demo") is created. This user has all
rights and is useful when investigating all features of the product. It is recommended to delete
this user in a production environment.
Every newly created database contains the "admin" user (password "admin"). This user has
all permissions to perform basic administrative task like setting up the security. This user
cannot be deleted, nor can his security permissions be changed. It is recommended that the
password is changed in a production environment.
36
Security configuration
Roles
The "Modules" security settings for "Reporting" only affect the permissions on the manage
reports module and the header and footer designer. Permissions on the individual reports
need to be set on the tab "Reports".
The "Modules" security settings for "Plug-ins" only affect the permissions on the manage
plug-ins module. Permissions on the individual plug-ins need to be set on the tab "Plug-ins".
Changes to role assignments can only be done by users with sufficient rights. It is possible to
login as a different user from within the configuration dialog. See "Select database" for
detailed information.
Users can be a member of multiple roles. When rights of a certain user need to be
determined, rights of the different roles are examined and the highest right (the right that
grants the user the most access) will be used.
It is possible to add users to the "Administrator" role but it is recommended to create a
'custom administrator' role and assign users to that. This because the "Administrator" role has
only very restricted rights and cannot be changed. A 'custom administrator' role can be setup
to fit your own needs.
Every database contains the "Administrator" role. This role has all "Administrator rights"
permissions but no rights in any other part of the application. This role cannot be deleted, nor
can its security permissions be changed.
Workgroups
When the Inherit folder permissions from parent folder" tick mark is disabled, you don't have
sufficient rights to change the security properties. To find out what causes this see "How to
determine permissions".
When you select one of the permissions the "Permission hint" panel will show a description of
the permission.
To see the documents in this folder, the workgroup also needs to have the "Browse folder"
permission, which will automatically be set.
To see the documents in this folder, the workgroup also needs to have the "Browse folder"
permission, which will automatically be set.
To actually edit the documents in this folder, the workgroup also needs to have the "Browse
folder" and the "Open documents" permission, which will automatically be set.
37
Administrator training
4 Exercise
4.1.1 Introduction
The next Exercises will show you how to setup the various security settings within Cleopatra Enterprise. We
will start by adding users. Next we will create some roles to define the functions users have within the
system. The roles will be assigned permissions to control the rights to perform certain actions. After an in
depth example of the different role permissions we will look at workgroups. A workgroup is a collection of
users with specific folder permissions. Workgroups offer the possibility for users to work in groups on the
same project and can prevent them to edit documents of another project. Finally we will have a look at the
workflow functionality. The workflow module enables intelligent and secure routing of documents within the
data explorer. Not only does the workflow enforce a certain route for your documents, it also secures the
documents based on the specific workflow state the documents are in.
In the next chapters the trainer will demonstrate how to setup the different security settings. During this
demonstration the participants can do some exercises to verify the functionality. The next parts will be
explained:
How to setup user security
How to setup role security
How to setup role security for reports
How to setup workgroup security
How to create a workflow design
How to setup workflow roles (part 1)
How to setup workflow roles (part 2)
Conclusion
38
Exercise
4.1.2 How to setup user security
Before it is possible for a person to use Cleopatra Enterprise it is necessary to create a user account.
Because it is not possible to login multiple times as the same user, it is necessary to create an account for
each user.
Before we can access the different security parts it is required to login as a user with sufficient permissions.
We are going to use the default Admin user for this. To login do the following:
Select "File => Configuration" from the main menu.
The "Configuration" dialog will appear.
39
Administrator training
Select the "Select database" option.
Press the "Select..." button.
The "Login wizard" appears.
Enter "Admin" in the "User name" field.
Enter "Admin" in the "Password" field.
Every newly created database contains the "admin" user (password "admin"). This user
has all permissions to perform basic administrative task like setting up the security. This
user cannot be deleted, nor can his security permissions be changed. It is recommended
that the password is changed in a production environment.
Press the "Finish" button.
The application will now login as the Admin user.
40
Exercise
Next we are going to create an account for each user. User accounts can be created in the following way:
Select the "Security" option.
Press the "New user" button.
The "New user" dialog appears.
Enter the "login name" of the desired user.
Press the "OK" button.
The user account is created.
41
Administrator training
Users are now known to the system and they are able to log into Cleopatra Enterprise.
Excercise:
Log into the application.
Note that it is possible to log into the application but that the user does not have any
permissions in any module or on any document.
To allow the user to enter their personal details we will temporary assign him to the Admin role:
Select the "Roles" tab.
Select the "Admin" role.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
Select the "Users" tab.
Exercise:
Log into the Configuration dialog.
Edit personal details.
Enter a password.
Before we continue with the explanation of the role functionality we will first remove all users from the Admin
role:
Select the "Roles" tab.
Select the "Admin" role.
Select all new users in the "Included" users list.
Press the "Remove from selected" button.
How to setup role security
42
Exercise
4.1.3 How to setup role security
Roles are used to group users that have a similar function within the system. E.g. Estimator, Project
manager, Application manager or Knowledgebase administrator. Each role can contain one or more users
and has it own permission settings which apply to all users within the role. To demonstrate the role
functionality we are going to create two different roles:
Make sure the "Roles" tab is selected.
Press the "New role" button.
The "New role" dialog appears.
Enter "Estimator" as the "Name" of the role.
Enter a "Description" for the role.
Press the "OK" button.
The "Estimator" role is created.
Again press the "New role" button.
The "New role" dialog appears.
Enter "Knowledgebase admin" as the "Name" of the role.
Enter a "Description" for the role.
Press the "OK" button.
The "Knowledgebase admin" role is created.
43
Administrator training
Now we have created two roles it is time to assign users to them. To do so we need to do the following:
Select the "Estimator" role.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
The users are assigned to the "Estimator" role.
Select the "Knowledgebase admin" role.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
The users are assigned to the "Knowledgebase admin" role.
Note that users can be a member of multiple roles. When rights of a certain user need to
be determined, rights of the different roles are examined and the highest right (the right
that grants the user the most access) will be used.
44
Exercise
Next we are going to assign different permissions to the two roles. To setup all permissions for the
"Estimator" role we need to do the following:
Select the "Estimator" role.
Press the "Permissions for role" button.
The "Permissions for estimator" dialog appears.
Select the "Modules" tab.
Press the "Change selection" button.
Select "Select all" from the popup menu.
Now all modules are selected.
Remove the tick mark for the "Reed business" and "Web sharing" modules.
Select "Full access" for the top slider.
Move the slider behind "Knowledgebase" to "Read only".
45
Administrator training
Select the "Administrator rights" tab.
Make sure all tick marks are turned off.
Press the "OK" button.
The "Permissions for Estimator" dialog is closed.
46
Exercise
And for the "Knowledgebase admin" role we do:
Select the "Knowledgebase admin" role.
Press the "Permissions for role" button.
The "Permissions for Knowledgebase admin" dialog appears.
Select the "Modules" tab.
Place a tick mark for the "Currency manager", "Knowledgebase" and "Import/Export"
modules.
Select "Full access" for the top slider.
Move the slider behind "Cost estimation" and "Reporting" to "Read only".
Select the "Administrator rights" tab.
Make sure all tick marks are turned off.
Press the "OK" button.
The "Permissions for Knowledgebase admin" dialog is closed.
47
Administrator training
How to login using a specific role:
Press the login button on the main toolbar.
The "Login wizard" appears.
Enter the "User name".
Enter the "Password".
Press the "Next" button.
Disable the "Knowledgebase admin" role.
Press the "Finish" button.
The application will now login only using the "Estimator" role.
Exercise:
Log into Cleopatra Enterprise but make sure that only the "Estimator" role is used.
Open an estimate.
Make sure you have access to the correct modules.
Open an knowledgebase.
Note that the knowledgebase is read only.
Select the estimate and select "Estimating" in the module navigator.
Note that it is possible to estimate from the knowledgebase.
Log into Cleopatra Enterprise and make sure that only the "Knowledgebase admin"
role is selected.
Open an knowledgebase.
Make sure you have access to the correct modules.
Open an estimate.
Note that the estimate is read only.
How to setup role security for reports
48
Exercise
4.1.4 How to setup role security for reports
Role security is also used to set the permissions for the different reports. In the next example we are going to
set some report permissions for the two roles we have created previously:
Make sure the "Roles" tab is selected.
Select the "Estimator" role.
Press the "Permissions for role" button.
The "Permissions for estimator" dialog appears.
Select the "Reports" tab.
Press the "Change selection" button.
49
Administrator training
Select "Select all" from the popup menu.
Now all reports are selected.
Select "Full access" for the top slider.
Move the slider behind "Knowledgebase components" and "Knowledgebase properties" to
"Read only".
Press the "OK" button.
50
Exercise
Now we are going to do the same for the "Knowledgebase admin" role:
Select the "Knowledgebase admin" role.
Press the "Permissions for role" button.
The "Permissions for Knowledgebase admin" dialog appears.
Select the "Reports" tab.
Move the slider behind "Knowledgebase components" and "Knowledgebase properties" to
"Full access".
Press the "OK" button.
Changes to the security settings might not take affect until the next login of the affected
user(s).
51
Administrator training
Exercise:
Re-log into Cleopatra Enterprise but make sure that only the "Estimator" role is used.
Open an estimate.
Open the report wizard.
Select the "Direct cost" report and make some changes to the default settings.
Proceed to the "Save report settings" page.
Note that it is possible to save changes to report settings.
Close the report wizard.
Open a knowledgebase.
Open the report wizard.
Select the "Knowledgebase components" report and make some changes to the
default settings.
Proceed to the "Save report settings" page.
Note that it is not possible to save changes to report settings.
Re-log into Cleopatra Enterprise and make sure that only the "Knowledgebase
admin" role is selected.
Open an knowledgebase.
Open the report wizard.
Select the "Knowledgebase components" report and make some changes to the
default settings.
Proceed to the "Save report settings" page.
Note that it is possible to save changes to report settings.
Open an estimate.
Open the report wizard.
Note that the estimate reports are not available.
Close the report wizard.
How to setup workgroup security
52
Exercise
4.1.5 How to setup workgroup security
Workgroups are used to control the documents of different projects. Usually it is not desirable that every user
has access to every document in the database. Only users that are working on a certain project need access
to the documents of that project. Workgroups are used to determine the permissions users have on folders
and the documents in those folders. To show how the workgroup functionality works we are going to create
two workgroups:
Select the "Workgroups" tab.
Press the "New workgroup" button.
The "New workgroup" dialog appears.
Enter "Project X" as the workgroup "Name".
Enter a "Description" for the workgroup.
Press the "OK" button.
The "Project X" workgroup is created.
Again press the "New workgroup" button.
The "New workgroup" dialog appears.
Enter "Project Y" as the workgroup "Name".
Enter a "Description" for the workgroup.
Press the "OK" button.
The "Project Y" workgroup is created.
Now we need to assign users to the workgroups in the same way as we did for the roles:
53
Administrator training
Select the "Project X" workgroup.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
The users are assigned to the "Project X" workgroup.
Select the "Project Y" workgroup.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
The users are assigned to the "Project Y" workgroup.
Note that, as with roles, users can be a member of multiple workgroups. When rights of a
certain user need to be determined, rights of the different workgroups are examined and
the highest right (the right that grants the user the most access) will be used.
54
Exercise
Next we are going to create a project folder and grant full permissions to the "Project X" workgroup:
Log into Cleopatra Enterprise.
Press the "New folder" button on the database explorer toolbar.
The new folder is created.
Enter "Project X" as the folder name.
Press the "New folder" button on the database explorer toolbar.
The new folder is created.
Enter "Project Y" as the folder name.
Make sure the "Project X" folder is selected.
Press the "Security" button on the database explorer toolbar.
The "Workgroup permissions" dialog appears.
Remove the tick mark from the "Inherit folder permissions from parent folder" option.
A "Question" dialog appears with the question "Copy the security settings from the parent
folder"
Press the "NO" button.
Select the "Project X" workgroup from the "Available workgroups" list.
Press the "Add to selected" button.
Set a tick mark for all options.
55
Administrator training
Now we are going to allow the "Project Y" workgroup read only permission to the "Project X":
Select the "Project Y" workgroup from the "Available workgroups" list.
Press the "Add to selected" button.
Set a tick mark for the "Open documents" permission.
Note that the "Browse folder" permission is ticked automatically when "Open documents"
is selected. This is because in order to open a document you need to be able to browse
the folder that contains the document.
Press the "OK" button.
56
Exercise
Finally we need a document in the project folder to demonstrate the functionality:
Press the "New document" button.
The "New document wizard" appears.
Enter "001 project X" in the "Name" field.
Make sure that the "Project X" folder is selected in the "Folder" field.
Press the "Next" button.
Press the "Finish" button.
A new document is created in the "Project X" folder.
Exercise:
Re-log into Cleopatra Enterprise but make sure that only the "Project X" workgroup is
used.
Open the "001 project X" document in the "Project X" folder.
Rename the "001 project X" document to "002 project X".
Close the document.
Re-log into Cleopatra Enterprise and make sure that only the "Project Y" workgroup is
used.
Open the "001 project X" document in the "Project X" folder.
Note that the document can only be opened read-only.
How to create a workflow design
57
Administrator training
4.1.6 How to create a workflow design
The last security functionality we are going to look at is workflow. Workflow offers an intelligent and secure
way to enforce a logical routing of documents. Documents can be placed in and moved though different
states. Each state will only allow users with sufficient permission to manipulate the document. First we need
to create a workflow
Select "Workflow => Workflow designer" from the module navigator.
The "Workflow designer" appears.
Press the "Create new workflow" button in the "Workflows" toolbar.
The "New workflow" dialog appears.
Enter "Administrator training" in the "Name" field.
Enter a "Description" for the workflow design.
Press the "OK" button.
The workflow design is created.
58
Exercise
Next we are going to design a very basic workflow that consists of two states "For approval" and "Approved":
Press the "Create a new workflow state" button.
A new state is added to the workflow design.
Again press the "Create a new workflow state" button to create a second state.
The second state is added to the workflow design.
Move one of the two states besides of below the other state.
Press the "Add a new state transition" button.
Click on the first state.
Click on the second state.
A state transition (arrow line) is drawn between the two states.
59
Administrator training
Now we are going to set some initial properties:
Select the first state.
Press the "Edit" button.
The "Edit workflow component" dialog appears.
Enter "For approval" in the "Name" field.
Enter a "Description" for the workflow state.
Place a tick mark in the "Initial state" field.
The initial state option means that this state is a 'start point' of the workflow and that
documents that are not already part of this workflow can be assigned to this state. To be
able to add documents to a workflow, at least one of the states need to have the "Initial
state" set.
Press the "OK" button.
Select the second state.
Press the "Edit" button.
The "Edit workflow component" dialog appears.
Enter "Approved" in the "Name" field.
Enter a "Description" for the workflow state.
Press the "OK" button.
How to setup workflow roles (part 1)
60
Exercise
4.1.7 How to setup workflow roles (part 1)
Now we have designed the workflow, we will determine the user permissions. To do so we first need to
create two workflow roles and add users to them:
Press the "Create new workflow role" button on the "Workflow roles" toolbar.
The "New workflow role" dialog appears.
Enter "Estimator" in the "Name" field.
Enter a "Description" for the workflow state.
Press the "OK" button.
61
Administrator training
Press the "Assign users to role" button.
The "Assign users to role" dialog appears.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
The users are assigned to the "Estimator" workflow role.
Press the "OK" button.
Again press the "Create new workflow role" button on the "Workflow roles" toolbar.
The "New workflow role" dialog appears.
Enter "Project manager" in the "Name" field.
Enter a "Description" for the workflow state.
Press the "OK" button.
At this moment all users are assigned to the "Estimator" workflow role and none to the
"Project manager" workflow role. This will be changed later on in this course.
62
Exercise
Next we will setup the security for the "For approval" state:
Select the "For approval" state.
Press the "Edit" button.
The "Edit workflow component" dialog appears.
Select the "Permissions" tab.
Select the "Estimator" workflow role in the "Available" list.
Press the "Add to selected" button.
Press the "Change selection" button.
Select "Select all" from the popup menu.
All permissions are selected for the "Estimator" workflow role.
Select the "Project manager" workflow role in the "Available" list.
Press the "Add to selected" button.
Only place a tick mark for the "Open documents" permission.
Press the "OK" button.
63
Administrator training
The same we will do for the "Approved" state:
Select the "Approved" state.
Press the "Edit" button.
The "Edit workflow component" dialog appears.
Select the "Permissions" tab.
Select the "Estimator" workflow role in the "Available" list.
Press the "Add to selected" button.
Only place a tick mark for the "Open documents" permission.
Select the "Project manager" workflow role in the "Available" list.
Press the "Add to selected" button.
Press the "Change selection" button.
Select "Select all" from the popup menu.
Remove the tick mark from the "Edit documents" permission.
Press the "OK" button.
64
Exercise
Finally we are going to set the permissions for the "Transition" between the two states:
Select the "Transition" (arrow line).
Press the "Edit" button.
The "Edit workflow component" dialog appears.
Select the "Permissions" tab.
Select the "Project manager" workflow role in the "Available" list.
Press the "Add to selected" button.
Place a tick mark for the "Transition between states" permission.
Press the "OK" button.
Exercise:
Create a new estimate.
Close the new estimate.
Assign the new estimate to the "For approval" workflow state.
Try to move the new estimate from the "For approval" state to the "Approved" state.
Note that the "Estimator" role does not have the permission to move the estimate to
the "Approved" state.
Open the new estimate.
Note that it is still allowed to open and edit the estimate.
Close the estimate.
How to setup workflow roles (part 2)
65
Administrator training
4.1.8 How to setup workflow roles (part 2)
Now remove the users from the "Estimator" workflow role and assign them to the "Project manager" workflow
role:
Select the "Estimator" workflow role.
Press the "Assign users to role" button.
The "Assign users to role" dialog appears.
Select all new users in the "Included" users list.
Press the "Remove from selected" button.
The users are removed from the "Estimator" workflow role.
Press the "OK" button.
Select the "Project manager" workflow role.
Press the "Assign users to role" button.
The "Assign users to role" dialog appears.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
The users are assigned to the "Project manager" workflow role.
Press the "OK" button.
Exercise:
Move the estimate from the "For approval" state to the "Approved" state.
Open the estimate.
Note that the estimate cannot be edited.
66
Exercise
For a last check we will re-assign the users to the "Estimator" role:
Select the "Estimator" workflow role.
Press the "Assign users to role" button.
The "Assign users to role" dialog appears.
Select all new users in the "Excluded" users list.
Press the "Add to selected" button.
The users are assigned to the "Estimator" workflow role.
Press the "OK" button.
Select the "Project manager" workflow role.
Press the "Assign users to role" button.
The "Assign users to role" dialog appears.
Select all new users in the "Included" users list.
Press the "Remove from selected" button.
The users are removed from the "Project manager" workflow role.
Press the "OK" button.
Exercise:
Conclusion
Open the estimate
Note that it is not longer possible to edit the estimate.
It is also not possible for the users in the "Estimator" role to remove the estimate from
the "Approved" state.
67
Administrator training
4.1.9 Conclusion
We have now finished the tutorial in which we looked at the different security types and how they can be
used. We hope you have found it informative and useful.
Now you have completed the security section of the course you will now be able to do the following in
Cleopatra Enterprise:
1. Setup user security:
How to create new Cleopatra Enterprise users.
How to edit their user properties.
How to create the different user roles you recognize within you own company.
How to setup the permissions for these roles.
How to setup the security for the reports.
2. Setup folder security:
How to create workgroups.
How to create folder structures for your various projects.
How to setup the security for these folders.
3. Setup workflow:
How to create a workflow design.
How to create workflow roles.
How to setup the permissions for the workflow roles.
How to add documents to a workflow and how to move documents between different workflow
states.
Of course, this is just a small overview of the capabilities of the security within Cleopatra Enterprise. Every
company has its own demands regarding security. We hope you are triggered to investigate more. If so,
please have a look at our "Manual" where are all topics are covered in detail.
68
Exercise
4.2 Security trouble shooting
4.2.1 How to resolve security problems
Document problems:
69
Administrator training
Folder / workgroup problems:
Module problems:
Report / plugin problems:
70
Exercise
4.2.2 How to determine permissions
Due to security a document or module can sometimes only be viewed in read-only mode and sometimes it
can not be opened at all. It can be quite complex to determine the cause of this. In order to easily determine
why a document or module is read-only or cannot be opened at all we have provided the following options:
Module access:
This shows what functional security permissions a user has. Module access can be viewed as follows:
Select "Help => Module access" from the main menu.
The "Current module access" dialog appears.
This dialog shows you the roles you are member of and which of them are currently used. It also shows the
permissions you have on the different modules, reports and plugins. It also shows the permissions a users
has on the administrator level.
Users can be a member of multiple roles. When rights of a certain user need to be
determined, rights of the different roles are examined and the highest right (the right that
grants the user the most access) will be used.
71
Administrator training
Document and folder permissions:
This shows what information security permissions a user has. Document and folder properties can be viewed
as follows:
Select "Data explorer" from the main toolbar.
Select the folder or document which permissions you want to view.
Press the "Properties" button.
The "Properties" dialog appears.
Besides general document information, the "Properties" tab also shows information which can influence a
users permissions. It shows if a document is opened or locked and by who. It also shows in which workflow
state the document is in and if a expiration date is set on the document and if it is permitted to export the
document.
There is a special tab "Permissions" which shows what permissions you currently have on the
selected document. It is divided into folder permissions and workflow permissions.
Press the "OK" button.
72
Installation
5 Installation
5.1 MS SQL server
5.1.1 Introduction
Security is becoming increasingly important. It is one of the critical features of a database engine, protecting
the enterprise against myriad threats.
Apart from the usual security of physically securing the server, backing up data regularly and putting it
behind one or more firewalls if it is connected to a network, we recommend you to avoid installing SQL
Server on a computer with other server applications, and enable only the minimum network protocols
required.
5.1.2 Encrypting connections to SQL server
Microsoft SQL Server can use the Secure Sockets Layer (SSL) to encrypt data that is transmitted across a
network between an instance of SQL Server and a client application.
SSL can be used for server validation when a client connection requests encryption. If the instance of SQL
Server is running on a computer that has been assigned a certificate from a public certification authority,
identity of the computer and the instance of SQL Server is vouched for by the chain of certificates that lead to
the trusted root authority. Such server validation requires that the computer on which the client application is
running be configured to trust the root authority of the certificate that is used by the server.
The level of encryption used by SSL, 40-bit or 128-bit, depends on the version of the Microsoft Windows
operating system that is running on the application and database computers.
Enabling SSL encryption increases the security of data transmitted across networks between instances of
SQL Server and applications. However, enabling encryption does slow performance. When all traffic
between SQL Server and a client application is encrypted using SSL, the following additional processing is
required:
An extra network round trip is required at connect time.
Packets sent from the application to the instance of SQL Server must be encrypted by the client Net-
Library and decrypted by the server Net-Library
Packets sent from the instance of SQL Server to the application must be encrypted by the server
Net-Library and decrypted by the client Net-Library.
Also see "Encrypting Connections to SQL Server" on Microsoft's SQL server TechCenter
pages for more detailed information.
73
Administrator training
5.1.3 Installing MS SQL server
Cleopatra Enterprise stores its data in a central database using Microsoft SQL Server 2005.CLIENT
machines who whish to work with Cleopatra Enterprise need to have access to this database server. When
there is no Microsoft SQL Server available, it needs to be installed. The database server can either be
installed on a central server or on the local machine. When installing Microsoft SQL Server on a local
machine a special edition "Microsoft SQL Server 2005 Express" needs to be installed, which can be found in
the installation procedure of Cleopatra Enterprise. There are no additional server requirements for running a
Cleopatra Enterprise database besides the requirements for Microsoft SQL Server 2005. Of course, the
requirements typically depend on the number of users concurrently accessing the database server and the
amount of data which is involved. General hardware recommendations regarding Microsoft SQL Server 2005
can be found at:
http://www.microsoft.com/sqlserver/2005/en/us/system-requirements.aspx
By default the Cleopatra Enterprise installation procedure contains an automated installation of ”r;Microsoft
SQL Server 2005 Express”:
Start the installation.
The Microsoft SQL server setup dialog appears. Screen shot
Tick the "I accept the licensing terms and conditions".
Press the "Next" button.
Press the "Next" button.
The installation will check your system. Screen shot
After the system configuration check finishes, press the "Next" button.
Enter the user "Name" and "Company name".
Press the "Next" button.
The next step allows you to select the components to install. Screen shot
Select "SQL Server Database Services".
Select "Workstation components, Books and development tools".
Select "Integration Services".
Press the "Next" button.
If this is the first instance of SQL server on the target machine select "Default instance".
Otherwise select "Named instance".
Press the "Next" button.
Select "Use the built-in System account".
Press the "Next" button.
Set the "The authentication mode" to "Mixed Mode". See "Choosing an authentication mode"
for more detailed information.
Enter a password for the System Administrator (SA).
74
Installation
This password will be needed when installing Cleopatra Enterprise.
Press the "Next" button.
The "Collation settings" page needs no specific changes.
Press the "Next" button.
All configuration settings are now set and you are ready to start the actual installation.
Press the "Install" button to start the installation.
During the installation the progress will be shown.
Press the "Next" button.
Press the "Finish" button, to exit the installation.
5.1.4 Configuring MS SQL Server for Cleopatra Enterprise
Cleopatra Enterprise requires some specific MS SQL Server settings. Below you will find all steps to
configure these settings.
In order to connect to an SQL server on a remote machine you need to make sure the firewall
opens the port on which SQL server is listening (default 1433). You can do that in the
"Control Panel" (see steps below) or by using the command line: "Netsh firewall set port
opening tcp 1433 SQL_PORT_1433 ENABLE ALL".
See "Opening a port on the firewall" for more information.
Start the "SQL Server Configuration Manager". You can find this option in the Start menu in
the option "Microsoft SQL Server 2005 => Configuration tools".
The "SQL Server Configuration Manager" appears.
Select "Protocols for MSSQLSERVER". Screen shot
Double click the "TCP/IP" option.
The "TCP/IP properties" dialog appears.
Set the "Enabled" option to "Yes". Screen shot
Select the "IP Addresses" tab.
Make sure all "TCP Port" settings are set to "1433". Screen shot
Press the "OK" button.
The "TCP/IP properties" dialog is closed.
The next step allows you to select the components to install. Screen shot
Close the "SQL Server Configuration Manager".
75
Administrator training
5.1.5 Choosing an authentication mode
When configuring the SQL server, you must select an authentication mode.
There are two possible modes:
Windows Authentication mode. This enables Windows Authentication and disables SQL Server
Authentication.
Mixed mode. This enables both Windows Authentication and SQL Server Authentication.
Windows Authentication is always available and cannot be disabled.
Microsoft advises to use Windows Authentication when possible.
Disadvantages of SQL Server Authentication:
If a user is a Windows domain user who has a login and password for Windows, he must still provide
another (SQL Server) login and password to connect.
SQL Server Authentication cannot use the "Kerberos security protocol".
Windows offers additional password policies that are not available for SQL Server logins.
Advantages of SQL Server Authentication:
Allows SQL Server to support environments with mixed operating systems.
Allows users to connect from unknown or untrusted domains.
See "Choosing an Authentication Mode" on Microsoft's developer center pages for
more detailed information.
5.1.6 Opening a Port on the firewall
In order to connect to an SQL server on a remote machine you need to make sure the firewall opens the port
on which SQL server is listening (default 1433). You can do that in the "Control Panel" (see steps below) or
by using the command line: "Netsh firewall set port opening tcp 1433 SQL_PORT_1433 ENABLE ALL"
Opening a port on the firewall:
Select "Start" on the windows taskbar.
Select the "Control panel".
Select "Windows firewall".
Select the "Exceptions" tab.
Press the "Add port" button.
The "Add port" dialog appears.
Enter a "Name"
Enter the "Port number" on which SQL server is listening
Select "TCP".
Press the "OK" button.
The port is added.
Press the "OK" button.
76
For local installations Microsoft SQL server express edition is available. Be aware that this
version has its limitations. E.g. The express edition has 4 GB database size limit, the
MSDE has a maximum of 2 GB database size. See the Microsoft documentation for
detailed information.
Installation
5.2 Cleopatra Enterprise
5.2.1 Downloading Cleopatra Enterprise
Click here to view the minimum system requirements.
To view PDF documents install Adobe Acrobat Reader 8.0 or higher.
Downloading Cleopatra Enterprise:
Open the Cost Engineering web site: www.CostEngineering.eu
Select the "Support" option.
Select the "Download" option.
Enter the "Username" and "Password" provided by Cost Engineering.
Press the "Login" button.
Select "Cleopatra Enterprise" from the list at the right hand side.
Select the desired Cleopatra Enterprise file.
A "File download" dialog appears.
Press the "Save" button
A "Save" dialog appears.
Select a location to save the installation file.
Press the "Save" button.
Also see "Installing Cleopatra Enterprise".
77
Administrator training
5.2.2 Installing Cleopatra Enterprise
Cleopatra Enterprise can be installed using the provided installation procedure. The installation of Cleopatra
Enterprise requires no additional system libraries like dll’s. Therefore, it is possible to install Cleopatra
Enterprise once on a network or application server. Users who want to start Cleopatra Enterprise just need to
have access to the “Cleopatra Enterprise.exe” on the network server.
Start the installation (provided by download or CD-rom).
The Cleopatra Enterprise installation dialog appears (screen shot).
Select "Cleopatra Enterprise".
Press the "Install" button.
Press the "Next" button.
Accept the license agreement.
Press the "Next" button.
Select the installation folder.
Cleopatra Enterprise can be installed on a local machine as well as a network or application
server. See "Remote access" for more information.
Press the "Next" button.
Select the configuration folder.
The configuration folder is a folder which will contain all shared configuration data for all
users. All users who use this installation of Cleopatra Enterprise should have sufficient
access rights (read / write) to this configuration folder.
Press the "Next" button.
Cleopatra Enterprise will be installed.
Press the "Finish" button, to exit the installation.
License.
Click here to view the minimum system requirements.
To view PDF documents install Adobe Acrobat Reader 8.0 or higher.
78
Installation
5.2.3 Common installation issues
Installing Cleopatra Enterprise is quite straightforward. However, there are couple of issues you need to be
aware of the next:
Make sure you have administrator rights to install Cleopatra Enterprise and MS SQL Server.
Cleopatra Enterprise needs access to a shared configuration directory on your file system. Users
need to have read / write access. This directory can be configured in the “Configuration dialog”.
Cleopatra Enterprise needs read / write access to the user directory to store user settings. This is
specified in the Windows variable “%USERPPROFILE%.
Cleopatra Enterprise does not need any software to be installed on the client machine. As such,
installation of the client can be done on a central file server.
MS SQL Server needs access through TCP/IP port (default 1433), even if it is installed locally. You
may need to configure your firewall to open up this port.
In order for Cleopatra Enterprise to communicate with MS SQL Server, SQL Server needs to support
TCP/IP traffic. This is a special setting, which is not enabled by default. To configure it, see
"Configuring MS SQL Server for Cleopatra Enterprise".
Deployment via Citrix is supported. Be aware that each user needs read / write access to his own
user directory, which can be configured in Citrix.
To view the online manual, Cleopatra Enterprise needs access to the internet. If this is not possible,
an offline version is provided as well with the installation. Be aware that the online manual is updated
regularly. To get an update of the offline version, please contact support.
79
Administrator training
5.2.4 Remote access
If it is not possible for all users to access the central file system where Cleopatra Enterprise is installed, there
are various options to support remote access to Cleopatra Enterprise:
Citrix
This is actually the preferred way of supporting users over multiple remote locations which don't have access
to the company's network, but do have access to the internet. Citrix implements the server based computing
concept and enables application accessibility through small bandwidths.
Cleopatra Enterprise needs to be installed for each Citrix server. The "Shared configuration" directory
containing the license and other configuration data needs to be located on a common data server; the
Microsoft SQL Server needs to be located on a database server. For a good performance the communication
between the Citrix server and the Microsoft SQL Server must meet the recommended Microsoft SQL Server
requirements.
Multiple local versions
If there are users who have no access to the "Shared configuration" directory and database server, multiple
local versions of Cleopatra Enterprise need to be installed. Please note that each of these installations
requires a separate license. In order to share data between the various local installations the "Web sharing"
module can be used. The "Web sharing" module enables secure sharing of Cleopatra Enterprise documents.
Cleopatra Enterprise uses the WebDav protocol to accomplish this. In order to use the "Web sharing"
module client machines need to have access to a web server which supports servlet containers (e.g.
Tomcat) or an application server that supports at least servlet spec 2.3. The web server needs to have Slide
installed. The web server can be accessed from within Cleopatra Enterprise and sharing documents is just a
matter of dragging and dropping documents onto the web server.
Other technologies
There are various other useful technologies to enable network access for users who only have internet
access. VPN and remote desktop are just two of the available options.
5.2.5 How to prevent out-of-memory-errors
When working with large documents, you can encounter the following error message:
The task could not be completed, because it could not reserve enough memory. Check the manual how to
increase the amount of memory Cleopatra Enterprise can use.
To increase the amount of memory Cleopatra Enterprise is allowed to use, take the following steps:
Go to installation folder where Cleopatra Enterprise is installed. By default this is C:\Program
Files\Cleopatra Enterprise\ on Windows XP.
Create a new text document (right click in the folder => New => Text Document) and name it
"Cleopatra Enterprise.vmoptions" without quotes.
Open the file in Notepad (right click on the file => Open With... => Notepad) and add the
following line to the file:
-Xmx950m
This means Cleopatra Enterprise will reserve a maximum of 950 MB of memory when
running. You can increase or decrease this number as appropriate.
Restart Cleopatra Enterprise for the new memory settings to take effect.
You can check if the settings is correctly used by checking "Help => About => System Info"
and look for the line memory usage, which for the above example should look something like:
Memory usage: 27MB of 62MB (max: 508MB)
If you assign too little or too much memory, Cleopatra Enterprise will not be able to start and
show an error. Adjust the amount of memory or remove the line from the file to use the
default setting.
80
Installation
81
Administrator training
6 DBMS configuration
6.1 Database server registration
A database server is a program that stores data and processes SQL queries. The term may also refer to a
computer dedicated to running such a program.
Data on a (SQL) database server is stored in databases. In order for Cleopatra Enterprise to be able to
manage databases belonging to a SQL database server on the network, that server must first be added to
the list of managed database server registrations.
A database server registration can be compared to a connection that is made to the actual database server.
Registration refers to the process that makes Cleopatra Enterprise able to use a particular database server
(also see "How to create a database server registration").
82
DBMS configuration
6.1.1 How to create a database server registration
A database server registration can be compared to a connection that is made to the actual database server.
Registration refers to the process that makes Cleopatra Enterprise able to use a particular database server.
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management => Manage databases".
Press the "New SQL server registration" button.
The "New SQL server registration" dialog appears.
Enter "Localhost" in the address field.
Leave the "Instance name" field blank.
Enter the "Port" number e.g. by default the port number is "1433".
Press the "OK" button.
Press the "Close" button.
The "Configuration" dialog is closed.
83
Administrator training
6.1.2 How to open a database server registration
A database server registration can be compared to a connection that is made to the actual database server.
Registration refers to the process that makes Cleopatra Enterprise able to use a particular database server.
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management =>Manage databases".
Double click on the desired database server registration or press the ’+’ sign in front of it.
The "Login" dialog appears.
Select "Use windows authentication".
Press the "Login" button.
The "Login" dialog is closed.
84
DBMS configuration
6.1.3 How to create a database
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management =>Manage databases".
Login into a SQL server registration.
Select an SQL server registration.
Press the "Create database" button.
The "Create database" dialog appears
Enter a "Name" for the database.
Press the "OK" button
Press "OK" on the message dialog.
The database is created.
Press the "Close" button.
The "Configuration" dialog is closed.
For a newly created database, a demo user (password demo) is created. This user has all
rights and is useful when investigating all features of the product. It is recommended to
delete this user in a production environment.
Every newly created database contains the "admin" user (password "admin"). This user
has all permissions to perform basic administrative task like setting up the security. This
user cannot be deleted, nor can his security permissions be changed. It is recommended
that the password is changed in a production environment.
85
Administrator training
6.1.4 How to create a database user
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management => Manage databases".
Login into a SQL server registration.
Select a database.
Press the "Create database user" button.
The "Create database user" dialog appears.
Enter a "User name".
Enter a "Password".
Enter the password again in the "Confirm password" field.
Press the "OK" button.
The user is added to the database.
Press the "Close" button.
The "Configuration" dialog is closed.
86
DBMS configuration
6.1.5 How to reset a database user password
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management => Manage databases".
Login into a SQL server registration.
Select a database.
Select the database user who's password needs to be changed.
Press the "Reset password" button.
The "Reset password" dialog appears.
Enter a "Password".
Enter the password again in the "Confirm password" field.
Press the "OK" button.
An "Information" dialog appears.
Press the "OK" button.
The password of the database user is changed.
Press the "Close" button.
The "Configuration" dialog is closed.
87
Administrator training
6.2 Database connections
A database connection contains all parameters necessary to set up a connection with a certain database. A
database connection is a facility that allows Cleopatra Enterprise to talk to database server software,
whether on the same machine or not. A connection is required to send commands and receive answers.
Cleopatra Enterprise supports two different types of connections:
Public: Available to all users using the same configuration setting.
Private: Public connections are only available for the user that created them.
88
DBMS configuration
6.2.1 How to create a database connection
or
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management => Manage databases".
Login into a SQL server registration.
Select a "Database".
Press the "Create connection" button.
The "Create connection" dialog appears.
Select a "Personal connection" or "Shared connection".
Enter a "Connection name".
Select "Use Windows authentication" or use "SQL Server authentication".
Press the "OK" button on the "Create connection" dialog.
Press the "Close" button.
The "Configuration" dialog is closed.
89
Administrator training
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select the "Shared configuration => Database connections" or
Select "Personal configuration => My Database connections".
Press the "New database connection" button
The "New connection" dialog appears.
Enter a "Connection name".
Press the "OK" button.
Enter the database "Server name" that contains the database.
Optionally enter the "Port" number for the SQL server registration. e.g. to select the default
port number enter "1433".
Enter the "Database name".
Set a tick mark in "Use Windows authentication" or use "SQL Server authentication".
Press the "OK" button on the "New connection" dialog.
Press the "Close" button.
The "Configuration" dialog is closed.
In order to connect to an SQL server on a remote machine make sure the firewall opens
the port on which the SQL server registration is listening.
90
DBMS configuration
6.2.2 How to verify database connection
Select "File => Configuration" from the main menu.
The configuration dialog appears.
Select the "Shared configuration => Database connections" or
Select "Personal configuration => My Database connections".
Select the "Database connection" to be verified.
Press the "Verify database connection" button.
The "Verify Database connection" dialog appears.
Press the "OK" button.
Press the "Close" button.
The "Configuration" dialog is closed.
In order to connect to an SQL server on a remote machine make sure the firewall opens
the port on which the SQL server registration is listening.
91
Administrator training
7 Backup and restore database
7.1 Backup
7.1.1 How to create a backup of a database
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management => Manage databases".
Login into a SQL server registration.
Select a database.
Press the "Backup database" button.
The "Backup database" dialog appears.
Enter the full filename including the file path for the backup file.
Press the "OK" button.
The backup database is created.
Press the "Close" button.
The "Configuration" dialog is closed.
92
Implementation Plan Cleoptra Estimating
7.2 Restore
7.2.1 How to restore a database
Select "File => Configuration" from the main menu.
The "Configuration" dialog appears.
Select "Database management => Manage databases".
Login into a SQL server registration to which the database should be restored.
Press the "Restore database" button.
The "Restore database" dialog appears.
Enter a "Database name" for the restored database.
Enter the full filename including the "File path" of the backup file.
Press the "OK" button.
The database is restored.
Press the "Close" button.
The "Configuration" dialog is closed.
93
Administrator training
7.3 Migrate
7.3.1 How to migrate your data
Migrating existing data consists of the following three parts.
Migrating shared configuration data
See one of the following chapters for more information:
How to migrate shared database connections
How to migrate shared web sharing connections
How to migrate custom languages
Migrating existing databases
See How to migrate existing databases for more information.
Migrating user preferences
Migrating user preferences has to be done for each user (locally on his machine). See one of the following
chapters for more information:
How to migrate personal database connections
How to migrate personal web sharing connections
How to migrate user preferences
As an alternative you could make use of preference templates as described in "How to make
a user preferences template" and "How to import a user preferences template".
In case of any problems see "How to recover from an error during migration".
How to migrate shared database connections
94
Implementation Plan Cleoptra Estimating
7.3.2 How to migrate shared database connections
Select "File => Configuration" from the main menu.
Select "Database connections".
Press the "Update all connections from another Cleopatra Enterprise version" button.
The "Select Cleopatra Enterprise configuration folder" dialog appears.
Select the configuration folder of a previous Cleopatra Enterprise version.
Press the "Open" button.
If there are any database connections in the previous version that are not present in the
current version, they will be added to the list.
How to migrate shared web sharing connections
95
Administrator training
7.3.3 How to migrate personal database connections
Select "File => Configuration" from the main menu.
Select "My database connections".
Press the "Update all connections from another Cleopatra Enterprise version" button.
The "Select version" dialog appears.
Select a previous Cleopatra Enterprise version from the list.
Press the "OK" button.
If there are any database connections in the previous version that are not present in the
current version, they will be added to the list.
How to migrate personal web sharing connections
96
Cost Engineering
IJsselmeer 32e
3332 EX Zwijndrecht
PO Box 25
3330 AA Zwijndrecht
The Netherlands
Tel +31 (0)78 620 09 10
Fax +31 (0)78 620 91 42
www.CostEngineering.eu