Administering Users

Contents

[edit]

Adding a User

To add a user, log into OpenMRS as an administrator and click on the "Administration" menu:

Enlarge

From there, you will see see a list of options. One of these will be "Add User". Click it.

You'll be prompted to enter a name, gender, and birthday or age. This information is required because OpenMRS creates a unique "Person" object for each user. Person objects can be both a patient and a user, so OpenMRS needs to ensure that the user you are about to create doesn't exist.

Image:Add_user.png After clicking "Create Person" OpenMRS displays a form where you can fill in a username and password.

Image:Manage_user.png

[edit]

Roles and Privileges

Controlling User Access: Roles and Privileges

[edit]

Resetting User Passwords

If a user is locked out, it is possible to reset their password using the "Edit User" administration site.

However, if said user is actually the administrator, you have to reset things manually.

  • Option #1: Go into the "users" table in the database and set the "secret_question" and "secret_answer" columns in plain text. Now use the "I forgot my password" link in the OpenMRS web application to reset your password
  • Option #2: Change the "password" and "salt" columns to known hashes:
    • password: 4a1750c8607d0fa237de36c6305715c223415189
    • salt: c788c6ad82a157b712392ca695dfcf2eed193d7f
    • This sets the username password to "test" for all 1.5.0+ installations.
[edit]

Managing User Lockout

Starting with 1.5, authorization controls were added:

  • Users are locked out of OpenMRS for 30 minutes after 7 incorrect password attempts.
    • Number of attempts and last attempted time are stored as a user property. The Edit User administration page will allow you to edit the current user's properties. (Alternatively, you can clear the rows in the user_property table for that user.
  • IP addresses are locked out after 10 username/password attempts.
    • The number of attempts per IP are left in memory on the server in the LoginServlet. Restart OpenMRS to clear this variable.

At least the second one is configurable as a global properties: security.loginAttemptsAllowedPerIP

Retrieved from "http://openmrs.org/wiki/Administering_Users"