Configuring Login Laboratories for Users

Security considerations

This feature should only be enabled where an organisation's user accounts are known and there is no risk of others seeing which laboratories are assigned to which username as it is possible to use this mechanism to 'spoof-check' whether a username is valid and setup for some laboratories. Security implications imply that an organisation must turn this feature on explicitly.

Where an organisation's user accounts are known and there is no risk of others seeing which laboratories are assigned to which username, as it is possible to use this mechanism to 'spoof-check' whether a username is valid and setup for some laboratories, then the system is configurable to present the laboratories based upon a user's role when the user logs in with their valid user code by setting the ENABLE_USER_LOGIN_SCOPE_FILTER application preference.

Where the preference is enabled, when a valid user code is entered on the login dialog, then the Laboratory drop-down list contains all laboratories attached to the roles assigned to the user (including all for those with global scope, that is, contains the asterisk '*' character) where the laboratory's Is Active and Is Available for Login check boxes are checked.

Note: This preference is not applied where AD/LDAP authentication is configured that allows for the mapping of a user name back to a CCLAS user code (that is, the login user name is not the same as the user code), as the Laboratory Code filtering mechanism does not know the user code until the AD/LDAP authentication returns it.