ENABLE_USER_LOGIN_SCOPE_FILTER

BOOLEAN

When Logging in to a Laboratory:

• Where AD/LDAP authentication is configured that allows for the mapping of a user name back to a CCLAS user code (that is, the login user name is not the same as the user code), then this preference is not used, as the Laboratory Code filtering mechanism does not know the user code until the AD/LDAP authentication returns it.
• Where checked and an invalid or blank Username is entered, then the Laboratory drop-down list is empty.
• Where checked and a valid Username is entered, then the Laboratory drop-down list contains all laboratories attached to the roles assigned to the user (including all for those with global scope, that is, contains the asterisk '*' character) where the laboratory's Is Available for Login check boxes is checked.
• If cleared (default on deploy, default if missing), then the Laboratory drop-down list contains all laboratories where the laboratory's Is Available for Login check boxes is checked.

The preference is only applied from instance level.

Security consideration: This preference should only be enabled where an organisation's user accounts are known and there is no risk of others seeing which laboratories are assigned to which username as it is possible to use this mechanism to 'spoof-check' whether a username is valid and setup for some laboratories. Security implications imply that an organisation must turn this feature on explicitly.

Related Processes

• Logging in to a Laboratory

• Maintaining Laboratories