Internet Dealer Access

Requirements

Standard operation:

When using Windows Terminal Services to manage the remote connection:

Recommended Setup

See the Dealer Setup Guidelines for recommended settings when using this for dealers and installer users.

Operator Security Group Setup

Create a new operator Security Grouping and set the Group Type to Dealer Access. Assign the group the desired security rights. Many features are disabled in DealerAccess, and some rights will not apply. Edit client, main program access, and reports work as per normal.

Operator Setup

Create a new operator account for the dealer, and assign them to the DealerAccess group. If restricting the dealer's access to a particular set of clients is a requirement, you will need to set up Operator Restrictions for the new DealerAccess operator. Operator Restrictions is a Patriot Enterprise feature, but all IDA module registered Patriot installations are given access for operators assigned to the DealerAccess Security Grouping.

Site Groupings Setup

Maintenance Menu Item → Clients→ Site Groupings

tasks

Patriot provides an unlimited number of user-defined grouping categories which can be used to group clients together. One of these Site Grouping categories should be used to record the IDA installer who is responsible for the account. The category is also used for operator filtering, as below. This restricts the dealer from viewing or editing clients which do not belong to them. If an IDA category does not exist in your system, insert a new client grouping type and enter a group type name, e.g. IDA or Dealer. Then, add each dealer as a new client grouping belonging to the category. New dealers can be added later by returning to this screen. It is also good to add an 'All' option, which can be assigned to templates or other accounts which all dealers should have access to.

Operator Restrictions Setup

Security Menu Item→Operators → Operator Preferences

tasks

Uncheck the Full Client Access checkbox and using the insert button, select the Site Grouping to which this Dealer Access Operator is to be restricted to. If the Site Grouping does not currently exist you will need to create it by setting up a new Site Grouping, as above. The dealer will then only be able to view clients in the selected categories. Note that this applies to templates as well, so dealers can be restricted to certain templates. It is recommended to place general templates in an 'All' grouping, which each dealer will have access to in addition to their own clients.

For the site restrictions to apply, you need to make sure that Operator Filtering is enabled in SystemSettings/SystemWideSettings/DataServiceSettings

Data Services Settings Screenshot

Inserting New Clients

IDA users can also insert new clients, if they have the required security permission. Some additional setup is required in order for this to work smoothly.

Dealers are not allowed to insert a new blank client, they must copy an existing client. A template client must be set up which forms the starting point for any new clients which a dealer inserts. Set the reporting group of the template client so that the dealer has access to it. Assign the dealer's installer user to the template as well (See Dealer Setup Guidelines for more info). Finally set any other general details which should be filled in for the dealer clients as required.

When a dealer attempts to insert a client, they must select this template to copy from. Multiple templates can be set up for them if required by repeating these steps.

If a dealer client ID range is set in Operator Preferences then the dealer will be restricted to inserting clients within that set range.

InsertNewClient

Insert New Client

Standard operation

Setup Patriot Encryption on the server and on each dealer's remote Patriot 6 workstation. Each dealer should now be able to login to the Patriot server remotely using the operator credentials setup earlier, just as if they were on the local network.

Note: in certain IDA usage cases, where dealer's have been given access to data intensive Patriot functions such as Reporting, a fast broadband internet connection may be required. If network performance is a factor for your setup, it is recommended that you setup the IDA module with Windows Terminal services rather than direct Patriot communication.

Operation with Windows Terminal Services

Log into Windows under the account each account a Dealer will be using. Start Patriot, and on the login screen open the options section by selecting the spanner icon. Change the “Interface Port” option to a unique number. This will need to be a number not used by any other users of the machine. Do not modify the other settings. Save the changes and logout and in to Patriot to test the account.

Command line options may also be useful when running under Terminal Services. Patriot can be configured to auto-login, skipping the standard Patriot login window . When combined with the Terminal Services option to disable the desktop and run only a specified program, this will limit the remote user to running Patriot only. Consult the Terminal Services documentation for advice on configuring this option. Additionally, command line options can be used to set up different workstation settings for each Terminal Services user instead of using shared settings. We recommend using the new WINAUTOLOGIN option over the standard AUTOLOGIN option as it is more secure when using Terminal Services. Check the Command Line Parameters documentation for information on both auto-login and workstation settting options.