hello everyonethank you for your patience and welcome to the webinar entitled managing oracle clinicalrdc and tms user accounts with ease, presented by michelle engler from biopharms. i am eugenestepanov and i will be doing some housekeeping items before turning it over to michelle.during the presentation all participants will be in listen only mode, however you may submitquestions to the speaker at any time today by typing in the chat screen on the left sideof your screen. your questions will be addressed anonymously at the end.well good morning and welcome. this a webinar ona clinical account management tool that has been in development at biopharm and releasedto production. it is a tool designed to manage
oracle clinical rdc and tms accounts. wewill start with a short presentation and go into a live demo. any questions that you mayhave feel free to enter them into the chat window and i will be answering them at theend of the presentation. first of all i am michelle engler. i am aclinical systems developer and i have been with biopharms for almost twelve or thirteenyears. i have experience in development with many different languages and i have been workingwith oracle clinical and oracle clinical technologies for many years. i am familiar with the backend, the front end, and how tings are set up in the system. i have a lot of experiencewith the system. first of all the clinical account manager overview. here iswhat i will go over. first i will talk about
what is accel-account manager, what is a clinicalaccount in terms of accel-account manager. i will talk about new account request, passwordreset, and when you have accel-account manager and when you don't have accel-account managerwhat that process looks like internally with resources i will go over some of the featuresof accel-account manager and talk about the installation and technology stack and finallygo over a demonstration. accel-account manager is a web based systemdeveloped to become a single source solution for managing clinical accounts—passwordsand the various components, available through an internet or intranet url. this is the administrationtool of the account manager that you see here. in terms of accel-account manager and oc,what is a clinical account? a clinical account
is sort of a single entity in that it connectsto a single person. in the world of oracle clinical account has many different componentsthat cross several servers and databases and also have to involve resources in creatingclinical accounts. for example let's take your production environment. in the productionenvironment you have a database, a database operating system, you may or may not havea report server and you may or may not also have a sas server. in the database you havean account, database roles, password profiles, oracle clinical study site access and racstudy site access. in the operating system of the database server you have to have anaccount for psap jobs, home directory and log director. in the report server you needan account and report directory and in the
sas server you need an account and a staffdirectory. so a single account and production has all of these different elements to it.historically this has been done by hand or had custom tools developed to manage partsof it. now this is your production environment, let's say you have additional environments,such as a test environment. now i have just doubled that, and if there is a developmentenvironment we have just tripled that. so as you can see a clinical account is juststraightforward as conceptually we like to think of it, it does involve all these differentpieces which cause possibilities of errors when setting up an account it causes timeto actually create all these different things. so accel-account manager is designed to addressall of this. so here is a version of how a
new account request would go in today's world.i followed biopharm's process when putting together these slides. your process at yourcompany may be a little bit different but at the gist of it it still involves thesekinds of steps. so in this case we have an end user, and they have a question, may ihave an account. generally that goes posed to some kind of a manager. that manager maycommunicate that to a help desk or support representative and that person will startcoordinating this account. they notify the database administrator and the it professional.the it professional has to create certain it components of the new account and thentell support representative that those have been completed and the database administratordoes a similar process from the database side
and lets them know that it has been completed.the support representative gets that communication back and lets the manager know that the accountis ready. at this point the account still needs to have study access added to it. thereis the oracle clinical study access and the rdc study access and after that is completethe manager will notify the end user that the account is ready and the end user canlog in. so if you stand back from this slide and look at all of the things that go intocreating an account and it is very involved for something that has to happen multipletimes within a course of a year or a study to create all of these different accounts.now look at what it would be like if you had accel-account manager. you have an end usersay 'may i have an account' and a manager
says 'yes, you may have an account' let meadd it with a accel-account manager and the study site security and as soon as they aredone setting that up in accel-account manager an automatic email notification will go tothe end user, they can verify the account and then use their account. so it is a muchsimpler process with accel-account manager. we have freed up our da manager and the itprofessional and we have not bogged down the help desk assistant and have kept it in-housewith security. people who have the expertise to understand what needs to be put in placeare there to manage it. in the case of a password reset we have asimilar process. let's say an end user forgets their password. they have to communicate withthe manager that they forgot their password
who will notify the support representativewho will in turn notify the database administrator and the it professional who will reset thepassword as needed on the various components and notify back to the support representativewho will in turn notify the manager who will notify the end user and this user came inin the morning to do their work and now they have to wait for this whole process to ensurebefore they can do their work again. in the case of accel-account manager theyforget their password they can log into accel-account manager and reset it themselves and be upand running immediately without involving all those additional resources.what is accel-account manager and what can it do? in the case of accel-account managerfor managing clinical accounts it creates
the clinical accounts, it updates the accounts,it manages the profiles for the account and the database roles for the account. and avery important functionality for accel-account manager is it is designed to be a single sourceentity which means i have a production, a test, and a development environment, i donot need to log in to three accel-account managers to manage the account. and accountin the terms of accel-account manager is a single entity that has access to multipleenvironments. and when you want to give access to additional environments for an accountit is a single screen where you can set that access up, one log in, not three. it linksit to a single clinical account in accel-account manager. i will show you that live as well.in addition it has account maintenance functionality
such as resetting several passwords at once;it can disable one or more clinical accounts as needed. it also has the ability to generateseveral clinical accounts en masse particularly useful if you have a large rdc study startingup and you want to set up 100 accounts. that is very time consuming but using accel-accountmanager you simply set up a spreadsheet and you can load them into the system with allthe different components necessary for those clinical accounts. in addition it providesauthority for granting and revoking rdc study site security en masse. to helpfacilitate this process of setting up multiple accounts at once, setting up security formultiple accounts at once there is a screen to help manage study site security. finallyeverything that is done through the accel-account
manager has complete logs that are availableto be viewed by the administrators, to be queried based on dates, based on user andcan also be downloaded to excel for further processing as needed and there is also a logof system generated emails that again can be queried and downloaded as needed.for the end user we give the functionality of resetting their own password, of settingup and resetting security questions which are utilized for the purposes of resettingone's password and likewise to allow them the ability to retrieve their username incase they forgot what that was. there is account security protection in that the user has tocustomize the password to what they want it to be. that password is synchronized not onlyto the database accounts but also the operating
system account that gets created so if thereis a unix account on the database server when they reset their password or set it to a customizedvalue all of the passwords get synchronized. that functionality is customizable by theclient if so desired however it does provide a facility to keep that password in synchamong all a clinical accounts. in addition it has this automatic lockout in the casethat a user is trying to reset his or her password multiple times with failure the systemwill put a hard on the account which requires the administrator to remove that hard lockand it does notify user via the email address and also notifies the administrator when thisoperation occurs so with that notification and that protection it helps to assure thatthe credentials are not compromised. in addition
there are automatic notifications sent outof account credentials so we no longer have to involve a support representative or anyoneelse putting together what those credentials are, the user can manage them themselves.automatic notifications of important changes, when accounts are updatedwhen security setting are applied, the user gets an automatic email notifying them whenthose things are applied and again the administrator is kept in the loop in the case of an errorwith the account or a locking action that occurs. so how does is this installed?what does the technology stack look like? so in the case of accel-account manager interms of production it gets installed one time, often there is a series of release interms of tests and doing qa and that kind
of work. in terms of production use it onlyneeds to be installed in the production server and then it links to your additional environments.you don't have to install it three times and that is the single install methodology. itstechnology stack is active state perl with apache web server it also have javascriptand html involved with it. this is the conclusion of the presentation. i am going to go intothe demo now. this is the administration tool for the accel-accountmanager. there is credential here; the user has to have a specific role assigned intoit. that role is managed through accel-account manager as well. i log in and come to themain menu here and i want to create a user account so i will click on a new user account.i have this new user here, a mary engler that
needs an account, i will enter the user namehere, it does allow for rdc accounts with altaobstaller by the way as long as they arenot being granted oracle clinical access. then i enter the email address of that user.there is a very important feature in this system that is with email domains. certainemail domains have the ability to have administrative type access and certain email domains do not,in the case of the biopharm.com domain i have it set up with administrative access but ihave another domain that is noadmin.com and certain features become disabled. i can nolonger grant administrative access, grant all study access and my database roles getlimited. that is all configurable in a particular install so whatever roles will be hided orshow is also configurable. in this case i
will do my email address, everything becomesactivated and you can see there is this environment of gmasters so in theory that would be yourproduction environment to start out with. if you select or unselect certain featuresthings can appear or disappear on the screen. so in case of oracle clinical study accesswhen i check it there is this box that is oracle clinical study access it appears wherei can select all or i can select study access i can access specific studies to grant accessto a user. in addition if i want to grant rdc access i simply click this box and thisother area of the screen would appear where i can add an rdc study. here is what thatlooks like. i would click rdc study, i click add study and it comes up with the granularsecurity options for rdc on the study level
and then i want to add site level as welli can just click this link here and get a list of my studies and i can add them to thesystem. so i go ahead and i click these security settings of the site, the security at thestudy. if i click admin i get a warning that this is an administrative privilege so i knowthat is what i am about to do and if i like i can add another study as well. so this isone of the ways you can set up rdc study access and there is another way i can set them upen masse as well. here i get to decide which password policyto apply to my account and also set the roles i am interested in granting to my account.this is the production environment labeled here. if i want to add another environmenti click this link, add environment, and that
will come up with my additional new environmentsthat i have not yet added and get another set of options for security for this particularclinical account. there is also an option to link a new environment to a master environment.this would be useful in the case that you had a test environment that was a copy ofyour production and you wanted your accounts to have the same security settings for theproduction as for the development. you would click this option to link it to the masterenvironment and so all the security settings for my primary environment, my productionenvironment perhaps, will be applied to this environment as well automatically. if i decidei want to add it and be able to customize i just would not select that link functionalityand again i get to set up what the study access
should be and the role.now what i will do is click user account. i go out and create database accounts, theos server account, if it was a report server account, a sas server account and all thisis being created in the primary and the secondary environment because i added that as well.when it is complete it will automatically send an email to the user. i have it righthere. now the content of this email is customizable, it comes from a template, you can put variablesin it, you can change the way it looks, what it says. it has a "click here" to verify youraccount. now, i am mary engler, and this is my new account created. i was notified thatit was created and i click here and then i am taken to a page where i get to verify myaccount. that is a time limited functionality,
the amount of time that temporary passwordwill work for mary is customizable based on security settings. you can set it to be like3 hours, if mary does not verify her account in 3 hours she will have to notify the administratorto reset her account after three hours. so i am going to give a custom password and theni have the option of selecting my security questions, this is not a case sensitive answerhere so whether i capitalize this or not is no matter. now it is going to go out of hereand reset the account password with my custom password on all the different components.in addition, when it is created, it is created in something called a 'soft lock status.'what this means until that user goes and verifies his or her account that account will not workin terms of login in the system. after it
is verified that soft lock is removed andmary engler should be able to log into her account. so let's check that out.this is oracle clinical, i will log into oracle clinical. here comes my login and i can login with my new account and password and my database. when i log in there is the mainscreen and i can look at what was set up in oracle accounts for mary engler. and thereit is. a p-sub directory with setup that was already created on the server, all of thesethings have been configured. so there we go, we have access. another thing to realize aboutthe accel-account manager is that in terms of the system there are many ways to do thingslike setting up customized passwords or assigning data base roles or setting up security forthe studies so accel-account manager reads
this information real time. it does not storeany of the password credentials or what these accesses are. it is reading that from thesystem and the many environments as well. so if there is a change made to rdc studyaccess using the native functionality in rdc oracle clinical accel-account manager willpick that up without an issue at all. the other thing i can do here is update the accountfor mary engler, i can go into it, i can modify those settings, and i can add to my settings,i have those options as well. as a user i have now the ability to reset the passwordmyself. this functionality looks like this. click reset my password and enter in the username and the email address and you click reset password. and now it is going to ask me oneof my security questions which i will enter
and then it will set up a temporary set ofcredentials, email this information to me , then i will be able to go and log in andverify my account and reset my password again. in addition if i forgot my username i couldretrieve that username by entering an email address and an answer to a security question.it will show it on the screen and it will email it to me as well so i will know if thesethings are happening if somebody else were doing this things and had gotten through allof these steps. similarly if i wanted to change my security questions i could do so by enteringmy credentials here and so here i could set up different ones. now we are all set up.this functionality of the user tool oftentimes people will split with the way it is installed.the user tool component will be installed
on the internet and accessible to all usersincluding rdc users who may not have vpn access and then the admin tools will be in the intranet.so that ability also exists with this system. in addition you can add links to this useraccount from the native oracle clinical functionality. for example here in onsite if i was in hereto log in i could put these links in here, if i forgot my password i could click thislink and immediately the functionality for resetting the password is available to me.i put in my own password. similarly it works that way for retrieving my username credentialsand it can be added on to the oracle clinical functionality or the rdc classics. it canbe integrated in terms of facilitating your users, being able to get access to the accel-accountmanager website.
the next thing is to show the mass loadingof accounts. in this case i would click this link, mass load user accounts, and i can selecta file. if you remember from the presentation the mass load user accounts is a functionalitywhere i can generate user accounts from an excel spread sheet. i have an excel spreadsheethere that i can show you. here we are looking at an excel spread sheet with three userswith the first name, last name, username email address and all of those things that you needto specify. there is a format for specifying multiple environments within a single spreadsheet.this particular spreadsheet will be processed on a line by line basis, and by that i meanif a user doesn't get created for some reason, that will get flagged and it will continueon to the next user. and then you will get
a resultant file that you can work with forcorrecting any errors. let me show you how it does this job. selectingthe spreadsheet, click open, load accounts. it takes about seven seconds depending onwhat sort of access is being generated. when it is complete it comes up with these twolinks where you can download the resultant excel file and look at the log file. the logfile will tell me that it is succeeded or did not succeed in terms of creating the accounts.here i had three successes for creating these users. the excel file can be downloaded andthis is the file that gives me the status of these accounts. here you can see everythingwas successful, if there was an error it would say error with the reason for the error andi could correct that within this resultant
spreadsheet and set my status to reload andthen i could reload the same resultant spreadsheet through the system and it would only addressthe line items that were set to reload and that is the way to correct your errors andhaving multiple users and perhaps a few failures that needed to be addressed.after i have actually created these accounts, let's say i am doing it for an rdc study imay need to assign rdc privileges. so in this case there is a screen in the accel-accountmanager called rdc privilege assignments where i would come in here and select the environmenti am working in, and then i could select the study i am working in and then we have thisconcept of a security scheme that was come up with by a consultant at biopharm who hasworked with these security settings before
and the thought was if we can not hard linkbut facilitate a standard assignment of these security settings to certain roles and allowthem to be changed, allowing whatever we need to happen happen, what we get is when i havean investigator i want the roles to look like this. this is what i want to be doing formy investigators. so you have the ability to add to this list, to customize it, whateveryou need to do for these security schemes to predefine in the system what you wouldlike these roles to look like. the next step is to decide which users will get these privilegesgranted to them. you can query the users by partial searches,just type in us it would take everything with us in the name, mar i am going to get mary,so it has this ability for whatever users
you want to use the assignments for. and interms of a mass load you may want to query by the creation date and find all of the usersthat were created today. lets say everyone except mary we want to assign security accessto this 0053 study, i can then associate a user with a site. now, i can associate a userwith more than one site. what i would do in this case is i would add the first initialsite assignment to my security screen and then i would say yes i would like to do moreof this and lets's say i want to assign user one also to b00 i would just add that useragain so i can keep going through this process until i get my comprehensive list of how iwant to assign my users and the sites that they are working with and then i click grantsecurity and it will grant all the access
to the rdc study to these users. similarly,let's say i had a site that's shut down and i want to revoke all access to that site iwould have the ability to query off all the users that had access to that study and goahead and set it up so that all access to a particular site was removed. or if i justwanted to querey the ones that had access to that site i would select their site, addcollective users, revoke security and it would take away all the security for those users.another feature of the system is to reset your passwords for your users. you can dothis en masse by selecting multiple users and just clicking the reset password button.all of these users would be reset to temporary passwords and notified via email and thenthey would have to go in and verify their
account again.in this case password was successfully reset. the other feature is the lock/unlock account.in this case you have two options: a hard lock and a soft lock. soft lock is what iwas talking about earlier, that when you reset the password the user will not be able tolog into their account until they verify their credentials. in addition an administratorhas the ability to hard lock an account. this case simply clicking lock account is goingto put an administrative lock on the account which cannot be undone by the user themselves,it has to be taken off by the administrator. that lock involves the database account andalso the disabling the os account on the server. so all components become disabled then thereis a lock on the account. that is the case
for both the soft lock and the hard lock.the difference between them is that only the administrator can remove the hard lock.all of these operations that we have been working in have account logs associated withthem. this is the screen where you can query up what those logs are. let's say i just wantto see all of the operations that were done for my user mary engler i could just put theuser account here in the filter and then find logs. let's say i want to find all the logscreated today. once you get all that information available to you and you can download it toexcel for further processing on the other machine. similarly there are email notificationlogs available where again every email that was sent when there was a bad email addressgets flagged. in the case of this where there
was a bad email address the administratoris notified of this so that means that if there is a problem with an email address thatcan get resolved as soon as possible. this does accept a common deliminated list of usersand you can download it to excel. it keeps the full log of this whole send operationso if there was a problem with the server or something else goes wrong that is availablefor review in terms of resolving the issue. finally there is a screen for managing domainlists. this is where we control which domains have access to the system and which do not.you can add a domain from the create user screen and from the edit user screen. andif it is not in here it can prompt to create. you can also come in here and control whetherit has admin access or not, you can deactivate
a domain and then any future actions whencreating an account will not allow that domain to be referenced, in the case of domains notbeing utilized you can delete it from the system. finally on the screens, every screenhas a help feature which is content sensitive help so it serves as an online user guideto give the help to the user when they have questions about different screens. in additionthere is an additional user guide for admins and for end users which is simply a document.so that is the end of this demonstration. if you have any questions please put themin the chat window and then my colleague eugene stepanov will be reading the questions andsending them on to me. i will try to answer them to the best of my ability.great, thanks michelle. before we move on
to the q&a session i want to remind everyonethat you can type in your questions in the chat feature. your name will not be mentionedand we will try to answer as many questions as we can in the next ten minutes or so. wewill go to the first one. do you have some sort of built-in check on the excel filesused for mass account creation or is it solely depend on the creator of the excel files.in the case that these excel files have an issue with them, the system checks it as itis loading it and will actually flag that issue. let's say that there was some sortof discrepancy in how it was set up and that will get checked and flagged in the excelfile itself. let's say that i tried to create user 2 and took away the abstaller and itit had oracle clinical and rdc access specified
here that would give an error because youhave to have an abstaller when there is oracle clinical access specified. so there is a checkthat is done while it is going through and it gets flagged on an item by item basis,and go on to the next line, just making a note that there was a problem with that user.great. next question is can access to test mode access be granted.yes. well, i am not sure if that means test mode for the study, certainly the system doesprovide the ability to gain access to test elements. in terms of database roles whichare utilized for giving access to test mode, you can customize this list of what the rolesare and what they are colled in your particular environment. so if you want test data entryavailable that would get poplulated in a metadata
table to make it appear here and be availableto be granted to the user. if i didn't answer that question, please text another questionand i will follow up with it. do you have and can you show an automatedaudit report? so in this case an audit report would be,in terms of the accel-account manager, all of the activities in a certain account. iwanted to see everything that ever happened to mary engler's account including all ofthe resets and retriever user names what i would do is i would query for that particularuser and then download that to excel and then you would have all of the information in termsof who did the operation, what happened, what activity was done, what username was impacted,what ip address, what browser was used to
access the information. so this would be areport, the audit report of what happened in the system.how can the tool be made accessible in the internal network and the internet?in this case, what happens is lets say you have an environment where you have an rdcserver or some other server that is available over the internet but you also have the oracleclinical protected under intranet. in this case the application server component of itwill be installed on the oracle clinical for the administrative portion of the tool andin the case of the user tool that part would get installed on the rdc server and thereforethe accesses and the urls would be handled differently and it could be split up betweenthose two environments.
what are the validation requirements and approximatetime required for install to validated use. there is an extensive set of test scriptsavailable for the tool, something like 160 test cases and 3-400 pages of test cases,those take about three days to run. there are different requirements depending on whatthe different company's requirements are. in terms of testing and pq testing. i canspeak to how long it takes to install and how long it takes for the test cases we havewritten for the tool but the other parts would have to be decided on a case by case basisdepenind on internal constraints of your company. in terms of installing this tool, doing itin a documented way takes 4-8 hours depending on the complexity of the environment and theactual operation of installing it i can do
in a couple of hours but doing everythingaccording to quality standards increases that time considerably and again executing thetest cases takes approximately three days. all the documents are in place, we have userrequirements, function requirements, all of those things are in place already for thetool so that is available from day one and as far as your internal policies or procedureswe tend to work with companies on identifying and specking out what needs to happen in termsof actually installing nd releasing the tool. is the tool check if the user account is alreadyin use when trying to create it? it does, yes, absolutely. so what it doesis lets say i tried to create an account m. engler or let's say there was already an accountin the systema dnt hat account was linked
with the first and last name of mary l englerand the system would notice the discrepancy and would notify the creation time and thatthere is an account that already has this username but it has a different first andlast names so do you want to link these, or change your username, so that gets checked.it also in the case that everything lines up as expected it will decide that the accountis linked with what you are creating here so there is some logic in deciding if thataccount belongs to this new user. what i am talking about here is when you have an accountthat is in oracle clinical that is not in accel-account manager. that tends not to happenvery much as you go forward because we import those accounts that we use into accel-accountmanager so we have a list of those accounts.
then if you go and try to add something thatis in conflict in terms of first or last name or email account, you can only have one emailaddress per user, you cannot have multiple users with the same email account so thosekinds of checks are put into place. notification, etiher an error or a warning depending onwhat the check is provided to the user. can the tool be customized to meet specificneeds? well, that is a good question too. it is reallyhard to answer it in a general sense. things that are already built in to be customized,like the way that the unix accounts are creating, the tool is linking up with some scripts thatare being run through pseudo. and those scripts can be modified so in the case that you hadsome specific requirements on how your unix
accounts were created you could modify that.all of the database lists are customizable, what security schemes are customizable soit is a hybrid question, of course we can enhacne and modify doing a consulting projectso that is always a possibility and in addition there are quite a few areas where based onsettings and metadata what is shown to the user can be customized. i would encouragethe asker of the question to contact vicky green in the case that they have more specificrequirements that they want to inquire about. it is hard to answer that in a general sense.it looks like we have used up the allotted time we had for this webinar. michelle ifyou would not mind showing vicky's contact information.
0 komentar:
Posting Komentar