genemapper id-x software - thermo fisher...

ADMINISTRATOR’S GUIDE

For Research, Forensic Paternity and Cell Line Authentication. Not for use in diagnostic and therapeutic applications.

GeneMapper®ID-X Software Version 1.5

Publication Number 100031703Revision A

The information in this guide is subject to change without notice.

DISCLAIMER

LIFE TECHNOLOGIES CORPORATION AND/OR ITS AFFILIATE(S) DISCLAIM ALL WARRANTIES WITH RESPECT TO THIS DOCUMENT, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. TO THE EXTENT ALLOWED BY LAW, IN NO EVENT SHALL LIFE TECHNOLOGIES AND/OR ITS AFFILIATE(S) BE LIABLE, WHETHER IN CONTRACT, TORT, WARRANTY, OR UNDER ANY STATUTE OR ON ANY OTHER BASIS FOR SPECIAL, INCIDENTAL, INDIRECT, PUNITIVE, MULTIPLE OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH OR ARISING FROM THIS DOCUMENT, INCLUDING BUT NOT LIMITED TO THE USE THEREOF.

Limited Use Label License No. 540: Sequencing or Fragment Analysis Intellectual Property for Human Identity Testing Software

Notice to Purchaser: No right to resell this software product, any upgrades, modified versions, updates, additions, copies, or any of its components is conveyed expressly, by implication, or by estoppel. This software product may be used to perform internal research and development for the sole benefit of the purchaser; provided, however, that Life Technologies Corporation (“LTC”) does not convey any right or license, whether expressly, by implication, by estoppels, or otherwise, under any LTC patents that claim DNA sequencing or fragment analysis methods, to the purchaser by the purchase of this software product to use such DNA sequencing or fragment analysis methods. This software product is not for use in commercial applications of any kind, including, without limitation, quality control and commercial services such as reporting the results of purchaser’s activities for a fee or other form of consideration, except as follows. A limited license to use the DNA sequencing or fragment analysis methods covered by such patents can be obtained for certain research and development activities (a) through the purchase of certain LTC reagents that convey rights for commercial use (e.g., LTC kits for performing human identity testing and LTC kits for performing in vitro diagnostics testing) when such reagents are used on an authorized LTC instrument, or (b) directly from LTC. In addition, LTC grants the purchaser a limited right to use this software product in conjunction with: (1) a second product purchased from LTC or that conveys rights for commercial use (e.g., LTC kits for performing human identity testing and LTC kits for performing in vitro diagnostics testing) and (2) an authorized LTC instrument that conveys rights for commercial use to perform services on a fee per test or contract basis. For information on obtaining additional rights, please contact [email protected] or Out Licensing, Life Technologies, 5791 Van Allen Way, Carlsbad, California 92008.

TRADEMARKS

All trademarks are the property of Thermo Fisher Scientific and its subsidiaries unless otherwise specified.

This product includes software developed by the Apache Software Foundation.

This product includes software developed by the ExoLab Project.

JNIRegistry is copyrighted © by ICE Engineering, Inc.

Microsoft and Windows are registered trademarks of Microsoft Corporation.

Oracle is a registered trademark of Oracle Corporation.

GeneMapper®ID-X Software v1.5 has undergone a verification process pursuant to Life Technologies Corporation and/or its affiliate(s) internal quality process. However, we recommend that customers installing or using GeneMapper®ID-X Software v1.5 perform any internal validation testing they deem necessary according to relevant guidelines. Each laboratory is solely responsible to ensure that its GeneMapper®ID-X Software v1.5 satisfies or will satisfy SWGDAM Guidelines or other applicable guidelines and is fit for each laboratory’s applications.

© 2015 Thermo Fisher Scientific Inc. All rights reserved.

Contents

3GeneMapper® ID-X Software Administrator’s Guide

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1 Setting Up User Accounts and User Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9GeneMapper® ID-X Software Electronic Data Chain-of-Custody Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Overview of the Security System . . . . . . . . . . . . . . . . . . . . . . . . . 11

Default User Accounts, Profiles, User Groups, and Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Default Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Default Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Default User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Default User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Starting the Security Manager . . . . . . . . . . . . . . . . . . . . . . . . 20

Setting Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Setting Up User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Using Default User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . 24

Creating New User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . 26

Using Security Groups to Control Data Access . . . . . . . . . . . . . . 29

Customizing Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Creating Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Editing or Deleting Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Profile Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Customizing User and Security Groups . . . . . . . . . . . . . . . . . . . . 39

Creating User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Creating Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

GeneMapper® ID-X Software Administrator’s Guide4

Maintaining User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Editing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Changing the Password for a User Account . . . . . . . . . . . . . 44

Deleting a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Activating, Deactivating, and Suspending User Accounts . . 46

Viewing the Security Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Exporting and Importing the Security Settings . . . . . . . . . . . . . . 49

Chapter 2 Managing the Audit Trail System . . . . . . . . . . . . . . . 51Overview of the Audit Trail System . . . . . . . . . . . . . . . . . . . . . . . 52

Default Audit Map Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Using the Audit Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Starting the Audit Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Configuring the Audit Map . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Printing an Audit Map Settings Report . . . . . . . . . . . . . . . . . 59

Audit Map Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Viewing Audit History Records . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Starting the Audit History Viewer . . . . . . . . . . . . . . . . . . . . . . 63

Creating Audit Record Queries . . . . . . . . . . . . . . . . . . . . . . . 64

Performing Audit Record Queries and Viewing Audit Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Example Audit Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Printing Audit Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Backing Up, Removing, and Restoring Audit Records . . . . . . . . 69

Chapter 3 Managing the E-Signature System . . . . . . . . . . . . . . 71Overview of the Electronic Signature (E-Signature) System . . . . 72

Default E-Signature Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring the E-Signature System . . . . . . . . . . . . . . . . . . . . . . 73

Starting the E-Signature Manager . . . . . . . . . . . . . . . . . . . . . 74

Enabling the E-Signature Function . . . . . . . . . . . . . . . . . . . . 74

Configuring E-Signature Actions . . . . . . . . . . . . . . . . . . . . . . 76

E-Signature Action Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77


Viewing E-Signature Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Specifying E-Signature Queries . . . . . . . . . . . . . . . . . . . . . . . 78

Performing E-Signature Queries and Viewing E-Signature Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Printing E-Signature Records . . . . . . . . . . . . . . . . . . . . . . . . . 80

Backing Up, Removing, and Restoring E-Signature Records . . . 80

Chapter 4 Maintaining the Software and Database Application . . . . . . . . . . . . . . . . . . . . . 81Maintenance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Recommended Maintenance Schedule . . . . . . . . . . . . . . . . . 82

Using and Maintaining the Oracle® Database . . . . . . . . . . . . . . . 83

Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Maintaining the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Using the Database Dashboard Software . . . . . . . . . . . . . . . . . . 85

Dashboard Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Setting a Dashboard Password . . . . . . . . . . . . . . . . . . . . . . 86

Starting the Database Dashboard . . . . . . . . . . . . . . . . . . . . . 87

Reviewing the Database Statistics . . . . . . . . . . . . . . . . . . . . . . . 88

Allocating Disk Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Options for Creating More Disk Space . . . . . . . . . . . . . . . . . 90

Allocating Additional Disk Space . . . . . . . . . . . . . . . . . . . . . . 91

Viewing Project Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Backing Up the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

When to Back Up the Oracle Database . . . . . . . . . . . . . . . . . 94

Backing Up (Exporting) the Database . . . . . . . . . . . . . . . . . . 94

Restoring (Importing) the Database . . . . . . . . . . . . . . . . . . . . 95

Generating a Database Report . . . . . . . . . . . . . . . . . . . . . . . . . . . 98


Appendix A Operating the Software from a Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Operating the Software from a Command Line Interface . . . . . 100

Creating a Batch File to Run the Command Line Interface . 101

Example Batch File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Running the Batch File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Example Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Example #1: Analyze Sample Files . . . . . . . . . . . . . . . . . . . 105

Example #2: Analyze Sample Files with Named Ladders . . 106

Example #3: Export Project Data . . . . . . . . . . . . . . . . . . . . . 107

Example #4: Export Sample Plot to PDF with the -splitfile argument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Example #5: Export Sample Plot to PDF with the -splitfile and -samplelist arguments . . . . . . . . . . . . . . . 109

Example #6: Export a Project . . . . . . . . . . . . . . . . . . . . . . . 110

Command Line Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Appendix B Documentation and support . . . . . . . . . . . . . . . . . 121Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

How to obtain support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Limited product warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123


About This Guide

Revision historyRevision Date Description

A March 2015 New document for v1.5 software. Replaces v1.0 Pub. no. 4376327.

About This Guide


Chapter 4

Chapter 3

Chapter 2

Chapter 1

Chapter 1


Setting Up User Accountsand User Access

This chapter covers:

■ GeneMapper® ID-X Software Electronic Data Chain-of-Custody Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

■ Overview of the Security System . . . . . . . . . . . . . . . . . . . . . . 11

■ Default User Accounts, Profiles, User Groups, and Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

■ Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

■ Setting Up User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

■ Using Security Groups to Control Data Access . . . . . . . . . . . 29

■ Customizing Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

■ Customizing User and Security Groups . . . . . . . . . . . . . . . . . 39

■ Maintaining User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . 44

■ Viewing the Security Report . . . . . . . . . . . . . . . . . . . . . . . . . . 47

■ Exporting and Importing the Security Settings . . . . . . . . . . . . 49

Setting Up User Accounts and User

Access

Managing the Audit Trail System

Managing the E-Signature System

Maintaining the Software and Database Application

Chapter 1 Setting Up User Accounts and User AccessGeneMapper® ID-X Software Electronic Data Chain-of-Custody Systems


GeneMapper® ID-X Software Electronic Data Chain-of-Custody Systems

The GeneMapper® ID-X Software contains three systems that assist with chain-of-custody of electronic data. These systems can be custom-configured or turned off by the GeneMapper® ID-X Software system administrator as needed:

• Security system – Controls user access to software functions and data, and allows custom configuration that meets the data-sharing needs of your laboratory (described in this chapter)

• Audit Trail system – Tracks changes and provides audit history reports (described in Chapter 2)

• E-Signature system – Requires user-authentication before changes are saved (described in Chapter 3)

Chapter 1 Setting Up User Accounts and User AccessOverview of the Security System


Overview of the Security SystemThe GeneMapper® ID-X Software Security system allows you to control user behavior by specifying:

• What data a user can access, based on the user and security group(s) the user belongs to.

• What functions a user can perform, based on the user profile.

A user with an Admin profile sets up user accounts, profiles, user groups, and security groups using wizards in the Access Control Administration window.

Security SystemComponents

The four components of the Security system are defined below.

Table 1 Components of the Security system

Component Description

User account All users log in to the software with a user account created by the GeneMapper® ID-X Software system administrator.

Profile A profile defines the set of software functions that a user is allowed to perform. For example, profiles can allow or deny a user the right to view, create, edit, delete analysis methods, or analyze data.

The system administrator configures profiles, or uses default profiles provided with the software. When the system administrator creates a user account, the administrator assigns a profile to the user.

Users can have only one profile.

User group User groups are associated with security groups, which control the data a user can access. Users can access data assigned to a security group only if their user group is associated with the security group.

The system administrator defines user groups or uses default user groups provided with the software.

When a user account is created, the user must be assigned to at least one user group, but the user can be assigned to several groups.

Security group

Security groups determine the data that user groups can access. A user group must be associated with at least one security group, but can be associated with several.

A user can access only data (for example, analysis methods, panels, size standards, matrices, or projects) that have been saved with a security group that is associated with one of the user groups to which the user belongs.

Chapter 1 Setting Up User Accounts and User AccessOverview of the Security System


In summary:

• Each user has only one profile.

• Each user belongs to one or more user groups and each user group is associated with one or more security groups.

• Security groups associated with a user group and data determine the data a user can access.

Therefore:

• A user can access the data in a security group that is associated with any of the user groups to which the user belongs.

• A user can perform any of the software functions permitted by the user’s profile.

Data AccessControl

Security groups control access to any of the following items:

Items are associated with a security group when a user creates or edits, then saves the item (described on the next page).

Data

User

User group

Users

Users in a user group can access the data of the security groups associated with the user group

Security groups

ProfileA user can perform actions allowed by the user’s profile

Security group

AB

A

Security group

C

cannot access

• Projects • Report settings

• Plot settings • Size standards

• Table settings • Analysis methods

• Panels and binsets • Matrix files

Chapter 1 Setting Up User Accounts and User AccessDefault User Accounts, Profiles, User Groups, and Security Groups


Associating aSecurity Group

with an Item

Whenever users save an item, they must select a security group from a drop-down list in the Save or Save As dialog box. Users can select the GeneMapper ID-X security group (available to everyone) or any other security group that they are allowed to use (see below).

For example, the figure below shows the drop-down list that appears when a user with access only to the Casework and GeneMapper ID-X security groups saves a new project.

BypassingSecurity GroupAccess Control

If you do not want to control access to data in your laboratory, instruct all users to specify the GeneMapper ID-X security group when creating projects and settings. All users have access to items associated with the GeneMapper ID-X security group.

Default User Accounts, Profiles, User Groups, and Security Groups

We provide default user accounts, profiles, user groups, and security groups so that you can use the Security system with minimal setup. You can use the defaults without changes or as a starting point to customize your own Security system.

Note: If your GeneMapper® ID-X Software system administrator has modified the default user accounts, profiles, user groups, and/or security groups, the tables in this section may no longer be accurate.



The discussion in this section covers the default profiles, user groups, and security groups provided by the GeneMapper® ID-X Software. With these defaults, a system administrator can quickly create a working Security system.

DuplicatingDefaults Before

Modifying

Before modifying a default component of the Security system, duplicate it and save it under a new name.

To duplicate any default component, open the Security Manager, select the default, then select Edit Duplicate.

You will need to duplicate the default user accounts multiple times to provide each user with an account that has a unique or laboratory-specific login name.

RelationshipBetween User

Accounts,Profiles, and User

Groups

A user’s account determines what the user can do (profile) and access (user groups). Profiles and user groups must exist before you can create any accounts.

The GeneMapper® ID-X Software system administrator is responsible for maintaining profiles and user groups. The administrator can:

• Use default profiles and user groups provided by the GeneMapper® ID-X Software.

• Create custom profiles and user groups.

• Use a combination of defaults and custom profiles, user groups, and security settings.



Default Profiles

The profile that is specified in a user account determines the software functions a user can perform. Four default profiles are provided.

Note: If your GeneMapper® ID-X Software system administrator has modified or customized the default profiles, they may differ from the defaults described in Table 2.

Table 2 Default profiles – actions allowed and not allowed

Profile Actions Allowed Actions Not Allowed

Technician/ Read Only

• Open, view, and export projects, analysis methods, panels, matrices, and size standards associated with the security groups that the user is permitted to access

• Generate reports• Create, edit, delete, export, and import

table settings, plot settings, and report settings associated with the security groups that the user is permitted to access

• Use the CODIS Export Manager

• Create projects• Add samples to projects• Create, edit, or change settings in a

project (analysis method, panel, size standard, matrix)

• Analyze data• Override GQ, CGQ, or SQ• Edit allele labels• Perform Remote Shutdown• Add profiles to the Profile Manager• Access and manage the Security,

Audit Trail, and E-Signature systems

Analyst All actions allowed for the Technician/Read Only profile, plus:

• Create, import, edit, or delete projects, panels, matrices, and size standards associated with the security groups that the user is permitted to access

• Edit sizing range and analysis range in analysis methods

• Save or Save As analysis methods• Add samples to projects• Change selections in a project

(analysis method, panel, size standard, matrix)

• Analyze data• Edit alleles• Override SQ, GQ, and CGQ

• Create a new analysis method• Edit analysis method parameters other

than sizing range and analysis range• Add profiles to the Profile Manager• Access and manage the Security,

Audit Trail, and E-Signature systems



Default Security Groups

The security groups specified in a user account determine the:

• Specific data (for example, analysis methods, panels, size standards, matrices, and projects) that a user can access.

• The read (view or select) or update (create, edit, delete, analyze) privileges allowed for the data.

The read/update privileges associated with a security group can clash with the actions permitted in user profiles (profiles also define read/write privileges). For this reason, all of the default security groups have both read and update privileges.

IMPORTANT! There are software functions (for example, changing table or plot settings) that are not covered in profiles. You can use security group update privileges to control use of these functions.

The software contains three default security groups:

• GeneMapper ID-X (read and update)• Casework (read and update)• Databasing (read and update)

When users create or edit and then save an item, they select a security group from a drop-down list in the Save dialog box. Users can select any of the three default security groups to which they have access.

Scientist All actions allowed for the Analyst profile, plus:

• Create or modify/save analysis methods

• Add profiles to the Profile Manager

Access and manage the Security, Audit Trail, and E-Signature systems

Admin (Administrator)

All possible actions, which include:

• Access and manage the Security, Audit Trail, and E-Signature systems

• All GeneMapper® ID-X Software functions

None

Table 2 Default profiles – actions allowed and not allowed (continued)

Profile Actions Allowed Actions Not Allowed



Security group definitions are just names. Their significance depends entirely on the user groups they are associated with. When a user saves an item and assigns it a security group, it means that:

• Any user in any user group that is associated with that security group can access the data.

• Users who are only in user groups that are not associated with the selected security group cannot access the data.

Default User Groups

Four default user groups are associated with the default security groups.

Note: If your GeneMapper® ID-X Software system administrator has modified or customized the default user groups, they may differ from the defaults described in Table 3.

Table 3 Default user groups and associated security groups

Default User Group Name

Security Group/Privileges‡

Read = View or selectUpdate = Create, edit, delete, analyze

Accessible Data

All Users GeneMapper ID-X/read+update Data assigned to the GeneMapper ID-X security group

Casework Users

Casework/read+update

GeneMapper ID-X/read+update

Private data assigned to the Casework security group

Data assigned to the GeneMapper ID-X security group

Databasing Users

Databasing/read+update


Private data assigned to the Databasing security group

Data assigned to the GeneMapper ID-X security group

Administrators Casework/read+update



Admin/read+update

All data

‡ A Practice user group and a Practice security group are also provided for use with the Getting Started Guide.



Default User Accounts

IMPORTANT! If you migrate to the GeneMapper® ID-X Software from GeneMapper® ID Software v3.1 or v3.2, user accounts from v3.1 or v3.2 are deleted and not available in the GeneMapper® ID-X Software. You must create new user accounts in the GeneMapper® ID-X Software.

Nine default user accounts are provided with the software. Each of these accounts has a profile and one or more user groups assigned. Table 4 describes the intended user for each of the nine accounts.

Note: If your GeneMapper® ID-X Software system administrator has modified or customized the default user accounts, they may differ from the defaults described in Table 4.

To add a new account for a user that matches one of these descriptions, see “Using Default User Accounts” on page 24.

Table 4 Default user accounts

Default User Account Name‡ Intended User

Casework Tech

Databasing Tech

User who requires read-only access to the software. This user account does not allow analysis or changes to the software but does allow viewing, reporting, printing, and exporting data.

Casework Analyst

Databasing Analyst

User who requires access to analyze (with limited ability to change analysis settings), view, edit, report, and print data.

Casework Tech Lead

Databasing Tech Lead

User who requires full access to all functions of the software: analyze, view, edit, report, and print data; and all administrative functions: Security Manager, Audit Manager, and E-Signature Manager.

gmidx Default user account with full access to all functions of the software: analyze, view, edit, report, and print data; and all administrative functions: Security Manager, Audit Manager, and E-Signature Manager.

Administrator For Technical Support use only.

‡ A Practice user account with Scientist profile is also provided for use with the Getting Started Guide.



For more detail about the profiles, user groups, and security groups for the default user accounts, see Table 5.

Note: If your GeneMapper® ID-X Software system administrator has modified or customized the default user accounts, profiles, user groups, and/or security groups, user access may differ from the defaults described in Table 5.

Table 5 Default user accounts – data access allowed

User Account‡ Profile Belongs to User GroupsSecurity Group/Privileges

Read = View or selectUpdate = Create, edit, delete, analyze

Casework Tech Technician/ Read Only

All Users

Casework Users



Casework Analyst

Analyst All Users

Casework Users



Casework Tech Lead

Admin All Users

Casework Users



Databasing Tech Technician/ Read Only

All Users

Databasing Users



Databasing Analyst

Analyst All Users

Databasing Users



Databasing Tech Lead

Admin All Users

Databasing Users



gmidx Admin All Users

Casework Users

Databasing Users

Administrators




Admin

Administrator

‡ A Practice user account with Scientist profile is also provided for use with the Getting Started Guide. It is associated with the Practice user group and Practice security group.

Chapter 1 Setting Up User Accounts and User AccessGetting Started


Getting StartedWhen you set up the Security system for the first time, open the Security Manager and set password policies.

Starting the Security Manager

To access the Security Manager, you must log in with an account that belongs to the Administrators user group and has an Admin profile.

1. Select Start All Programs Applied Biosystems GeneMapper GeneMapper ID-X.

2. In the Login to GeneMapper ID-X dialog box, log in with an account that belongs to the Administrators user group and has an Admin profile. For example, use the gmidx user account:

a. User name – Enter or select gmidx. User names are not case-sensitive.

b. Password – Enter the temporary password password. Passwords are case-sensitive.

Note: The gmidx account requires that you set a new password when you log in for the first time. If you follow this procedure after first log in, the password for the account may be different than password.

c. Click OK.

3. If prompted, specify a new password. Keep a record of the new password.

We cannot retrieve passwords. Do not lose the new password for the gmidx account. This account can be used to reset passwords for other accounts. We cannot reset the password for the gmidx account if it is lost.

4. In the main window, select Admin Security Manager.



5. In the AdminToolAcc dialog box, log in with the gmidx account listed in step 2, then click OK. The Access Control Administration window opens (below):

The File New Application command and the Applications folder in the navigation pane are for Technical Support use only. Using these functions interferes with proper software operation.



Setting Password Policies

Password policies apply to all user accounts.

1. Start the Security Manager (see page 20).

2. Select Settings Password Policies.

3. In the Password Policies dialog box, specify the password settings (see Table 6 on page 23), then click Save Changes.

4. Close and restart the software to apply the changed settings.

Note: Settings are not applied until you close and restart the GeneMapper® ID-X Software.



Table 6 Password policies settings

Setting Description

Attempts

Max Login Attempts

Enter the number of failed login attempts that the software allows before suspending the user account. Works in conjunction with the User State.

Send log message

Records the failed login attempts to the security log.

The security information for the GeneMapper® ID-X Software is written to the :\AppliedBiosystems\GeneMapperID-X\GeneMapper_Log.txt file.

Set User State – Remain active

Disables the “Maximum Login Attempts” setting. A user is allowed unlimited attempts to log in.

Set User State – Suspend for ___ min(s)

Suspends the user account for the specified number of minutes after a user exceeds the maximum login attempts. The user must wait for the specified number of minutes to elapse before attempting another login.

Note: If a user exceeds the maximum number of login attempts, you can reactivate the user account before the specified time period elapses as explained in “Activating, Deactivating, and Suspending User Accounts” on page 46.

Password

Password Lifetime

Retires the password of each user account after the specified number of days elapses. If this parameter is not selected, passwords do not expire.

Note: After retiring a password, the software automatically prompts the user to create a new password at the next login.

Password Grace Logins

Enter the number of times that a user can delay changing the password after the software prompts the user to change it. After a user exceeds the specified number of grace logins, the software requires the user to change the password.

Password Reusability

Password Reuse Period

Allows a user to reuse a former password after the specified number of days has elapsed since its last use.

Passwords kept per user

Enter the number of former passwords per user that the Security Manager should store.

Password Format

Minimum Password width

Enter the minimum number of characters required in the password (alphanumeric, case-sensitive).

Chapter 1 Setting Up User Accounts and User AccessSetting Up User Accounts


Setting Up User AccountsAfter setting password policies, you can:

• Accept and use all the default settings by duplicating a default user account, renaming it, and using it without further modification,

or

• Create an entirely new user account, using any combination of defaults and your own custom settings.

Using Default User Accounts

To set up your Security system using the defaults for user accounts, profiles, user groups, and security groups, follow these steps:


2. Select the default user account type that fits the new user (see Table 2, “Default profiles – actions allowed and not allowed,” on page 15). For example, select Casework Analyst.

3. Select Edit Duplicate to open the User Properties dialog box (shown on the next page).

4. In the Name field, replace the name “Clone of Casework Analyst(1)” with the login name for the new account. For example, enter User1. The login name is not case-sensitive and must be ≤30 characters.

Note: You cannot create a user account with the same name as a user account that has been previously deleted.



5. Set other values:• (Optional) In the Description field, enter a description of

the user account (≤1023 characters). • In the Full Name field, enter the user’s real name.

• (Optional) Select Show EULA to display the End User License Agreement (EULA) when the user logs in.

• Leave Status set to Active.

• (Optional) Select Pre-Expire to ensure that a user logging in to an account for the first time is prompted to change the password.

6. Click Set Password.



7. In the Change Password dialog box, enter a new password twice, then click OK.

8. Without making any other changes in the Access Control Administration window, select File Save.

Note: Settings are not applied until you close and restart the software.

The new user account has the same profile and group associations as the default Casework Analyst user account.

Creating New User Accounts

Using CustomSettings

If you will use the default profiles, user groups, and security groups, skip to “Creating a User Account” on page 26.

If you want to use custom profiles, user groups, and/or security groups, you must create them before creating new user accounts.

To create custom:

• Profiles, see “Customizing Profiles” on page 31.

• User groups and security groups, see “Customizing User and Security Groups” on page 39.

• User group/security group associations, see “Creating a New User Group” on page 40.

Creating a UserAccount

After you create any custom profiles, user groups, and/or security groups that you want to use:


2. Select File New User.



3. In the Create User wizard, click Next to open the Name page.

4. In the Name field, enter the login name for the new account. For example, enter User1. The login name is not case-sensitive and must be ≤30 characters.

Note: You cannot create a user account with the same name as a user account that has been previously deleted.

5. Set other values:• (Optional) In the Description field, enter a description of

the user account (≤1023 characters). • In the Full Name field, enter the user’s real name.

• (Optional) Select Show EULA to display the End User License Agreement (EULA) when the user logs in.

• Leave Status set to Active.

• (Optional) Select Pre-Expire to ensure that a user logging in to an account for the first time is prompted to change the password.

6. Click Set Password.



7. In the Change Password dialog box, enter a new password twice, then click OK.

8. In the Control Properties section, select the profile for the user.

9. Click Next to open the User Groups page.

10. Select the user groups for the user. If you have previously associated user groups and security groups (see “Using Custom Settings” on page 26), this selection also designates the security groups for this user.

11. Click Next to see a summary of the account, then click Finish.


Chapter 1 Setting Up User Accounts and User AccessUsing Security Groups to Control Data Access


Using Security Groups to Control Data AccessIn the GeneMapper® ID-X Software, a user associates security groups with data items (such as analysis methods, table settings, plot settings, matrices, size standards, or report settings) when the user saves a data item to which he or she has access. Only users in user groups associated with that security group can later access the data items.

Using OpenAccess

If you want all users to have access to all data, instruct your users to select the GeneMapper ID-X security group when they save data. The data associated with this security group are accessible to every user.

Using AccessControl

If you want to restrict user access to data, instruct users to select a security group associated with their user group. For example, you can instruct the users in the Casework Users group to select the Casework security group when they save items.

Changing theSecurity Group

Default

The security groups that a user can select to associate with a data item (when saving the data item) include the GeneMapper ID-X security group as the default. However, any user can change the security group that appears as the default choice when he or she saves a data item.

1. In the main window, select File Project Options to open the Options dialog box.

2. Select the General tab.

3. In the Data Access Control pane, select the new default from the drop-down list.

4. Click OK.

The new security group default applies only to the user who reset the default, unless the default is reset by a user who is a member of only one user group (other than the All Users group). In this case, the default applies to all other users who have identical group membership.

Chapter 1 Setting Up User Accounts and User AccessUsing Security Groups to Control Data Access


For example, if you use accounts like those listed on page 19, and a Casework Tech sets Casework as the new security group default, that will also become the default for Casework Analysts and Casework Tech Leads. All other users continue to have the GeneMapper ID-X security group as default.


Association for aData Item

A user can change the security group associated with one or more data items if the user’s profile allows changing the data items.

To change the security group associated with a data item:

1. In the main window, select Tools GeneMapper ID-X Manager to open the GeneMapper ID-X Manager.

2. Select the appropriate tab, then select the item to change.

3. Click Open.

4. Change the Security Group setting (for items that contain multiple tabs, the Security Group setting is in the General tab).

5. Click OK.


Association for aProject

A user can change the security group associated with a project if the user’s profile allows the user to change the project. However, the user must save the project with a new name.

1. In the main window, select Tools GeneMapper ID-X Manager to open the GeneMapper ID-X Manager.

2. Select the Projects tab.

3. Select the project to change.

4. Click Save As.

5. Enter a new name for the project, select a new security group, then click OK.

Chapter 1 Setting Up User Accounts and User AccessCustomizing Profiles


Customizing ProfilesProfiles determine the software functions that a user can perform. We recommend that you use the default profiles described in “Default Profiles” on page 15, even if you use custom user and/or security groups. However, if the default profiles do not suit your needs, you can create custom profiles.

This section describes:

• Creating Profiles

• Editing or Deleting Profiles

• Profile Elements

Creating Profiles

To create a custom profile, you can:

• Duplicate an existing default profile, then edit it to meet your requirements.

• Create a new profile.

We recommend that you duplicate a default profile, rename it, and then customize it, rather than change the default profile.

Duplicating andEditing a Default

Profile

To base a new profile on an existing default profile (see Table 2, “Default profiles – actions allowed and not allowed,” on page 15):


2. In the navigation pane of the Access Control Administration window, select the profile to duplicate.

3. Right-click, then select Duplicate (or select Edit Duplicate).

4. Select the Clone of .... profile in the navigation pane.

5. In the Profile Properties section, change the profile’s name and modify the settings as needed.

6. Select File Save.



Creating a Profile 1. Start the Security Manager (see page 20).

2. Select File New Profile.

3. In the Create Profile wizard, click Next.

4. Enter a Name (≤30 characters) and Description (≤1023 characters) for the new profile.

5. In the Installed Elements table (shown on the next page), assign permissions to the new profile for the GeneMapper ID-X module based on the actions allowed in profiles (see Table 7 on page 36 and Table 8 on page 37):

a. For the GeneMapper ID-X module, select OIR (Override Inherited Rights), then select Execute. All functions are automatically set to Execute. See page 33 for an explanation of OIR.

b. For each function you want to disable, select OIR (Override Inherited Rights), then deselect Execute.

6. When you finish, click Next, then click Finish to complete the profile setup.



When you create a profile, do not set the FoundationDataCollection module. This module is for Technical Support use only.



Override InheritedRights (OIR)

The permissions listed in the Installed Elements tables can be “inherited” in one of two ways:

• All actions ( ) are children of either an action group ( ) or an application ( ).

• Action groups ( ) are children of applications ( ).

• Whenever a parent is enabled for the first time, all its children are automatically enabled through “inheritance” and displayed in the Installed Elements Table Execute column with a gray check mark (disabled).

• To individually set the state of a child element, select OIR to enable the Execute box.

Do not set

To enable a action, select OIR and Execute.To disable an action, select OIR and deselect Execute.



Editing or Deleting Profiles

IMPORTANT! Do not modify the Admin profile.


2. In the navigation pane of the Access Control Administration window, select the profile to edit or to delete.

3. To edit the rights for the profile, in the Installed Elements table:• For each function you want to enable, select OIR

(Override Inherited Rights) and Execute (see “Override Inherited Rights (OIR)” on page 33).

• For each function you want to disable, select OIR (Override Inherited Rights) and deselect Execute.

Note: Table 7 on page 36 and Table 8 on page 37 describe the functions displayed in the Installed Elements table.

4. To delete the profile, select Edit Delete, then click Yes.

5. When you finish, click Next, then click Finish to complete the profile setup.





Profile Elements

All users with an Admin profile have all the permissions in Table 7. These permissions include:

• Managing user accounts, user groups, security groups, and profiles

• Using the Audit Manager

• Using the E-Signature Manager

• All GeneMapper® ID-X Software functions (described in Table 8 on page 37)



Table 7 Profile elements – actions allowed in Admin profiles

Installed Elements ( Application/ Action

Group/ Action)Permissions

Default Rights Determines the default value (all or none) for all elements.

Admin Tool Acc(ess)

Does not affect functions in the GeneMapper® ID-X Software.

All aspects of the Security Manager (Access Control Administration tool).

General Use the general functions of the Security Manager (Access Control Administration tool).

May Run Application

Add User to User Group

Associate User Groups with Security Groups

Associate User Groups with Users

Change Password Policies

Import Security Data

Export Security Data

User Groups Create, modify, or delete user groups ( ).

Profiles Create, modify, or delete user profiles ( ).

Applications IMPORTANT! Do not change. For Technical Support use only.

Users Create, modify, or delete user accounts ( ).

Security Groups Create or modify security groups ( ).

Audit GUI


All aspects of the Audit Manager, including the Audit Map Configuration tool and Audit History Viewer.

ESig GUI


All aspects of the ESig Administration tool.



All users have permissions to use some of the GeneMapper® ID-X Software functions. Table 8 lists the defaults for each profile.

Table 8 Profile elements – actions allowed in Technician/Read Only, Analyst, Scientist, and Admin profiles


Group/ Action)

Tech

nici

an/R

ead

Onl

y

Ana

lyst

Sci

enti

st

Ad

min

Permissions

GeneMapper

— ✓ ✓ ✓ All aspects of the GeneMapper® ID-X Software.

For information on the elements listed in this column, refer to the GeneMapper® ID-X Software Online Help.

Administration — ✓ ✓ ✓ Use the Remote Shutdown function.

Remote Shutdown — ✓ ✓ ✓

Panel Manager — ✓ ✓ ✓ Use the functions of the Panel Manager, including:

• Viewing panels, binsets, and bin definitions

• Creating/modifying panels, binsets, and bins

READ_PANEL ✓ ✓ ✓ ✓

UPDATE_PANEL — ✓ ✓ ✓

Size Standard — ✓ ✓ ✓ View and create or modify the size standard definitions stored by the GeneMapper® ID-X Software.READ_SIZE_ STANDARD ✓ ✓ ✓ ✓

UPDATE_SIZE_ STANDARD

— ✓ ✓ ✓



Analysis Method — ✓ ✓ ✓ View and create or modify the analysis methods stored by the GeneMapper® ID-X Software.READ_ANALYSIS_

METHOD✓ ✓ ✓ ✓

UPDATE_ANALYSIS_ METHOD

— — ✓ ✓

UPDATE_ANALYSIS_ RANGE

— ✓ ✓ ✓

UPDATE_SIZING_RANGE — ✓ ✓ ✓

SAVE_AS_ANALYSIS_ METHOD

— ✓ ✓ ✓

Project — ✓ ✓ ✓ View and create or modify the projects stored by the GeneMapper® ID-X Software.

READ_PROJECT ✓ ✓ ✓ ✓

UPDATE_PROJECT — ✓ ✓ ✓

Profile Manager — — — ✓ Create, edit, and delete custom reference and control profiles.

READ_PROFILE ✓ ✓ ✓ ✓

UPDATE_PROFILE — — ✓ ✓

Matrix — ✓ ✓ ✓ View and create or modify the matrices stored by the GeneMapper® ID-X Software.

READ_MATRIX ✓ ✓ ✓ ✓

UPDATE_MATRIX — ✓ ✓ ✓

Table 8 Profile elements – actions allowed in Technician/Read Only, Analyst, Scientist, and Admin profiles (continued)


Group/ Action)

Tech

nici

an/R

ead

Onl

y

Ana

lyst

Sci

enti

st

Ad

min

Permissions

Chapter 1 Setting Up User Accounts and User AccessCustomizing User and Security Groups


Customizing User and Security GroupsThis section describes:

• Creating User Groups

• Creating Security Groups

IMPORTANT! Before using the security groups and user groups you create, test them by creating, modifying, deleting, and viewing data using the appropriate user accounts.

User groups, with their associated security groups, determine the data a user can access (described on page 11). We recommend that you use the default user groups and security groups described in “Default User Groups” on page 17 and “Default Security Groups” on page 16.

If the default user or security groups do not suit your needs, you can create custom groups.

Creating User Groups

To create a custom user group, you can:

• Duplicate an existing default user group, then edit it to meet your requirements,

or

• Create a new user group.

Note: We recommend that you duplicate a default user group, rename it, and then customize it, rather than change the default user group.

Duplicating andEditing a Default

User Group

To base a new user group on an existing default user group (see “Default User Groups” on page 17):


2. In the navigation pane of the Access Control Administration window, select the user group to duplicate.




4. Select the Clone of .... user group in the navigation pane.

5. In the User Group Properties section, modify the settings for the selected user group.



Creating a NewUser Group

1. In the Security Manager, select File New User Group.

2. In the Create User Group wizard, click Next.

3. Enter a Name (≤30 characters) and Description (≤1023 characters) for the new user group.

4. In the Default rights when associated with a Security Group section, select both Read and Update.

Note: This is a default setting applied to the security groups that you add to a user group. You can override the default setting in the Security Group tab. See step 7.

5. Click Next.

6. Select Associate for each user account that you want to associate with the new user group, then click Next.



7. Associate security groups for this user group:

Note: You can associate a security group with a user group at any time.

a. Select Associate for each security group that you want to associate with the user group.

b. For each associated security group, select:

• Read – Allows the user to view or select the data (projects, plot settings, table settings, panels and binsets, report settings, size standards, analysis methods, and matrix files) associated with the security group associated with the user group.

• Update – Allows the user to create, modify, delete, and analyze the data associated with the security groups associated with the user group (consistent with the user’s profile).

IMPORTANT! We recommend that you change read and update rights only in the profile, and always enable both read and update rights in the user/security group.

c. Click Next.

8. Click Finish to complete the user group setup.



Deleting UserGroups

You can delete a user group by selecting Edit Delete.



Creating Security Groups

To create a custom security group, you can:

• Duplicate an existing default security group, then edit it to meet your requirements,

or

• Create a new security group.

Note: We recommend that you duplicate a default security group, rename it, and then customize it, rather than change the default security group.

Duplicating andEditing Default

Security Groups

To base a new security group on an existing default security group (see “Default Security Groups” on page 16):


2. In the navigation pane, select the security group to duplicate.


4. Select the Clone of .... security group in the navigation pane.

5. In the Security Group Properties section, modify the settings for the selected security group.





Creating a NewSecurity Group


2. In the Security Manager, select File New Security Group.

3. In the Create Security Group wizard, click Next.

4. Enter a Name (≤30 characters) and Description (≤1023 characters) for the new security group.

5. Click Next.

6. Associate user groups for this security group:

Note: You can associate a security group with a user group at any time.

a. Select Associate for each user group that you want to associate with the security group.

b. For each associated user group, select Read and/or Update to grant rights for the relationship to the security group.

IMPORTANT! We recommend that you control functional access only through the profile, and that you enable both read and update rights for all security groups.

c. Click Next.

7. Click Finish to complete the setup.



Deleting SecurityGroups

You cannot delete a security group.

Chapter 1 Setting Up User Accounts and User AccessMaintaining User Accounts


Maintaining User Accounts

We cannot retrieve passwords. Do not lose the new password for the gmidx account. This account can be used to reset passwords for other accounts. We cannot reset the password for the gmidx account if it is lost.

Editing User Accounts

Note: We recommend that you duplicate a default user account, rename it, and then customize it, rather than change the default user account.


2. In the navigation pane, select the user account of interest.

3. Modify the settings for the selected user account.

4. If you are changing an account name, enter the new name in the Name field.



Changing the Password for a User Account


2. In the navigation pane, select the user account.

3. In the User Properties section, click Set Password.



4. In the Change Password dialog box, enter a password in the Type and Retype fields. The password is case-sensitive and can contain up to 17 alphanumeric and special characters.

5. Click OK.

6. Select or deselect Pre-Expire. If Pre-Expire is selected, the software prompts the user to enter a new password at the next log in. If Pre-Expire is deselected, the user continues to use the password you entered in step 4.



Deleting a User Account

After you delete a user account, you cannot retrieve or restore the deleted account, and you cannot create another user account with the same name.

An alternative to deleting a user account is to deactivate or suspend the account, as explained in the next section.

To delete a user account:

1. In the navigation pane of the Access Control Administration window, select the user account to delete.

2. Select Edit Delete.



Activating, Deactivating, and Suspending User Accounts

You can change the status of a user account if:

• You want to deactivate a user account without deleting it.

• A user exceeds the maximum number of failed login attempts, and you want to activate the user account manually.


2. In the navigation pane, select the user account of interest.

3. In the User Details section, select the appropriate user account status from the Status drop-down list.

Table 9 Account statuses



Select a useraccount.

Select a status.

Status Description

Active The user can log in to and use the software.

Inactive The user cannot log in. Set by a user with an Admin profile.

Suspended The user cannot log in. Set by the software when a user exceeds the limit of unsuccessful login attempts.

Chapter 1 Setting Up User Accounts and User AccessViewing the Security Report


Viewing the Security Report

About theSecurity Report

The security report summarizes the current Security Manager settings.

You can print a summary of one or more components of the Security system (such as access rights for a particular user). See below.

Note: The Security Manager does not monitor login attempts or other user activity (such as creating projects). To monitor and record user activity, configure the Audit Trail system (see Chapter 2, Managing the Audit Trail System, on page 51).

Printing theSecurity Report


2. In the navigation pane, select a user account or profile.

3. Select File Report.

4. In the Print Access Control Identifiers dialog box, select options to specify the content of the report.

Chapter 1 Setting Up User Accounts and User AccessViewing the Security Report


• Entire Access Control – Prints a summary of all user accounts, applications, and profiles.

• Selection only – Prints a report of the user account, application, or profile that is selected in the navigation pane of the Security Manager.

• Print checked objects below – Prints a report for the elements that you select:

– Users – A report of all user accounts

– Applications – A report of all applications

– User Groups – A report of all user groups

– Security Groups – A report of all security groups

– Profiles – A report of all profiles

5. Click Preview to view a preview of the report.

6. Click Print. Otherwise, click Close, then repeat step 4 to modify the report settings as needed.

7. Click Cancel to close the Print Access Control Identifiers dialog box.

Chapter 1 Setting Up User Accounts and User AccessExporting and Importing the Security Settings


Exporting and Importing the Security Settings

TransferringSecurity Settings

BetweenComputers

You can export a summary of all security settings to back up or transfer to another computer. The exported security file contains password policies, user accounts, profiles, user groups, and security groups.

IMPORTANT! The GeneMapper® ID-X Software does not automatically back up the security data when you back up the database. You must manually back up by exporting a file. We recommend that you back up security settings after you make any change to the system. For more information on backing up, see Chapter 4, Maintaining the Software and Database Application, on page 81.

Exporting theSecurity Settings


2. Select File Export Database.

3. In the Save dialog box, enter a file name for the exported file, select Access Control files (.acc), then click Save.

4. In the Export Users dialog box, click OK.

Importing theSecurity Settings

IMPORTANT! Importing security settings from an *.acc file automatically replaces all existing security settings.


2. Select File Import Database.

3. In the Save dialog box, navigate to the appropriate location, select the *.acc file of interest, then click Open.

4. In the Import Users dialog box, click OK.

Chapter 1 Setting Up User Accounts and User AccessExporting and Importing the Security Settings


Chapter 1

Chapter 4

Chapter 3

Chapter 2

Chapter 2


Managing the AuditTrail System

■ Overview of the Audit Trail System . . . . . . . . . . . . . . . . . . . . 52

■ Default Audit Map Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . 54

■ Using the Audit Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

■ Viewing Audit History Records . . . . . . . . . . . . . . . . . . . . . . . 63

■ Backing Up, Removing, and Restoring Audit Records. . . . . . 69

Setting Up User Accounts and User

Access

Managing the Audit Trail System

Managing the E-Signature System

Maintaining the Software and Database Application

Chapter 2 Managing the Audit Trail SystemOverview of the Audit Trail System


Overview of the Audit Trail SystemUse the GeneMapper® ID-X Software Audit Trail system to specify the types of actions to audit (for example, allele edits) and the auditing mode (Silent, On, or Off).

The components of the Audit Trail system are defined in Table 10.

Table 10 Components of the Audit Trail system

Component Definition

Audit Map

(To open, select AdminAudit Manager Setting...)

Set of instructions specified by the GeneMapper® ID-X Software system administrator that defines the types of data to audit, the actions to audit, and whether auditing is On (prompts the user for a Reason for Change) or Silent (tracks the change, but does not prompt the user).

Auditing in the GeneMapper® ID-X Software

The cumulative record of changes to all audited objects. When a user creates or deletes an audited item, the change is tracked. If auditing is On instead of Silent, the user must enter a reason for the change in the Reason(s) for Change dialog box. When a user changes an audited item (instead of creating or deleting), the dialog box also includes an Apply To All option that applies the reason for change to future changes of the same type, until the project is saved. (For example, when editing alleles, the same reason is used for all future edits of alleles until you save the project.)

IMPORTANT! Audit records are saved only when a user saves the project, analysis method, size standard, or other object being changed. Audit records are not saved when a user clicks OK in the Reasons for Change dialog box. If a user clicks Cancel without saving the change, the software discards all possible audit records.

Former (Old) and current (New) values of the audit object (if applicable)

Name of the affected audit object attribute

Reason for the change entered by user

Action

Chapter 2 Managing the Audit Trail SystemOverview of the Audit Trail System


ExampleConfiguration

The figure below displays the settings for the Allele audit object. In the example configuration, the Audit Trail:

• Does not track the change when a user creates an allele label (Audit State for Created is set to Off).

• Displays the Reason(s) for Change dialog box when a user deletes an allele label and saves the changes to the project (Audit State for Deleted is set to On).

• Silently creates a record when a user changes an allele label and saves the changes to the project (Audit State for Modified is set to Silent).

When AuditRecords Are

Saved

Audit records for actions related to a project (for example, editing alleles) are saved when the user saves the project.

Audit records for actions not related to a project (for example, creating analysis methods or panels) are saved when the user clicks OK to save the item, then returns to the Project window.

Audit History Viewer

(open with Admin Audit Manager Report...)

The tool that provides the GeneMapper® ID-X Software system administrator with advanced query options for retrieving and reporting audit records. Described in “Viewing Audit History Records” on page 63.

Audit Record Backup

(open from the Admin menu)

Allows the GeneMapper® ID-X Software system administrator to back up, remove, and restore audit records. Described in “Backing Up, Removing, and Restoring Audit Records” on page 69.

Table 10 Components of the Audit Trail system (continued)

Component Definition

Tracks change and prompts for reason

Tracks change

Does not track change

Chapter 2 Managing the Audit Trail SystemDefault Audit Map Settings


IMPORTANT! Audit records are saved only when a user saves the item being changed. Audit records are not saved when a user clicks OK in the Reasons for Change dialog box. If a user clicks Cancel without saving the change, the software discards all possible audit records.

Default Audit Map SettingsBy default:

• Allele Edit is set to On and the software prompts for a Reason for Change for allele edits. You can change the state to Silent (tracks the change but does not prompt for a Reason for Change) or Off (does not track the change).

• All other audited items (primitive, parent items) are set to Off, except for those that are children of other auditable items.

Auditable items are related hierarchically. For example, a Kit contains (is a parent of) Panels and Binsets, Panels contain Markers, and Markers contain Bins.

Chapter 2 Managing the Audit Trail SystemDefault Audit Map Settings


In the example above, the attributes named PANEL, BINSET, MARKER, and BIN have their states set to On. This does not mean that they are set to be audited because they are not primitive types (parent items); only primitive object attributes can be selected for auditing.

PANEL, BINSET, MARKER, and BIN have their attribute states set to On to allow one of their primitive types to be enabled for auditing. For example, you can set the “modified” attribute of the Bin object to On because this attribute is a primitive type.

If the BIN attribute states of all parent objects are not set to On, then the Bin auditing does not occur.

All the child Attributes are set to On by default. You do not need to set them to On to audit an object with parents.

In Table 11, “Elements of the audit map,” on page 60, none of the Attributes that are On are primitive types, except for Allele. This means that the only object being audited by default is Allele.

Modified attribute is a primitive type and can be audited

Chapter 2 Managing the Audit Trail SystemUsing the Audit Map


Using the Audit MapThis section describes:

• Starting the Audit Manager

• Configuring the Audit Map

• Printing an Audit Map Settings Report

• Audit Map Elements (with their defaults)

Note: The Audit Trail does not track printing or exporting.

Starting the Audit Manager

1. Start the GeneMapper® ID-X Software (Start All Programs Applied Biosystems GeneMapper GeneMapper ID-X), then log in.

2. In the main window, select Admin Audit Manager Setting.

3. In the AuditMapConfiguration dialog box, log in with an administrator user name and password (for example, gmidx).

4. Click OK to open the Audit Map Configuration window.



Note: The settings on the Auditing menu in this window apply to changes made in the Audit Map Configuration window. If you select On and you make a change in the Audit Map Configuration window, you are prompted for a Reason for Change. If you select Silent, changes are tracked, but without a prompt. You cannot turn auditing of the Audit Map Configuration off.

5. Close the Audit Map Configuration window to save your changes to the audit map.

Note: Settings are not applied until you close and restart the software

Configuring the Audit Map

IMPORTANT! Each audited item generates an audit record that takes up space in the database. Instead of enabling auditing for an action such as modifying an analysis method, consider creating a set of analysis methods with expected settings to minimize the number of audit records that are generated.

IMPORTANT! We recommend that you review the audit map configuration every 6 months and modify them as needed. For more information on routine maintenance, see Chapter 4, Maintaining the Software and Database Application.

1. Start the Audit Manager (see page 56).



2. In the Audit Map Objects pane of the Audit Map Configuration window, select the Enabled check box of each object audit.

(Enabled) – Audits all object attributes (created, modified, deleted, and so on) according to their individual attribute states.

Note: An object is not audited unless the Enabled check box is selected, even if the State in Attributes list is set to On.

3. For each audit map object that you enable for auditing (only primitive objects can be audited), change its attribute states, as needed:

a. Select the audit map object.

b. Click the cell in the State column for each attribute you want to modify. A drop-down list appears.

c. In the drop-down list, select the attribute state that determines the software behavior when a user performs the action associated with the attribute:

• On – Creates an audit record and prompts the user for the reasons for change (see page 52).

• Silent – Creates an audit record, but does not prompt the user for reasons.

• Off – Does not create an audit record.



Note: If you disable an audit map object, the attribute states for the object are shown in italic text and have no effect on the audit status of the object.

4. Repeat step 3 for each audit map object that you enable.

5. Close the Audit Map Configuration window to save your changes.

Note: Settings are not applied until you close and restart the software

Printing an Audit Map Settings Report

1. Start the Audit Manager (see page 56).

2. In the Audit Map Configuration window, select File Print.

3. Select a column width, then click OK.

4. Select a printer, then click OK to print the report.

Audit Map Elements

Table 11 lists all potential audit map objects, their attributes, the default settings for each attribute, and the audit category to which they belong (items in the same audit category are related to each other).

Note: The Allele object is the only object enabled by default for auditing. All other audited objects are set to Off, except for those that are children of other auditable items (for example, RUN under the Project object is set to On. Only primitive objects (objects listed in lowercase) can be audited.



Table 11 Elements of the audit map

Object Attribute DefaultStateAction Recorded When State Is

On or Silent

Project analyzed Off Creating, deleting, or changing a project in the Project window, or renaming a project in the Projects tab of the GeneMapper ID-X Manager.

When RUN is activated, auditing for the Run object (described below) is allowed. You must also enable the Run object and set its attributes.

Audit category: ProjectT

created Off

deleted Off

modified Off

RUN On

Run

IMPORTANT! To audit the Run object, you must enable the Project object and set the Project RUN attribute to On or Silent.

created Off Adding samples from a new run folder, or deleting all samples in a run folder from a project.

When SAMPLE is activated, auditing for the Sample object (described below) is allowed. You must also enable the Sample object and set its attributes.


deleted Off

SAMPLE On

Sample

IMPORTANT! To audit the Sample object, you must enable the Run object and set the Run SAMPLE attribute to On or Silent.

ALLELE On Adding, deleting, or modifying samples (change the sample name) in the Project window, or deleting samples from the Samples plot.

When ALLELE is activated, auditing for the Allele object (described below) is allowed. You must also enable the Allele object and set its attributes.

When OverrideGQ or Override CGQ is activated, creates a record when a user overrides the GQ PQV or CGQ PQV in the Samples or Genotypes plot.

When OverrideSQ is activated, creates a record when a user overrides the SQ PQV in the Size Match Editor.


created Off

deleted Off

modified Off

OverrideGQ Off

OverrideCGQ Off

OverrideSQ Off



Allele

IMPORTANT! To audit the Allele object, you must enable the Sample object and set the Sample ALLELE attribute to On or Silent.

created On Modifying allele labels in the Samples or Genotypes plot.

Audit category: ProjectT deleted On

modified On

Analysis Method created Off Creating, deleting, or modifying an analysis method.

Audit category: Analysis MethodT deleted Off

modified Off

Kit BINSET On Creating, deleting, or modifying a kit in the Panel Manager.

When BINSET or PANEL is activated, auditing for the Binset or Panel object (described below) is allowed. You must also enable the Binset or Panel object and set its attributes.

Audit category: KitT

created Off

deleted Off

modified Off

PANEL On

BinSet

IMPORTANT! To audit the Binset object, you must enable the Kit object and set the Kit BINSET attribute to On or Silent.

created Off Creating or deleting binsets using the Panel Manager.

Audit category: KitT deleted Off

Panel

IMPORTANT! To audit the Panel object, you must enable the Kit object and set the Kit PANEL attribute to On or Silent.

created Off Creating, deleting, or modifying panels in the Panel Manager, the Samples plot, or the Genotypes plot.

When MARKER is activated, auditing for the Marker object (described below) is allowed. You must also enable the Marker object and set its attributes.


deleted Off

MARKER On

modified Off

Table 11 Elements of the audit map (continued)


On or Silent



Marker

IMPORTANT! To audit the Marker object, you must enable the Panel object and set the Panel MARKER attribute to On or Silent.

BIN On Creating, deleting, or modifying markers of a panel in the Panel Manager, the Samples plot, or the Genotypes plot.

When BIN is activated, auditing for the Bin object (described below) is allowed. You must also enable the Bin object and set its attributes.


created Off

deleted Off

modified Off

Bin

IMPORTANT! To audit the Bin object, you must enable the Marker object and set the Marker BIN attribute to On or Silent.

created Off Creating, deleting, or modifying individual bins of the binsets in the Panel Manager, the Samples plot, or the Genotypes plot.


deleted Off

modified Off

Matrix created Off Creating, deleting, or modifying matrices using the GeneMapper ID-X Manager.

Audit category: MatrixT deleted Off

modified Off

Size Standard created Off Creating, deleting, or modifying size standard definitions using the GeneMapper ID-X Manager.

Audit category: SizeStandardT

deleted Off

modified Off

Table 11 Elements of the audit map (continued)


On or Silent

Chapter 2 Managing the Audit Trail SystemViewing Audit History Records


Viewing Audit History RecordsThis section describes:

• Starting the Audit History Viewer

• Creating Audit Record Queries

• Performing Audit Record Queries and Viewing Audit Records

• Example Audit Records

• Printing Audit Records

Starting the Audit History Viewer

1. Select Start All Programs Applied Biosystems GeneMapper GeneMapper ID-X.

2. Log in with your user name and password, then click OK.

3. In the main window, select Admin Audit Manager Report.

4. In the AuditHistoryViewer dialog box, log in with an administrator user name and password (for example, gmidx or Lab Manager).

5. Click OK to open the Audit History Viewer window (page 64).



Creating Audit Record Queries

1. Open the Audit History Viewer window (see page 63).

2. Select File New Query to display the New Query dialog box.

User-defined queries

Audit objects Audit records for selected object

Details for selected Audit record



3. Complete the fields in the New Query dialog box, as needed. You can:

• Leave a field blank to find all records for a field.

• Enter a partial string in any field. For example, if you enter modified or Allele in the Audit Record field, the query finds all modified records or all records that relate to Allele edits.

• Enter a full string in any field to limit the query to specific records.

4. Click OK. The query is listed in the Queries pane of the Audit History Viewer.

Field Description Example

Query Name Name of the query

IMPORTANT! To create a query that lists all audit records, enter a Query Name and leave the remaining fields blank.

Full Audit History

Old Value Original value before the item is changed 22 [KitT.AmpFLSTR_Panels_v1.PANEL. Identifiler_v1.MARKER.D2S1338. BASEPAIR.336.33.SAMPLE.Sample3.PEAK_ID.1911.ANALYSIS_ID.44]

New Value New value after the item is changed new variant [KitT.AmpFLSTR_Panels_v1.PANEL. Identifiler_v1.MARKER.D2S1338. BASEPAIR.336.33.SAMPLE.Sample3.PEAK_ID.1911.ANALYSIS_ID.44]

Instance Name of the item ID_Control

Type Audit category S

genemapper id-x software - thermo fisher...

Documents