Users
A user is any individual who needs access to some part of the Stratosphere system. Users can range from system admins, with access to all roles and locations, to users who are assigned a pass to access secure device at one location and cannot access the website. Stratosphere was designed so that users would need to be granted the ability to see or edit only the data they need to do their job, and no more. This helps keep your data safe and your processes compliant with any privacy or regulatory requirements, such as FDA 21 CFR Part 11.
Viewing Users
Users are viewed and managed on the Users page available from the main menu.
To view a user's details, click the name of the user. In the details page you will all the available information for that user, including:
- First Name* - The first name of the user.
- Last Name* - The last name of the user.
- Email* - A valid email address for the user. Email functions as the username when logging into Stratosphere and will also be used to send important Stratosphere messages, such as how to reset your password.
- Time Zone* - The local time zone that dates and times should be displayed as to the user. This setting will automatically match a user's browser by toggling on "Match Browser Time Zone", or a time zone can be manually selected. This setting is configurable by users in their user profile.
- Phone Number - The phone number the user can be contacted at. Currently Stratosphere will not send users any texts, but configurable text alerts may become available in the future.
- Roles - Roles grant permissions to the user to take certain actions in the Stratosphere website.
- Website Access - Without this role, the user will not be able to login to the Stratosphere website, regardless of which other roles or locations they may have. Once a user is granted this role, they will be sent a welcome email prompting them to set their password and login to Stratosphere for the first time. If this role is removed, they will receive an email informing them that their access has been revoked. Users with this role will be able to view the following:
- Dashboard with the following info:
- total inventory
- transactions in the last 7 days
- expiring items in the next 30 days
- Locations page, with only the user's assigned locations visible.
- Devices page, with only the devices belonging to the user's assigned locations visible.
- Par Levels page, with only the par levels belonging to the user's assigned locations visible. This only appears if Par Levels are enabled for the organization.
- Aliases page, with only the aliases belonging to the user's assigned locations visible. This only appears if Aliases are enabled for the organization.
- Package Integrity page, with only package integrity documentation's at user's assigned locations visible. This only appears if package integrity is enabled for the organization.
- Case Management page, with the ability to create, edit, delete, and submit cases for the user's assigned locations. This only appears if Case Management is enabled for the organization.
- The following Reports:
- Detailed Inventory Report
- Expiring Items Report
- Inventory Summary Report
- Par Levels Report (if enabled for the organization)
- Slow Moving Inventory Report (if enabled for the organization)
- Temperature Report
- Transaction Report
- Removed Items Report
- Inventory Exceptions (if item disposition is enabled for the organization)
- Unassociated Tags
- Dashboard with the following info:
- Organization Management - Grants permission to the Organization page, where the Organization's name, address, support info, and logo can be edited. Also grants the ability to add or remove optional features for the whole organization, such as Aliases and Package Integrity.
- User Management - Grants access to the Users page and all its functions, such as viewing, adding, editing, deactivating, and reactivating users.
- Device and Location Management - Grants full access and control of the Accounts, Devices, Locations, Par Levels, and Aliases records. Users with this role can view, add, edit, or delete any device, location, par level, or alias. Par Levels and Aliases are both optional features enabled at the organization level.
- Product Management - Grants access to the Product Catalog page and all its functions, such as viewing, adding, editing, or removing products from the catalog. Also allows viewing, adding, editing, and deleting of Barcode Regexes.
- Item Management - Grants access to the Items page and all its functions, such as viewing, adding, editing, or deleting items.
- Auditing - Allows total access to the searchable, sortable, downloadable Audit Log Report, which tracks every change to every record in the Stratosphere system.
- Package Integrity Management - Allows access to view all removal transactions that require package integrity documentation. Users with this role can also edit package integrity documentation. Will only be an option if Package Integrity is enabled for your organization.
- Case Management - Allows access to save submitted cases as drafts within the user's permitted accounts and locations. Allows access to view, edit, and submit cases created by other users within the user's permitted accounts and locations. Allows access to create, modify, and deactivate Surgeons and Procedures. Will only be an option if Case Management is enabled for your organization.
- Website Access - Without this role, the user will not be able to login to the Stratosphere website, regardless of which other roles or locations they may have. Once a user is granted this role, they will be sent a welcome email prompting them to set their password and login to Stratosphere for the first time. If this role is removed, they will receive an email informing them that their access has been revoked. Users with this role will be able to view the following:
- Assigned Locations - The list of all locations the user is permitted to view when logging into Stratosphere. Devices assigned to these locations, along with all inventory and sensor data will also be visible in Stratosphere. A user can physically access devices assigned to these locations with their Pass, regardless of whether they have the website access role.
- Pass RFID - The RFID value of the Pass used to access secure devices. Passes supplied by Terso will always have 10-digit RFID values that can contains both numbers and letters, and the field can support values of 10-40 characters for passes from alternate suppliers. Secured devices that are assigned to this user's assigned location's will be updated to accept this pass. A Pass RFID must be unique and can only be assigned to a single user. A Pass RFID cannot be deactivated for one user and reactivated for another.
- Pass Name - A visual identifier for the pass. Passes supplied by Terso will always have a unique 6-digit code printed on the back of the pass that should be used as the Pass Name. This field is not used by devices to determine access, it is purely for human identification of the pass.
- Last Login Date - This is the last date and time that the user successfully logged in to Stratosphere.
- Active - This value is either True or False. An active (or reactivated) user will display a value of "True". A deactivated user will display "False". The active flag being "False" invalidates any and all roles or locations assigned to the user. If the deactivated user tries to login, they will be told their email address or password is incorrect. Their pass will no longer grant them access to any secured devices.
* = Required
Summary of Roles and the Permissions They Grant
Roles -> | Website Access | Organization Management | User Management | Device and Location Management | Product Management | Item Management | Package Integrity Management | Auditing | Case Management |
---|---|---|---|---|---|---|---|---|---|
Accounts | View, Add, Edit, Delete All | ||||||||
Locations | View Assigned1 | View, Add, Edit, Delete All | |||||||
Devices | View Assigned1 | View, Add, Edit, Delete All | |||||||
Aliases | View Assigned1 | View, Add, Edit, Delete All | |||||||
Users | View, Add, Edit, Delete All | ||||||||
Product Catalog | View, Add, Edit, Delete All | ||||||||
Barcode Regex | View, Add, Edit, Delete All | ||||||||
Items | View, Add, Edit, Delete All | ||||||||
Package Integrity | View Assigned1 | View, Add, Edit, Delete All | |||||||
Organization Settings & Features | View, Edit | ||||||||
Cases | View, Create, Edit, Submit, Delete Assigned1 | View, Edit, Delete, Submit, Unsubmit All | |||||||
Surgeons | View, Edit, Disable All | ||||||||
Procedures | View, Edit, Disable All | ||||||||
Reports | |||||||||
Transaction | View Assigned1 | View All | |||||||
Slow Moving Inventory | View Assigned1 | View All | |||||||
Par Levels | View Assigned1 | View All | |||||||
Unassociated Tags | View All | ||||||||
Expiring Items | View Assigned1 | View All | |||||||
Inventory Summary | View Assigned1 | View All | |||||||
Detailed Inventory | View Assigned1 | View All | |||||||
Temperature | View Assigned1 | View All | |||||||
Audit Log | View All Record Types | ||||||||
Removed Items | View Assigned1 | View All | |||||||
Inventory Exceptions | View Assigned1 | View All |
1 - "View Assigned" means that a user with just the Website Access role will only be able to view information that directly relates to their assigned locations. For example, if a user is assigned to one location, and that location contains two devices, then they will be able to see the records that are tied to that location or its two devices. Information that relates to non-assigned locations and their devices and inventory will be hidden from users who only possess the Website Access role.
Adding Users
We recommend only adding users who have been trained in using the system and are aware of their responsibilities. Add users with their legal names and personal work emails, not shared inboxes. This increases security and personal responsibility and enhances the value of auditing in the system.
Adding Single Users
To add a single user:
- Press "Add User" in the top left of the Users page.
- You can also "Add User" from the Master Add menu located in the top right, from any page.
- You can also "Add User" from the Master Add menu located in the top right, from any page.
- Enter the user's First Name.
- Enter the user's Last Name
- Enter the user's Email Address. The email must be valid and unique.
- Select a Time Zone. If you are not sure which time zone a user belongs to, just leave it as the default (your own time zone). Users can always change their own time zone in their User Profile.
Click "optional information" to enter additional information about the user.
While the user can be saved without this "optional" information, the user will not have access to the website or secured devices until they are also assigned the appropriate roles, locations, and pass. See the 'Viewing Users' section of this article for more details on each field.
- Click Save Changes to finish adding the user. If you assigned the "Website Access" role, Stratosphere will immediately send that user a welcome email.
Bulk Importing Users
Stratosphere supports importing users from a CSV file, so that you can create users in bulk.
There is no way to undo a bulk import, other than to edit or remove users from Stratosphere individually. When bulk importing, take every opportunity to verify the accuracy of the import. Double-check to ensure that the data in the uploaded file is accurate. After importing the file, but before saving the imported records, open the "Ready to Import" section and verify that the columns are mapped appropriately and the data is exactly as you want it.
- Select "Import Users" at the top of the Users page.
- "Choose File" and select a file containing the users you want to import. The file must meet the following requirements:
- .CSV file format
- Less than 1 MB file size
- Fewer than 500 users to import
- Contain columns titled "First Name", "Last Name", "Email Address", "Phone Number", "Roles", "Permitted Accounts", "Permitted Locations", "Pass RFID", and "Pass Name".
- First Name - The user's first name. This field is required.
- Last Name - The user's last name. This field is required.
- Email - The user's email address. This field is required. Each user's email address must be unique.
- Phone Number - The user's phone number. This field is not required.
- Roles - the Stratosphere user roles that should be granted to the user. Enter a list of roles, separated by semicolon. This field in not required. For more information on roles, see the Roles section.
- Permitted Accounts - The account numbers to which the user should be granted access. Enter a list of account numbers, separated by semicolon. Granting a user access to an account will grant the user access to all locations within that account. This field is not required.
- Permitted Locations - The location names to which the user should be granted access. Enter a list of location names, separated by semicolon. This field is not required.
- Pass RFID - The 10-40 character value of the Pass used by the user to access secure devices. This field is not required.
- Pass Name - A visual identifier for the user's pass. This field is not required.
- Once a file is chosen, select "Import Users"
If your list of users is large (hundreds of users), it may take a minute to import. - Before saving the import, validate that the import was completed as expected by reviewing the three lists:
- Ready to Import - These users were successfully read from the file. Verify that the First Name, Last Name, Email Address, Phone Number, Roles, Permitted Accounts, Permitted Locations, Pass RFID, and Pass Name are displaying as expected.
- Already in System - These users were successfully read from the file, but they already exist in Stratosphere and will be skipped in the import to avoid duplication.
- Errors - These users were not successfully read from the file. Where possible, the reason for the error will be explained in this list. Potential reasons include:
- Duplicate email address
- Invalid email address format
- Duplicate or reused Pass RFID
- Pass RFID of an invalid length
- Invalid user role
- Invalid Account or Location
- Invalid columns included in the import file
Missing required fields
- If you are happy with your import preview, click "Import Users" one last time to save all the "Ready to Import" users in Stratosphere. Any errors can be handled individually and uploaded in a subsequent bulk import.
- If you assigned any users the "Website Access" role, Stratosphere will immediately send those users a welcome email.
The import must be validated within 20 minutes, otherwise you will need to restart the import process again.
Phone numbers and PassRFID values may contain more than 10 characters. Many spreadsheet programs, including Excel, will convert these numbers to scientific format. To prevent this, convert the Phone Number and Pass RFID columns to a number format of Text, and the numbers will be preserved for accurate import from CSV.
You can review the last 10 User Imports, including the list of users that were Already in System or had Errors, by clicking "Import Users" from the top of the Users page at any time.
Here is an example CSV used for user imports in Stratosphere: Example Import File for Users.csv
Editing Users
There are two options for editing a user.
Option 1
- On the users page, open the quick action menu for the user you wish to edit and select "Edit".
- In the Edit User window that opens, make any desired changes.
- Click "Save Changes" to save the edited record. Clicking "Cancel" or the X in the top right of the window will remove any edits you just made but had not yet saved.
Option 2
- On the users page, click the user name link
- In the User details page, make any desired changes.
- Click "Save Changes" to save the edited record. To cancel your edits, simply leave the user details page without saving.
Deactivating Users
Deactivating a user instantly removes that user's access to the website or secured devices. User settings will be preserved so that if the user is reactivated in the future, they will have all the same roles and locations by default. There are two options for deactivating a user. You cannot deactivate yourself.
Option 1
- On the users page, open the quick action menu for the user you wish to deactivate and select "deactivate"
- In the "Deactivate User" confirmation window that appears, click "Deactivate" to confirm the deactivation of the user. This can be undone by reactivating the user at any time. Clicking "Cancel" or the X in the top right of the window will not deactivate the user.
Option 2
- On the users page, click the user name link for the user you wish to deactivate.
- On the user details page that opens, scroll to the bottom of the page and click "Deactivate".
- In the "Deactivate User" confirmation window that appears, click "Deactivate" to confirm the deactivation of the user. This can be undone by reactivating the user at any time. Clicking "Cancel" or the X in the top right of the window will not deactivate the user.
Activating Users
Activating a deactivated user instantly restores whatever access to the website or secured devices that the user has been granted. They will be sent an email prompting them to reset their password, but all other user settings will be activated as though the user had never been deactivated. There are two options for activating a user.
Option 1
- On the users page, open the quick action menu for the user you wish to activate and select "Activate"
- In the "Activate User" confirmation window that appears, click "Activate" to confirm the activation of the user. Clicking "Cancel" or the X in the top right of the window will not activate the user.
Option 2
- On the Users page, click the user name link for the user you wish to activate.
- On the User Details page that opens, scroll to the bottom of the page and click "Activate".
- In the "Activate User" confirmation window that appears, click "Activate" to confirm the activation of the user. Clicking "Cancel" or the X in the top right of the window will not activate the user.
Resending Invites
When a user is granted the "Website Access" role in their user record, Stratosphere sends them an invite email with a link to set their password. The email notifies them that this link will expire after 30 days for security reasons. If the user has allowed the link to expire, or simply requests a new invite email because they cannot find the original, the invite email can be resent with a new 30-day link. Sending a new email will instantly invalidate the links in any previously sent invite emails (only 1 invite link can be active at any time). There are two methods for resending this user invite:
Option 1
- On the Users page, open the quick action menu for the user you wish to resend the invite to and select "Resend Invite"
- In the "Resend Invite" confirmation window that appears, click "Resend Invite" to confirm the resend. Clicking "Cancel" or the X in the top right of the window will not resend the invite.
Option 2
- On the users page, click the user name link for the user you wish to resend the invite to.
- On the user details page that opens, scroll to the bottom of the page and click "Resend Invite".
- In the "Resend Invite" confirmation window that appears, click "Resend Invite" to confirm the resend. Clicking "Cancel" or the X in the top right of the window will not cause an invite to be resent.
Resetting Passwords
Once a user has set a password, you may want to force a reset if you believe their current password has been compromised, or the user has requested their password be reset. Users can also reset their own password by clicking "Forgot Password" on the login page and entering their email address. Resetting a user's password instantly invalidates their existing password and sends a "Reset Password" email to the user's email address, with a link to reset their password. There are two methods for resetting a user's password:
Option 1
- On the users page, open the quick action menu for the user whose password you wish to reset and select "Reset Password."
- In the "Reset Password" confirmation window that appears, click "Reset Password" to confirm the reset. Clicking "Cancel" or the X in the top right of the window will not reset the password.
Option 2
- On the users page, click the user name link for the user whose password you wish to reset.
- On the user details page that opens, scroll to the bottom of the page and click "Reset Password".
- In the "Reset Password" confirmation window that appears, click "Reset Password" to confirm the reset. Clicking "Cancel" or the X in the top right of the window will not reset the password.