Users
A user is any individual who needs access to some part of the Stratosphere system. Users can range from system admins, with access to all roles and locations, to users who are assigned a pass to access secure device at one location and cannot access the website. Stratosphere was designed so that users would need to be granted the ability to see or edit only the data they need to do their job, and no more. This helps keep your data safe and your processes compliant with any privacy or regulatory requirements, such as FDA 21 CFR Part 11.
Viewing Users
Users are viewed and managed on the Users page available from the main menu.
To view a user's details, click the name of the user. The user details page displays the following information:
- First Name* - The first name of the user.
- Last Name* - The last name of the user.
- Email* - A valid email address for the user. Email functions as the username when logging into Stratosphere and will also be used to send important Stratosphere messages, such as how to reset your password.
- Time Zone - The local time zone that dates and times should be displayed as to the user. This setting will automatically match a user's browser by toggling on "Browser Specified Time Zone", or a time zone can be manually selected. This setting is configurable by users in their user profile.
- Phone Number - The phone number the user can be contacted at. Currently Stratosphere will not send users any texts, but configurable text alerts may become available in the future.
- Roles - Roles grant permissions to the user to take certain actions in the Stratosphere website.
- Website Access - Without this role, the user will not be able to login to the Stratosphere website, regardless of which other roles or locations they may have. Once a user is granted this role, they will be sent a welcome email prompting them to set their password and login to Stratosphere for the first time. If this role is removed, they will receive an email informing them that their access has been revoked. Users with this role will be able to view the following:
- Dashboard with the following info:
- Total inventory
- Transactions in the last 7 days
- Items expiring in the next 30 days
- Removed items needing disposition. This only appears if Item Disposition is enabled for the organization.
- Item exceptions. This only appears if Item Disposition is enabled for the organization.
- Inventory at location more than # of days. This only appears if Slow Moving Inventory is enabled for the organization.
- Product Par Levels. This only appears if Par Levels is enabled for the organization.
- Kanban Restock. This only appears if Kanban Inventory Management is enabled for the organization.
- Locations page, with only the user's assigned locations visible.
- Devices page, with only the devices belonging to the user's assigned locations visible.
- Aliases page, with only the aliases belonging to the user's assigned locations visible. This only appears if Aliases is enabled for the organization.
- Package Integrity page, with only package integrity documentation at user's assigned locations visible. This only appears if Package Integrity is enabled for the organization.
- Cases page, with the ability to create, edit, delete, and submit cases for the user's assigned locations. This only appears if Case Management is enabled for the organization.
- The following Reports:
- Detailed Inventory Report
- Expiring Items Report
- Inventory Exceptions (if Item Disposition optional feature is enabled for the organization)
- Inventory Summary Report
- Kanban Inventory Report (if the Kanban Inventory Management optional feature is enabled for the organization)
- Kanban Restock Report (if the Kanban Inventory Management optional feature is enabled for the organization)
- Par Levels Report (if Par Levels optional feature is enabled for the organization)
- Removed Items Report
- Slow Moving Inventory Report (if Slow Moving Inventory optional feature is enabled for the organization)
- Temperature Report
- Transaction Report
- Dashboard with the following info:
- Organization Management - Grants access to the Organization page, where the organization's name, address, support info, and logo can be edited. Also grants the ability to add or remove optional features, such as Aliases and Package Integrity, for the organization. This role also grants access to the Key Management page for managing organization keys for use with the Stratosphere API.
- User Management - Grants access to the Users page and all its functions, including viewing, adding, editing, deactivating, and reactivating users.
- Device and Location Management - Grants full access and control of the Accounts, Devices, Kanban Read Points, Locations, Par Levels, and Aliases records. Users with this role can view, add, edit, or delete any device, kanban read point, location, par level, or alias. Aliases, Kanban Inventory Management, and Par Levels are optional features enabled at the organization level.
- Product Management - Grants access to the Product Catalog page and all its functions, including viewing, adding, editing, or removing RFID products and, if enabled, Non-RFID product catalogs. This role also grants access to view, add, edit, and delete Barcode Regexes. This role also grants access to view, add, edit, and delete bins for the user's assigned locations for Kanban Inventory Management. Kanban Inventory Management is an optional feature enabled at the organization level.
- Item Management - Grants access to the Items page and all its functions, including viewing, adding, editing, or deleting RFID tagged items.
- Auditing - Allows total access to the searchable, sortable, downloadable Audit Log Report, which tracks every change to every record in the Stratosphere system.
- Package Integrity Management - Allows access to view all removal transactions that require package integrity documentation. Users with this role can also edit package integrity documentation. Will only be an option if Package Integrity is enabled for your organization.
- Case Management - Allows access to save submitted cases as drafts within the user's permitted accounts and locations. Allows access to view, edit, and submit cases created by other users within the user's permitted accounts and locations. Allows access to create, modify, and deactivate Surgeons and Procedures. Will only be an option if Case Management is enabled for your organization.
- Website Access - Without this role, the user will not be able to login to the Stratosphere website, regardless of which other roles or locations they may have. Once a user is granted this role, they will be sent a welcome email prompting them to set their password and login to Stratosphere for the first time. If this role is removed, they will receive an email informing them that their access has been revoked. Users with this role will be able to view the following:
- Permitted Accounts/Locations - The list of all accounts and locations the user is permitted to view when logging into Stratosphere. Devices assigned to these accounts and locations, along with all inventory and sensor data, will also be visible in Stratosphere. A user can physically access devices assigned to these accounts and locations with their Pass, regardless of whether they have the website access role.
- Pass RFID - The RFID value of the Pass used to access secure devices. Passes supplied by Terso will always have 10-digit RFID values that can contains both numbers and letters, and the field can support values of 10-40 characters for passes from alternate suppliers. Secured devices that are assigned to this user's assigned locations will be updated to accept this pass. A Pass RFID must be unique and can only be assigned to a single user. A Pass RFID cannot be deactivated for one user and reactivated for another.
- Pass Name - A visual identifier for the pass. Passes supplied by Terso will always have a unique 6-digit code printed on the back of the pass that should be used as the Pass Name. This field is not used by devices to determine access, it is purely for human identification of the pass.
- Deactivate Pass - If the user has an associated Pass RFID, a button will be present labelled "Deactivate Pass". This can be used to revoke the user's pass access to all devices in their permitted accounts and locations.
* = Required
Summary of Roles and the Permissions They Grant
| Roles -> | Website Access | Organization Management | User Management | Device and Location Management | Product Management | Item Management | Package Integrity Management | Auditing | Case Management |
|---|---|---|---|---|---|---|---|---|---|
| Accounts | View, Add, Edit, Delete All | ||||||||
| Locations | View Assigned1 | View, Add, Edit, Delete All | |||||||
| Devices | View Assigned1 | View, Add, Edit, Delete All | |||||||
| Kanban Read Points | View Assigned1,2 | View, Add, Edit, Delete All2 | |||||||
| Aliases | View Assigned1,3 | View, Add, Edit, Delete All3 | |||||||
| Users | View, Add, Edit, Delete All | ||||||||
| Product Catalog | View, Add, Edit, Deactivate All | ||||||||
| Non-RFID Product Catalog | View, Add, Edit, Deactivate All2 | ||||||||
| Kanban Bins | View All2 | View, Add, Edit, Deactivate Assigned2 | |||||||
| Barcode Regex | View, Add, Edit, Delete All | ||||||||
| Items | View, Add, Edit, Delete All | ||||||||
| Par Levels | View, Add, Edit, Delete All4 | ||||||||
| Package Integrity | View Assigned1,5 | View, Add, Edit, Delete All5 | |||||||
| Organization Settings & Features | View, Edit | ||||||||
| Cases | View, Create, Edit, Submit, Delete Assigned1,6 | View, Edit, Delete, Submit, Unsubmit All6 | |||||||
| Surgeons | View, Edit, Disable All6 | ||||||||
| Procedures | View, Edit, Disable All6 | ||||||||
| Key Management | View, Edit, Delete All | ||||||||
| Reports | |||||||||
| Audit Log | View All Record Types | ||||||||
| Detailed Inventory | View Assigned1 | View All | |||||||
| Expiring Items | View Assigned1 | View All | |||||||
| Inventory Exceptions | View Assigned1,7 | View All7 | |||||||
| Inventory Summary | View Assigned1 | View All | |||||||
| Kanban Inventory Summary | View Assigned1,2 | View All2 | |||||||
| Kanban Restock | View Assigned1,2 | View All2 | |||||||
| Par Levels | View Assigned1,4 | View All4 | |||||||
| Removed Items | View Assigned1 | View All | |||||||
| Slow Moving Inventory | View Assigned1,8 | View All8 | |||||||
| Temperature | View Assigned1 | View All | |||||||
| Transaction | View Assigned1 | View All | |||||||
| Unassociated Tags | View Assigned, Hide Assigned, Associate Tags As Bins for Assigned Locations2 | View All, Hide All, Associate Tags As Items |
1 - "View Assigned" means that a user with just the Website Access role will only be able to view information that directly relates to their assigned locations. For example, if a user is assigned to one location, and that location contains two devices, then they will be able to see the records that are tied to that location or its two devices. Information that relates to non-assigned locations and their devices and inventory will be hidden from users who only possess the Website Access role.
2 - Functionality available if the Kanban Inventory Management optional feature is enabled for the organization.
3 - Functionality available if the Aliases optional feature is enabled for the organization.
4 - Functionality available if the Par Levels optional feature is enabled for the organization.
5 - Functionality available if the Package Integrity optional feature is enabled for the organization.
6 - Functionality available if the Case Management optional feature is enabled for the organization.
7 - Functionality available if the Item Disposition optional feature is enabled for the organization.
8 - Functionality available if the Slow Moving Inventory optional feature is enabled for the organization.
Adding Users
We recommend only adding users who have been trained in using the system and are aware of their responsibilities. Add users with their legal names and personal work emails, not shared inboxes. This increases security and personal responsibility and enhances the value of auditing in the system. We also recommend that users are granted as few roles as are necessary to fulfill their job function.
Adding Single Users
To add a single user:
- Press "Add User" in the top left of the Users page.
- You can also "Add User" from the Master Add menu located in the top right, from any page.
- You can also "Add User" from the Master Add menu located in the top right, from any page.
- Enter the user's First Name.
- Enter the user's Last Name
- Enter the user's Email Address. The email must be valid and unique.
Click "optional information" to enter additional information about the user.
While the user can be saved without this "optional" information, the user will not have access to the website or secured devices until they are also assigned the appropriate roles, locations, and pass. See the Viewing Users section of this article for more details on each field.
- Click Save Changes to finish adding the user. If you assigned the "Website Access" role, Stratosphere will immediately send that user a welcome email.
Bulk Importing Users
Stratosphere supports importing users from a CSV file, so that you can create users in bulk.
There is no way to undo a bulk import, other than to edit or remove users from Stratosphere individually. When bulk importing, verify the accuracy of the import. Double-check to ensure that the data in the uploaded file is accurate. After importing the file, but before saving the imported records, open the "Ready to Import" section and verify that the columns are mapped appropriately and the data is exactly as you want it.
- Select "Import Users" at the top of the Users page.
- "Choose File" and select a file containing the users you want to import. The file must meet the following requirements:
- .CSV file format
- Less than 1 MB file size
- Fewer than 500 users to import
- Contain columns titled "First Name", "Last Name", "Email", "Phone Number", "Roles", "Permitted Accounts", "Permitted Locations", "Pass RFID", and "Pass Name".
- First Name - The user's first name. This field is required.
- Last Name - The user's last name. This field is required.
- Email - The user's email address. This field is required. Each user's email address must be unique.
- Phone Number - The user's phone number. This field is not required.
- Roles - the Stratosphere user roles that should be granted to the user. Enter a list of roles, separated by semicolon. This field is not required. For more information on roles, see the Roles section.
- Permitted Accounts - The account numbers to which the user should be granted access. Enter a list of account numbers, separated by semicolon. Granting a user access to an account will grant the user access to all locations within that account. This field is not required.
- Permitted Locations - The location names to which the user should be granted access. Enter a list of location names, separated by semicolon. This field is not required.
- Pass RFID - The 10-40 character value of the Pass used by the user to access secure devices. This field is not required.
- Pass Name - A visual identifier for the user's pass. This field is not required.
- Once a file is chosen, select "Import Users"
If your list of users is large (hundreds of users), it may take a minute to import. - Before saving the import, validate that the import was completed as expected by reviewing the three lists:
- Ready to Import - These users were successfully read from the file. Verify that the First Name, Last Name, Email Address, Phone Number, Roles, Permitted Accounts, Permitted Locations, Pass RFID, and Pass Name are displaying as expected.
- Already in System - These users were successfully read from the file, but they already exist in Stratosphere and will be skipped in the import to avoid duplication.
- Errors - These users were not successfully read from the file. Where possible, the reason for the error will be explained in this list. Potential reasons include:
- Duplicate email address
- Invalid email address format
- Duplicate or reused Pass RFID
- Pass RFID of an invalid length
- Invalid user role
- Invalid Account or Location
- Invalid columns included in the import file
Missing required fields
- If you are happy with your import preview, click "Import Users" one last time to save all the "Ready to Import" users in Stratosphere. Any errors can be handled individually and uploaded in a subsequent bulk import.
- If you assigned any users the "Website Access" role, Stratosphere will immediately send those users a welcome email.
The import must be validated within 20 minutes, otherwise you will need to restart the import process again.
Phone numbers and PassRFID values may contain more than 10 characters. Many spreadsheet programs, including Excel, will convert these numbers to scientific format. To prevent this, convert the Phone Number and Pass RFID columns to a number format of Text, and the numbers will be preserved for accurate import from CSV.
You can review the last 10 User Imports, including the list of users that were Already in System or had Errors, by clicking "Import Users" from the top of the Users page at any time.
Here is an example CSV used for user imports in Stratosphere: Example Import File for Users.csv
Editing Users
There are two options for editing a user.
Option 1
- On the users page, open the quick action menu for the user you wish to edit and select "Edit".
- In the Edit User window that opens, make any desired changes.
- Click "Save Changes" to save the edited record. Clicking "Cancel" or the X in the top right of the window will remove any edits you just made but had not yet saved.
Option 2
- On the users page, click the user name link
- In the User details page, make any desired changes.
- Click "Save Changes" to save the edited record. To cancel your edits, simply leave the user details page without saving.
Deactivating Users
Deactivating a user instantly removes that user's access to the website or secured devices. User settings will be preserved so that if the user is reactivated in the future, they will have all the same roles and locations by default. There are two options for deactivating a user. You cannot deactivate yourself.
Option 1
- On the users page, open the quick action menu for the user you wish to deactivate and select "deactivate"
- In the "Deactivate User" confirmation window that appears, click "Deactivate" to confirm the deactivation of the user. This can be undone by reactivating the user at any time. Clicking "Cancel" or the X in the top right of the window will not deactivate the user.
Option 2
- On the users page, click the user name link for the user you wish to deactivate.
- On the user details page that opens, scroll to the bottom of the page and click "Deactivate".
- In the "Deactivate User" confirmation window that appears, click "Deactivate" to confirm the deactivation of the user. This can be undone by reactivating the user at any time. Clicking "Cancel" or the X in the top right of the window will not deactivate the user.
Activating Users
Activating a deactivated user instantly restores whatever access to the website or secured devices that the user has been granted. They will be sent an email prompting them to reset their password, but all other user settings will be activated as though the user had never been deactivated. There are two options for activating a user.
Option 1
- On the users page, open the quick action menu for the user you wish to activate and select "Activate"
- In the "Activate User" confirmation window that appears, click "Activate" to confirm the activation of the user. Clicking "Cancel" or the X in the top right of the window will not activate the user.
Option 2
- On the Users page, click the user name link for the user you wish to activate.
- On the User Details page that opens, scroll to the bottom of the page and click "Activate".
- In the "Activate User" confirmation window that appears, click "Activate" to confirm the activation of the user. Clicking "Cancel" or the X in the top right of the window will not activate the user.
Resending Invites
When a user is granted the "Website Access" role in their user record, Stratosphere sends them an invite email with a link to set their password. The email notifies them that this link will expire after 30 days for security reasons. If the user has allowed the link to expire, or simply requests a new invite email because they cannot find the original, the invite email can be resent with a new 30-day link. Sending a new email will instantly invalidate the links in any previously sent invite emails (only 1 invite link can be active at any time). There are two methods for resending this user invite:
Option 1
- On the Users page, open the quick action menu for the user you wish to resend the invite to and select "Resend Invite"
- In the "Resend Invite" confirmation window that appears, click "Resend Invite" to confirm the resend. Clicking "Cancel" or the X in the top right of the window will not resend the invite.
Option 2
- On the users page, click the user name link for the user you wish to resend the invite to.
- On the user details page that opens, scroll to the bottom of the page and click "Resend Invite".
- In the "Resend Invite" confirmation window that appears, click "Resend Invite" to confirm the resend. Clicking "Cancel" or the X in the top right of the window will not cause an invite to be resent.
Resetting Passwords
Once a user has set a password, you may want to force a reset if you believe their current password has been compromised, or if the user has requested their password be reset. Users can also reset their own password by clicking "Forgot Password" on the login page and entering their email address. Resetting a user's password instantly invalidates their existing password and sends a "Reset Password" email to the user's email address, with a link to reset their password. There are two methods for resetting a user's password:
Option 1
- On the Users page, open the quick action menu for the user whose password you wish to reset and select "Reset Password."
- In the "Reset Password" confirmation window that appears, click "Reset Password" to confirm the reset. Clicking "Cancel" or the X in the top right of the window will not reset the password.
Option 2
- On the users page, click the user name link for the user whose password you wish to reset.
- On the user details page that opens, scroll to the bottom of the page and click "Reset Password".
- In the "Reset Password" confirmation window that appears, click "Reset Password" to confirm the reset. Clicking "Cancel" or the X in the top right of the window will not reset the password.
A user is any individual who needs access to some part of the Stratosphere system. Users can range from system admins, with access to all roles and locations, to users who are assigned a pass to access secure device at one location and cannot access the website. Stratosphere was designed so that users would need to be granted the ability to see or edit only the data they need to do their job, and no more. This helps keep your data safe and your processes compliant with any privacy or regulatory requirements, such as FDA 21 CFR Part 11.