Merge latest changes from candidate-3.6.2 into candidate-3.6.x

Ensure changes that were directly taken to 3.6.2 are in subsequent 3.6.x
versions too.

Signed-off-by: Richard Chapman <rchapman@hpccsystems.com>

CMakeLists.txt

@@ -57,16 +57,7 @@ ENABLE_TESTING()
 set (HPCC_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR})
 set(CMAKE_MODULE_PATH "${HPCC_SOURCE_DIR}/cmake_modules/")
 
-###
-## Version Information
-###
-set ( HPCC_PROJECT "community" )
-set ( HPCC_MAJOR 3 )
-set ( HPCC_MINOR 6 )
-set ( HPCC_POINT 3 )
-set ( HPCC_MATURITY "closedown" )
-set ( HPCC_SEQUENCE 1 )
-###
+include(${HPCC_SOURCE_DIR}/version.cmake)
 
 ###
 ## Build Level

cmake_modules/FindFOP.cmake

@@ -23,7 +23,7 @@
 
 if (NOT FOP_FOUND)
   IF (WIN32)
-    SET (fop_n "fop.exe")
+    SET (fop_n "fop.bat")
   ELSE()
     SET (fop_n "fop")
   ENDIF()

cmake_modules/dependencies/precise.cmake

@@ -0,0 +1 @@
+set ( CPACK_DEBIAN_PACKAGE_DEPENDS "libboost-regex1.46.1, libicu48, libxalan110, libxerces-c28, binutils, libldap-2.4-2, openssl, zlib1g, g++, openssh-client, openssh-server, expect")

docs/BuildTools/fo.xsl

@@ -324,6 +324,11 @@
        </fo:inline>
 </xsl:template>
 
+  <xsl:template match="emphasis[@role='underline']">
+      <fo:inline text-decoration="underline">
+         <xsl:apply-templates/>
+      </fo:inline>
+  </xsl:template>
 
 <xsl:template match="ulink">
      <fo:inline color="blue" text-decoration="underline">

docs/BuildTools/fo.xsl.in

@@ -324,6 +324,12 @@
        </fo:inline>
 </xsl:template>
 
+  <xsl:template match="emphasis[@role='underline']">
+      <fo:inline text-decoration="underline">
+         <xsl:apply-templates/>
+      </fo:inline>
+  </xsl:template>
+
 
 <xsl:template match="ulink">
      <fo:inline color="blue" text-decoration="underline">

docs/HPCCDataHandling/DataHandling.xml

@@ -32,7 +32,7 @@
       <para></para>
     </legalnotice>
 
-        <xi:include href="common/Version.xml" xpointer="FooterInfo"
+    <xi:include href="common/Version.xml" xpointer="FooterInfo"
                 xmlns:xi="http://www.w3.org/2001/XInclude" />
 
     <xi:include href="common/Version.xml" xpointer="DateVer"
@@ -263,8 +263,8 @@
 
         <para><orderedlist>
             <listitem>
-              <para>Open the WinSCP tool, and login to your Virtual Machine's
-              IP address using the username and password given.</para>
+              <para>Open the WinSCP tool, and login to your Landing Zone node
+              using the username and password given.</para>
 
               <para><informaltable colsep="1" rowsep="1">
                   <tgroup cols="2">
@@ -391,7 +391,7 @@
             </listitem>
 
             <listitem>
-              <para> Provide <emphasis role="bold">Destination</emphasis>
+              <para>Provide <emphasis role="bold">Destination</emphasis>
               information.</para>
 
               <para><informaltable colsep="0" frame="none" rowsep="0">
@@ -1311,4 +1311,201 @@
       </sect2>
     </sect1>
   </chapter>
+
+  <chapter>
+    <title>HPCC Data Backups</title>
+
+    <sect1 id="Introduction2" role="nobrk">
+      <title>Introduction</title>
+
+      <para>This section covers critical system data that requires regular
+      backup procedures to prevent data loss. </para>
+
+      <para>There are </para>
+
+      <itemizedlist>
+        <listitem>
+          <para>The System Data Store (Dali data)</para>
+        </listitem>
+
+        <listitem>
+          <para>Environment Configuration files</para>
+        </listitem>
+
+        <listitem>
+          <para>Data Refinery (Thor) data files</para>
+        </listitem>
+
+        <listitem>
+          <para>Rapid Data Delivery Engine (Roxie) data files</para>
+        </listitem>
+
+        <listitem>
+          <para>Attribute Repositories</para>
+        </listitem>
+
+        <listitem>
+          <para>Landing Zone files</para>
+        </listitem>
+      </itemizedlist>
+    </sect1>
+
+    <sect1>
+      <title>Dali data</title>
+
+      <para>The Dali Server data is typically mirrored to its backup node.
+      This location is specified in the environment configuration file using
+      the Configuration Manager. </para>
+
+      <para>Since the data is written simultaneously to both nodes, there is
+      no need for a manual backup procedure. </para>
+    </sect1>
+
+    <sect1>
+      <title>Environment Configuration files</title>
+
+      <para>There is only one active environment file, but you may have many
+      alternative configurations. </para>
+
+      <para>Configuration manager only works on files in the
+      /etc/HPCCSystems/source/ folder. To make a configuration active, it is
+      copied to /etc/HPCCSystems/environment.xml on all nodes. </para>
+
+      <para>Configuration Manager automatically creates backup copies in the
+      /etc/HPCCSystems/source/backup/ folder.</para>
+    </sect1>
+
+    <sect1>
+      <title>Thor data files</title>
+
+      <para>Thor clusters are normally configured to automatically replicate
+      data to a secondary location known as the mirror location. Usually, this
+      is on the second drive of the subsequent node. </para>
+
+      <para>If the data is not found at the primary location (for example, due
+      to drive failure or because a node has been swapped out), it looks in
+      the mirror directory to read the data. Any writes go to the primary and
+      then to the mirror. This provides continual redundancy and a quick means
+      to restore a system after a node swap.</para>
+
+      <para>A Thor data backup should be performed on a regularly scheduled
+      basis and on-demand after a node swap.</para>
+
+      <sect2>
+        <title>Manual backup</title>
+
+        <para>To run a backup manually, follow these steps:</para>
+
+        <orderedlist>
+          <listitem>
+            <para>Login to the Thor Master node.</para>
+
+            <para>If you don't know which node is your Thor Master node, you
+            can look it up using ECL Watch.</para>
+          </listitem>
+
+          <listitem>
+            <para>Run this command:</para>
+
+            <programlisting>sudo su hpcc
+/opt/HPCCSystems/bin/start_backupnode &lt;thor_cluster_name&gt; </programlisting>
+
+            <para>This starts the backup process.</para>
+
+            <para></para>
+
+            <graphic fileref="images/backupnode.jpg" />
+
+            <para>Wait until completion. It will say "backupnode finished" as
+            shown above.</para>
+          </listitem>
+
+          <listitem>
+            <para>Run the XREF utility in ECL Watch to verify that there are
+            no orphan files or lost files.</para>
+          </listitem>
+        </orderedlist>
+      </sect2>
+
+      <sect2>
+        <title>Scheduled backup</title>
+
+        <para>The easiest way to schedule the backup process is to create a
+        cron job. Cron is a daemon that serves as a task scheduler. </para>
+
+        <para>Cron tab (short for CRON TABle) is a text file that contains a
+        the task list. To edit with the default editor, use the
+        command:</para>
+
+        <programlisting>sudo crontab -e</programlisting>
+
+        <para>Here is a sample cron tab entry:</para>
+
+        <para><programlisting>30 23 * * * /opt/HPCCSystems/bin/start_backupnode mythor 
+</programlisting>30 represents the minute of the hour. </para>
+
+        <para>23 represents the hour of the day </para>
+
+        <para>The asterisks (*) represent every day, month, and
+        weekday.</para>
+
+        <para>mythor is the clustername</para>
+
+        <para>To list the tasks scheduled, use the command:</para>
+
+        <programlisting>sudo crontab -l</programlisting>
+
+        <para></para>
+      </sect2>
+    </sect1>
+
+    <sect1 id="Roxie-Data-Backup">
+      <title>Roxie data files</title>
+
+      <para>Roxie data is protected by three forms of redundancy:</para>
+
+      <itemizedlist mark="bullet">
+        <listitem>
+          <para>Original Source Data File Retention: When a query is deployed,
+          the data is typically copied from a Thor cluster's hard drives.
+          Therefore, the Thor data can serve as backup, provided it is not
+          removed or altered on Thor. Thor data is typically retained for a
+          period of time sufficient to serve as a backup copy.</para>
+        </listitem>
+
+        <listitem>
+          <para>Peer-Node Redundancy: Each Slave node typically has one or
+          more peer nodes within its cluster. Each peer stores a copy of data
+          files it will read.</para>
+        </listitem>
+
+        <listitem>
+          <para>Sibling Cluster Redundancy: Although not required, Roxie
+          deployments may run multiple identically-configured Roxie clusters.
+          When two clusters are deployed for Production each node has an
+          identical twin in terms of data and queries stored on the node in
+          the other cluster.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>This provides multiple redundant copies of data files.</para>
+    </sect1>
+
+    <sect1>
+      <title>Attribute Repositories</title>
+
+      <para>Attribute repositories are stored on ECL developer's local hard
+      drives. They can contain a significant number of hours of work and
+      therefore should be regularly backed up. In addition, we suggest using
+      some form of source version control, too. </para>
+    </sect1>
+
+    <sect1>
+      <title>Landing Zone files</title>
+
+      <para>Landing Zones contain raw data for input. They can also contain
+      output files. Depending on the size or complexity of these files, you
+      may want to retain copies for redundancy.</para>
+    </sect1>
+  </chapter>
 </book>

docs/Installing_and_RunningTheHPCCPlatform/Installing_and_RunningTheHPCCPlatform.xml

@@ -1668,6 +1668,13 @@ sudo -u hpcc cp /etc/HPCCSystems/source/NewEnvironment.xml /etc/HPCCSystems/envi
         </orderedlist>
       </sect2>
     </sect1>
+    
+     <xi:include href="Installing_and_RunningTheHPCCPlatform/hpcc_ldap.xml" xpointer="element(/1)"
+		                xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+     <xi:include href="Installing_and_RunningTheHPCCPlatform/user_Sect.xml" xpointer="element(/1)"
+		                xmlns:xi="http://www.w3.org/2001/XInclude" />
+    
   </chapter>
 
   <chapter>

docs/wip/hpcc_ldap.xml

@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
-<sect1>
+<sect1 id="ldap_config">
   <title>Configuring HPCC to use LDAP Authentication</title>
 
   <para>This section details the steps to connect your HPCC platform to an
-  existing LDAP Server.</para>
+  existing LDAP Server to enable user security.</para>
 
   <informaltable colsep="1" frame="all" rowsep="1">
     <?dbfo keep-together="always"?>
@@ -20,8 +20,8 @@
           <entry><inlinegraphic fileref="images/caution.png" /></entry>
 
           <entry><emphasis role="bold">You should not attempt this until you
-          have already deployed, configured, and preflighted the environment
-          you will use.</emphasis></entry>
+          have already deployed, configured, and certified the environment you
+          will use.</emphasis></entry>
         </row>
       </tbody>
     </tgroup>
@@ -30,8 +30,8 @@
   <sect2>
     <title>Connect to Configuration Manager</title>
 
-    <para>In order to change the configuration for any HPCC components, we
-    need to connect to the Configuration Manager.</para>
+    <para>In order to change the configuration for HPCC components, connect to
+    the Configuration Manager.</para>
 
     <orderedlist numeration="arabic">
       <listitem>
@@ -53,17 +53,18 @@
         <para>Connect to the Configuration Manager web interface.</para>
 
         <para>(using the url of
-        http://<emphasis>&lt;ESP_IP_Address&gt;</emphasis>:8015, where
-        <emphasis>&lt;ESP_IP_Address&gt;</emphasis> is the IP address of your
-        ESP Server)</para>
+        http://<emphasis>&lt;configmgr_IP_Address&gt;</emphasis>:8015, where
+        <emphasis>&lt;configmgr_IP_Address&gt;</emphasis> is the IP address of
+        the node running Configuration Manager)</para>
       </listitem>
 
       <listitem>
-        <para>Select the Advanced View radio button.</para>
+        <para>Select the <emphasis role="bold">Advanced View</emphasis> radio
+        button.</para>
       </listitem>
 
       <listitem>
-        <para>Use the drop list to select an XML file for editing.</para>
+        <para>Use the drop list to select the XML configuration file.</para>
       </listitem>
     </orderedlist>
 
@@ -85,13 +86,13 @@
       </listitem>
 
       <listitem>
-        <para>From the Navigator pane, select <emphasis
-        role="bold">Hardware</emphasis>.</para>
+        <para>From the <emphasis role="bold">Navigator</emphasis> pane, select
+        <emphasis role="bold">Hardware</emphasis>.</para>
       </listitem>
 
       <listitem>
         <para>Select the <emphasis role="bold">Computers</emphasis> tab from
-        the page on the right.</para>
+        the panel on the right.</para>
       </listitem>
 
       <listitem>
@@ -100,7 +101,7 @@
         <para>Rt-click on the table below computers and select <emphasis
         role="bold">New </emphasis>from the pop up menu.</para>
 
-        <para><graphic fileref="images/LDAP_001.jpg" /></para>
+        <para><graphic fileref="../images/LDAP_001.jpg" /></para>
 
         <para>The <emphasis role="bold">Add New Computers</emphasis> dialog
         displays.</para>
@@ -110,34 +111,36 @@
         <para>Fill in the values for the <emphasis role="bold">Computer
         Attributes</emphasis></para>
 
-        <para><graphic fileref="images/LDAP_002.jpg" /></para>
+        <para><graphic fileref="../images/LDAP_002.jpg" /></para>
       </listitem>
     </orderedlist>
 
     <orderedlist numeration="loweralpha">
       <listitem>
         <para>Provide a <emphasis role="bold">Name Prefix</emphasis>, for
-        example: <emphasis role="bluel">ldap</emphasis>. This helps you to
-        identify it among the list of computers.</para>
+        example: <emphasis role="blue">ldap</emphasis>.</para>
+
+        <para>This helps you to identify it in the list of computers.</para>
       </listitem>
 
       <listitem>
-        <para>Fill in Domain and type with the values of your domain name, as
-        well as the types of machines you are using, In the example above,
-        <emphasis role="bold">Domain</emphasis> is <emphasis
-        role="blue">localdomain</emphasis>, and the <emphasis
+        <para>Fill in <emphasis role="bold">Domain</emphasis> and <emphasis
+        role="bold">Type</emphasis> with the values of your domain name, as
+        well as the types of machines you are using.</para>
+
+        <para>In the example above, <emphasis role="bold">Domain</emphasis> is
+        <emphasis role="blue">localdomain</emphasis>, and the <emphasis
         role="bold">Type</emphasis> is <emphasis
         role="blue">linuxmachine</emphasis>. These should correspond to your
         domain and type.</para>
 
         <para>If you need to add a new domain or machine type to your system
-        to be able to define an existing LDAP or MySQL server, you should set
-        these up first in the other two tabs in the hardware section.</para>
+        to be able to define an existing LDAP server, you should set these up
+        first in the other two tabs in the hardware section.</para>
       </listitem>
 
       <listitem>
-        <para>Add the IP address (or IP address range) as appropriate for the
-        LDAP server.</para>
+        <para>Add the IP address as appropriate for the LDAP server.</para>
       </listitem>
 
       <listitem>
@@ -153,16 +156,15 @@
   <sect2>
     <title>Adding the ldapServer component</title>
 
-    <para>After the LDAP Server component has been added to the appropriate
-    Hardware configuration, you need to configure the Software component
-    definition.</para>
+    <para>After the LDAP Server node has been added to the Hardware
+    configuration, configure the Software LDAP server definition.</para>
 
     <orderedlist numeration="arabic">
       <listitem>
-        <para>Rt-click on Navigator Pane and choose <emphasis role="bold">New
-        Components</emphasis> from the pop up menu, then choose <emphasis
-        role="bold">ldapServer</emphasis> from the pop up menu. <graphic
-        fileref="images/LDAP_003.jpg" /></para>
+        <para>Rt-click on <emphasis role="bold">Navigator</emphasis> Pane and
+        choose <emphasis role="bold">New Components</emphasis> from the pop up
+        menu, then choose <emphasis role="bold">ldapServer</emphasis> from the
+        pop-up menu. <graphic fileref="../images/LDAP_003.jpg" /></para>
 
         <para><emphasis role="bold">Note</emphasis>: The ldapServer component
         is merely a definition that specifies an existing LDAP server. It does
@@ -175,7 +177,7 @@
         <para>Fill in the <emphasis role="bold">LDAP Server Process</emphasis>
         properties:</para>
 
-        <para><graphic fileref="images/LDAP_004.jpg" /><orderedlist
+        <para><graphic fileref="../images/LDAP_004.jpg" /><orderedlist
             numeration="loweralpha">
             <listitem>
               <para>On the <emphasis role="bold">Instances</emphasis> tab,
@@ -187,8 +189,10 @@
             </listitem>
 
             <listitem>
-              <para>Select the computer to use by checking the box next to it.
-              This is the computer you added in the <emphasis
+              <para>Select the computer to use by checking the box next to
+              it.</para>
+
+              <para>This is the computer you added in the <emphasis
               role="bold">Hardware</emphasis> / <emphasis role="bold">Add New
               Computers</emphasis> portion earlier.</para>
             </listitem>
@@ -208,6 +212,14 @@
               <para>Click on the disk icon to save.</para>
             </listitem>
           </orderedlist></para>
+
+        <para><emphasis role="bold">Note</emphasis>: The <emphasis
+        role="bold">cacheTimeout </emphasis>value is the number of minutes
+        that permissions are cached in ESP. If you change any permissions in
+        LDAP, the new settings will not take effect until ESP and Dali refresh
+        the permissions. This could take as long as the cacheTimeout. Setting
+        this to 0 means no cache, but this has performance overhead so it
+        should not be used in production.</para>
       </listitem>
     </orderedlist>
 
@@ -225,7 +237,7 @@
         right hand side, select the <emphasis
         role="bold">Authentication</emphasis> tab.</para>
 
-        <para><graphic fileref="images/LDAP_005.jpg" /></para>
+        <para><graphic fileref="../images/LDAP_005.jpg" /></para>
 
         <para>Fill in the appropriate values:</para>
 
@@ -271,7 +283,7 @@
 
         <para>In the Navigator pane, click on the <emphasis role="bold">Dali
         Server – mydali </emphasis><graphic
-        fileref="images/LDAP_006.jpg" /></para>
+        fileref="../images/LDAP_006.jpg" /></para>
 
         <para>Fill in the values as appropriate:</para>
 
@@ -303,12 +315,56 @@
       </listitem>
 
       <listitem>
-        <para>Deploy your environment settings (see <link
-        linkend="Multi-Node-System">Configuring a Multi-Node System</link>
-        section)</para>
+        <?dbfo keep-together="always"?>
+
+        <para>In the Navigator pane, click on the <emphasis role="bold">Roxie
+        Clusrer – myroxie </emphasis><graphic
+        fileref="../images/LDAP_007.jpg" /></para>
+
+        <para><orderedlist continuation="restarts" numeration="loweralpha">
+            <listitem>
+              <para>On the <emphasis role="bold">RoxieCluster</emphasis> page
+              on the right hand side, select the <emphasis
+              role="bold">Options</emphasis> tab.</para>
+            </listitem>
+
+            <listitem>
+              <para>Scroll down to the <emphasis
+              role="bold">ldapUser</emphasis> field and verify that there is a
+              "<emphasis>roxie</emphasis>" user.</para>
+            </listitem>
+
+            <listitem>
+              <para>You can add password security for Roxie by adding it to
+              the <emphasis role="bold">ldapPassword</emphasis> field on the
+              same tab.</para>
+            </listitem>
+          </orderedlist></para>
       </listitem>
     </orderedlist>
 
-    <para></para>
+    <para><informaltable colsep="1" frame="all" rowsep="1">
+        <?dbfo keep-together="always"?>
+
+        <tgroup cols="2">
+          <colspec colwidth="49.50pt" />
+
+          <colspec />
+
+          <tbody>
+            <row>
+              <entry><inlinegraphic fileref="images/caution.png" /></entry>
+
+              <entry><para>In order to run Roxie queries with File Scope
+              security, ensure that the roxie user is created in the list of
+              authenticated users.</para>In the following section, <link
+              linkend="Adding_Users"><emphasis>Adding and editing
+              users</emphasis></link>, add "<emphasis>roxie</emphasis>" as a
+              user and make sure the password is the same as the one entered
+              in Configuration Manager.</entry>
+            </row>
+          </tbody>
+        </tgroup>
+      </informaltable></para>
   </sect2>
 </sect1>

docs/wip/user_Sect.xml

@@ -10,17 +10,17 @@
   <sect2>
     <title>Introduction</title>
 
-    <para>HPCC systems are designed to maintain security in a number of ways.
-    A secure set of users are created and maintained and access is controlled
-    using LDAP (Lightweight Directory Access Protocol) authentication.
-    Security rights are stored in the LDAP database and maintained by
-    Microsoft’s Active Directory on a Windows system or OpenLDAP on Linux
+    <para>HPCC systems maintain security in a number of ways. HPCC Systems can
+    be configured to manage users' security rights by pointing either at
+    Microsoft’s Active Directory on a Windows system, or OpenLDAP on Linux
     systems.</para>
 
     <para>Using the Permissions interface in ECL Watch, administrators can
     control access to features in ECL IDE, ECL Watch, ECL Plus, DFU Plus, and
-    the ECL modules within the Attribute Repository. Dali server also enforces
-    access to data file folders and workunits.</para>
+    the ECL modules within the Attribute Repository. Additional "file access
+    control" can be implemented over data files by configuring the Dali server
+    to point to the Active Directory/LDAP server. This is what is known as
+    enabling file security.</para>
 
     <para>Permissions are established by group or by user and are defined as
     they are associated with a particular feature of the HPCC System. Only one
@@ -88,9 +88,8 @@
   <sect2>
     <title>Security Administration using ECL Watch</title>
 
-    <para>Administrator access is controlled by your system administrators and
-    you should contact them if you require this level of access. Once you have
-    administrator access rights, open ECL Watch in your browser using the
+    <para>Administrator rights are needed to manager permissions. Once you
+    have administrator access rights, open ECL Watch in your browser using the
     following URL:</para>
 
     <itemizedlist>
@@ -148,7 +147,7 @@
         </listitem>
 
         <listitem>
-          <para>Delete a user who no longer requires access</para>
+          <para>Delete a user</para>
         </listitem>
 
         <listitem>
@@ -163,39 +162,46 @@
           <para>Modify the details/permissions of an individual user</para>
         </listitem>
       </itemizedlist>
+    </sect3>
 
-      <sect4>
-        <title>Adding and editing users</title>
+    <sect3 id="Adding_Users">
+      <title>Adding and editing users</title>
 
-        <para>In ECL Watch, go to the <emphasis
-        role="bold">Users/Permissions</emphasis> menu item and click <emphasis
-        role="bold">Users<emphasis>:</emphasis></emphasis></para>
+      <para>In ECL Watch, go to the <emphasis
+      role="bold">Users/Permissions</emphasis> menu item and click <emphasis
+      role="bold">Users<emphasis>:</emphasis></emphasis></para>
 
-        <graphic fileref="../images/Permissions001.jpg" />
+      <graphic fileref="../images/Permissions001.jpg" />
 
-        <para>All current users are identified in the list by their UserID and
-        full name.</para>
+      <para>All current users are identified in the list by their UserID and
+      full name.</para>
 
-        <para>To add a new user to the list of authenticated users:</para>
+      <sect4>
+        <title>To add a new user to the list of authenticated users:</title>
 
         <orderedlist>
           <listitem>
-            <para>Press the <emphasis role="bold">Add</emphasis> button. The
-            <emphasis role="bold">Add User</emphasis> window is
+            <para>Press the <emphasis role="bold">Add</emphasis>
+            button.</para>
+
+            <para>The <emphasis role="bold">Add User</emphasis> window is
             displayed.</para>
           </listitem>
 
           <listitem>
-            <para>Enter a <emphasis role="bold">UserID</emphasis>. This is the
-            login name for using ECL Watch, ECL IDE, WSECL etc.</para>
+            <para>Enter a <emphasis role="bold">UserID</emphasis>.</para>
+
+            <para>This is the login name for using ECL Watch, ECL IDE, WSECL
+            etc.</para>
           </listitem>
 
           <listitem>
             <para>Enter the <emphasis role="bold">First Name</emphasis> and
-            <emphasis role="bold">Last Name</emphasis> of the user. This
-            information helps to easily identify the user and is displayed in
-            the <emphasis role="bold">Full Name</emphasis> field on the main
-            <emphasis role="bold">Users</emphasis> window.</para>
+            <emphasis role="bold">Last Name</emphasis> of the user.</para>
+
+            <para>This information helps to easily identify the user and is
+            displayed in the <emphasis role="bold">Full Name</emphasis> field
+            on the main <emphasis role="bold">Users</emphasis> window.</para>
           </listitem>
 
           <listitem>
@@ -205,49 +211,60 @@
           </listitem>
 
           <listitem>
-            <para>Press <emphasis role="bold">Submit</emphasis>. Confirmation
-            of the request is shown.</para>
+            <para>Press <emphasis role="bold">Submit</emphasis>.</para>
+
+            <para>Confirmation of the request is shown.</para>
           </listitem>
         </orderedlist>
 
         <para>Once added, the user is displayed in the list and you can modify
         the user's details and set permissions as required.</para>
+      </sect4>
 
-        <para>To modifiy a user's personal details:</para>
+      <sect4>
+        <title>To modifiy a user's personal details:</title>
 
         <orderedlist>
           <listitem>
-            <para>Click the <emphasis role="bold">Edit</emphasis> link. The
-            <emphasis role="bold">User Info Edit</emphasis> window is
-            displayed.</para>
+            <para>Click the <emphasis role="bold">Edit</emphasis> link.</para>
+
+            <para>The <emphasis role="bold">User Info Edit</emphasis> window
+            is displayed.</para>
           </listitem>
 
           <listitem>
             <para>Change the <emphasis role="bold">First Name</emphasis> and
-            <emphasis role="bold">Last Name</emphasis> as required. (The
-            <emphasis role="bold">User Name</emphasis> cannot be
-            changed.)</para>
+            <emphasis role="bold">Last Name</emphasis> as required.</para>
+
+            <para><emphasis role="bold">Note</emphasis>: The <emphasis
+            role="bold">User Name</emphasis> cannot be changed.</para>
           </listitem>
 
           <listitem>
-            <para>Press <emphasis role="bold">Submit</emphasis>. Confirmation
-            of the request is shown.</para>
+            <para>Press <emphasis role="bold">Submit</emphasis>.</para>
+
+            <para>Confirmation of the request is shown.</para>
           </listitem>
         </orderedlist>
+      </sect4>
 
-        <para>To add the user to a group:</para>
+      <sect4>
+        <title>To add the user to a group:</title>
 
         <orderedlist>
           <listitem>
             <para>Click on the <emphasis role="bold">Member of</emphasis>
-            link. The list of groups the user is already associated with is
+            link.</para>
+
+            <para>The list of groups the user is already associated with is
             displayed.</para>
           </listitem>
 
           <listitem>
             <para>To add the user to a group press <emphasis
-            role="bold">ADD</emphasis>. The list of available groups is
-            displayed.</para>
+            role="bold">ADD</emphasis>.</para>
+
+            <para>The list of available groups is displayed.</para>
           </listitem>
 
           <listitem>
@@ -257,15 +274,22 @@
           </listitem>
 
           <listitem>
-            <para>Click OK to confirm. Confirmation of the request is
-            shown.</para>
+            <para>Click OK to confirm.</para>
+
+            <para>Confirmation of the request is shown.</para>
           </listitem>
         </orderedlist>
+      </sect4>
 
-        <para>To delete the user from a group:<orderedlist>
+      <sect4>
+        <title>To delete the user from a group:</title>
+
+        <para><orderedlist>
             <listitem>
               <para>Click on the <emphasis role="bold">Member of</emphasis>
-              link. The list of groups the user is already associated with is
+              link.</para>
+
+              <para>The list of groups the user is already associated with is
               displayed.</para>
             </listitem>
 
@@ -276,58 +300,76 @@
             </listitem>
 
             <listitem>
-              <para>Click OK to confirm. Confirmation of the request is
-              shown.</para>
+              <para>Click OK to confirm.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
+      </sect4>
+
+      <sect4>
+        <title>To change a user's password:</title>
 
-        <para>To change a user's password:<orderedlist>
+        <para><orderedlist>
             <listitem>
               <para>Click on the <emphasis role="bold">Password</emphasis>
-              link. The <emphasis role="bold">Reset Password</emphasis> window
+              link.</para>
+
+              <para>The <emphasis role="bold">Reset Password</emphasis> window
               is displayed.</para>
             </listitem>
 
             <listitem>
               <para>Complete the <emphasis role="bold">New Password</emphasis>
               and <emphasis role="bold">Retype New Password</emphasis> fields
-              as required. Press <emphasis role="bold">Clear</emphasis> to
-              empty these fields and start again.</para>
+              as required.</para>
+
+              <para>Press <emphasis role="bold">Clear</emphasis> to empty
+              these fields and start again.</para>
             </listitem>
 
             <listitem>
-              <para>Click <emphasis role="bold">Submit</emphasis>.
-              Confirmation of the request is shown.</para>
+              <para>Click <emphasis role="bold">Submit</emphasis>.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
+      </sect4>
 
-        <para>To delete a user from the list of authenticated
-        users:<orderedlist>
+      <sect4>
+        <title>To delete a user from the list of authenticated users:</title>
+
+        <para><orderedlist>
             <listitem>
               <para>Check the checkbox to the left of the user(s) you want to
-              remove. (These users will no longer have access to ECL
-              Watch.)</para>
+              remove.</para>
+
+              <para><emphasis role="bold">Note:</emphasis> These users will no
+              longer have access to ECL Watch.</para>
             </listitem>
 
             <listitem>
-              <para>Click <emphasis role="bold">Delete</emphasis>.
-              Confirmation of the request is shown.</para>
+              <para>Click <emphasis role="bold">Delete</emphasis>.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
       </sect4>
+    </sect3>
 
-      <sect4>
-        <title>Setting permissions for an individual user</title>
+    <sect3>
+      <title>Setting permissions for an individual user</title>
 
-        <para>There may be occasions when you need to modify the permissions
-        for individual users. For example, users may have individual security
-        needs that are not completely covered in any group or, there may be
-        occasions when a user requires temporary access to an HPCC feature.
-        Permissions set in this area of ECL Watch only affect the user you
-        choose and any permissions you set here overwrite those set in any
-        group to which the user belongs.</para>
+      <para>There may be occasions when you need to modify the permissions for
+      individual users. For example, users may have individual security needs
+      that are not completely covered in any group or, there may be occasions
+      when a user requires temporary access to an HPCC feature. Permissions
+      set in this area of ECL Watch only affect the user you choose and any
+      permissions you set here overwrite those set in any group to which the
+      user belongs.</para>
 
-        <para>To set new permissions for an individual user:</para>
+      <sect4>
+        <title>To set new permissions for an individual user:</title>
 
         <orderedlist>
           <listitem>
@@ -336,20 +378,24 @@
           </listitem>
 
           <listitem>
-            <para>Locate the user in the list of authenticated users and click
-            on the <emphasis role="bold">Permissions</emphasis> link in the
-            <emphasis role="bold">Operations</emphasis> column. The list of
-            permissions currently set for this user are displayed and the
-            groups from which the user has inherited permissions are also
-            listed. <graphic fileref="../images/Permissions002.jpg" /></para>
+            <para><?dbfo keep-together="always"?>Locate the user in the list
+            of authenticated users and click on the <emphasis
+            role="bold">Permissions</emphasis> link in the <emphasis
+            role="bold">Operations</emphasis> column.</para>
+
+            <para>The list of permissions currently set for this user are
+            displayed and the groups from which the user has inherited
+            permissions are also listed. <graphic
+            fileref="../images/Permissions002.jpg" /></para>
           </listitem>
 
           <listitem>
             <para>A drop down list showing the 6 feature areas of the HPCC is
             provided. Select the feature area you are interested in and press
-            <emphasis role="bold">Add</emphasis>. The <emphasis
-            role="bold">Add Permissions for Authenticated Users</emphasis>
-            page is displayed.</para>
+            <emphasis role="bold">Add</emphasis>.</para>
+
+            <para>The <emphasis role="bold">Add Permissions for Authenticated
+            Users</emphasis> page is displayed.</para>
           </listitem>
 
           <listitem>
@@ -365,12 +411,17 @@
           </listitem>
 
           <listitem>
-            <para>Click <emphasis role="bold">Add</emphasis>. Confirmation of
-            the request is shown.</para>
+            <para>Click <emphasis role="bold">Add</emphasis>.</para>
+
+            <para>Confirmation of the request is shown.</para>
           </listitem>
         </orderedlist>
+      </sect4>
+
+      <sect4>
+        <title>To modify permissions for an individual user:</title>
 
-        <para>To modify permissions for an individual user:<orderedlist>
+        <para><orderedlist>
             <listitem>
               <para>Click the <emphasis role="bold">Users</emphasis> menu item
               in ECL Watch.</para>
@@ -396,8 +447,9 @@
             </listitem>
 
             <listitem>
-              <para>Press OK to confirm. Confirmation of the request is
-              shown.</para>
+              <para>Press OK to confirm.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
       </sect4>
@@ -407,11 +459,13 @@
       <title>Setting and modifying group permissions</title>
 
       <para>Setting up groups ensures that all users with the same permission
-      needs have the same permission settings, giving them the access they
-      require to the feature areas of HPPC they need to use. There is no limit
-      to the number of groups you can create, so you can create as many groups
-      as you need to control access for all your users regardless of their
-      tasks. Use the <emphasis role="bold">Group</emphasis> menu item
+      needs have the same permission settings. You can give users the access
+      they require to the feature areas of HPCC they need. There is no limit
+      to the number of groups you can create. You can create as many groups as
+      you need to control access for all your users regardless of their
+      tasks.</para>
+
+      <para>Use the <emphasis role="bold">Group</emphasis> menu item
       to:<itemizedlist>
           <listitem>
             <para>Add a new group</para>
@@ -434,25 +488,30 @@
         <title>Adding and editing groups</title>
 
         <para>When adding or changing the permissions for a group, all members
-        of that group are given those settings. So it important to be sure
-        that you are giving or denying access to features appropriately for
-        the members of that group. If you need to make a change for a single
-        users (or small number of users), it is probably better to make that
-        change for each individual user as demonstrated earlier. Since
-        individual permission settings take precedence over the group
-        settings, you can safely change the individual settings for a user
-        without affecting the rest of the group(s) to which they belong.
-        <graphic fileref="../images/Permissions003.jpg" />In ECL Watch, go to
-        the <emphasis role="bold">Users/Permissions</emphasis> menu item and
-        click <emphasis role="bold">Groups</emphasis>:</para>
-
-        <para>To add a new group:</para>
+        of that group are given those permission settings. So it is important
+        to be sure that you are giving or denying access to features
+        appropriate for the members of that group. If you need to make a
+        change for a single user (or small number of users), it is probably
+        better to make that change for each individual user as illustrated in
+        the previous sections. Since individual permission settings take
+        precedence over the group settings, you can safely change the
+        individual settings for a user without affecting the rest of the
+        group(s) to which they belong. <graphic
+        fileref="../images/Permissions003.jpg" />In ECL Watch, go to the
+        <emphasis role="bold">Users/Permissions</emphasis> menu item and click
+        <emphasis role="bold">Groups</emphasis>:</para>
+      </sect4>
+
+      <sect4>
+        <title>To add a new group:</title>
 
         <para><orderedlist>
             <listitem>
-              <para>Press the <emphasis role="bold">Add</emphasis> button. The
-              <emphasis role="bold">Add Group</emphasis> window is displayed.
-              </para>
+              <para>Press the <emphasis role="bold">Add</emphasis>
+              button.</para>
+
+              <para>The <emphasis role="bold">Add Group</emphasis> window is
+              displayed.</para>
             </listitem>
 
             <listitem>
@@ -461,14 +520,19 @@
             </listitem>
 
             <listitem>
-              <para>Press <emphasis role="bold">Submit</emphasis>.
-              Confirmation of the request is shown. <emphasis
+              <para>Press <emphasis role="bold">Submit</emphasis>.</para>
+
+              <para>Confirmation of the request is shown. <emphasis
               role="bold">Permissions</emphasis> may now be set for this new
               group.</para>
             </listitem>
           </orderedlist></para>
+      </sect4>
+
+      <sect4>
+        <title>To delete a group:</title>
 
-        <para>To delete a group:<orderedlist>
+        <para><orderedlist>
             <listitem>
               <para>Locate the group in the list and check the checkbox to the
               left.</para>
@@ -480,22 +544,30 @@
             </listitem>
 
             <listitem>
-              <para>Press <emphasis role="bold">OK</emphasis> to confirm.
-              Confirmation of the request is shown.</para>
+              <para>Press <emphasis role="bold">OK</emphasis> to
+              confirm.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
+      </sect4>
+
+      <sect4>
+        <title>To add new members to a group:</title>
 
-        <para>To add new members to a group:<orderedlist>
+        <para><orderedlist>
             <listitem>
               <para>Locate the group in the list and click on the <emphasis
               role="bold">Members</emphasis> link in the <emphasis
-              role="bold">Operations</emphasis> column. All current members of
-              the group are listed.</para>
+              role="bold">Operations</emphasis> column.</para>
+
+              <para>All current members of the group are listed.</para>
             </listitem>
 
             <listitem>
-              <para>Press <emphasis role="bold">Add</emphasis>. All
-              authenticated users are listed.</para>
+              <para>Press <emphasis role="bold">Add</emphasis>.</para>
+
+              <para>All authenticated users are listed.</para>
             </listitem>
 
             <listitem>
@@ -505,12 +577,18 @@
             </listitem>
 
             <listitem>
-              <para>Press <emphasis role="bold">OK</emphasis> to confirm.
-              Confirmation of the request is shown.</para>
+              <para>Press <emphasis role="bold">OK</emphasis> to
+              confirm.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
+      </sect4>
+
+      <sect4>
+        <title>To delete members from a group:</title>
 
-        <para>To delete members from a group:<orderedlist>
+        <para><orderedlist>
             <listitem>
               <para>Locate the group in the list and click on the <emphasis
               role="bold">Members</emphasis> link in the <emphasis
@@ -524,45 +602,64 @@
             </listitem>
 
             <listitem>
-              <para>Press <emphasis role="bold">OK</emphasis> to confirm.
-              Confirmation of the request is shown.</para>
+              <para>Press <emphasis role="bold">OK</emphasis> to
+              confirm.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
       </sect4>
+    </sect3>
 
-      <sect4>
-        <title>Setting permissions for a group</title>
+    <sect3>
+      <title>Setting permissions for a group</title>
+
+      <para>By default, all users are members of the <emphasis
+      role="bold">Authenticated Users </emphasis>group. The <emphasis
+      role="bold">Authenticated users</emphasis> group has access rights to
+      almost all controls.</para>
+
+      <para>If you intend to restrict permissions for some users, you must
+      remove <emphasis role="bold">Authenticated Users</emphasis> from the
+      sections you wish to limit. You can then create groups with only those
+      access rights you wish to grant. This approach allows the most
+      flexibility since a single User ID can have multiple group
+      memberships.</para>
 
-        <para>All users are a member of the <emphasis
-        role="bold">Authenticated Users </emphasis>group, which is
-        automatically updated as you add or remove users. Those who need to be
-        able to carry out security administration must have full access to be
-        able to gain access to the <emphasis
-        role="bold">User/Permissions</emphasis> area of ECL Watch
-        (Administrators).</para>
+      <para>As a best practice, you should use <emphasis
+      role="bold">Allow</emphasis> instead of <emphasis
+      role="bold">Deny</emphasis> to control access. Denies should be used
+      only as an exception.</para>
 
-        <para>To set new permissions for a group:</para>
+      <para></para>
+
+      <sect4>
+        <title>To set new permissions for a group:</title>
 
         <orderedlist>
           <listitem>
-            <para> Click the <emphasis role="bold">Groups</emphasis> menu item
+            <para>Click the <emphasis role="bold">Groups</emphasis> menu item
             in ECL Watch.</para>
           </listitem>
 
           <listitem>
-            <para>Locate the group in the list and click on the <emphasis
-            role="bold">Permissions</emphasis> link in the <emphasis
-            role="bold">Operations</emphasis> column. The list of permissions
-            currently set for this group are displayed.<graphic
+            <para><?dbfo keep-together="always"?>Locate the group in the list
+            and click on the <emphasis role="bold">Permissions</emphasis> link
+            in the <emphasis role="bold">Operations</emphasis> column.</para>
+
+            <para>The list of permissions currently set for this group are
+            displayed.<graphic
             fileref="../images/Permissions004.jpg" /></para>
           </listitem>
 
           <listitem>
             <para>A drop down list showing the 6 feature areas of the HPCC is
             shown. Select the feature area you want and press <emphasis
-            role="bold">Add</emphasis>. The <emphasis role="bold">Add
-            Permissions for </emphasis><emphasis
-            role="bold">&lt;GroupName&gt;</emphasis> page is displayed.</para>
+            role="bold">Add</emphasis>.</para>
+
+            <para>The <emphasis role="bold">Add Permissions for
+            </emphasis><emphasis role="bold">&lt;GroupName&gt;</emphasis> page
+            is displayed.</para>
           </listitem>
 
           <listitem>
@@ -578,12 +675,15 @@
           </listitem>
 
           <listitem>
-            <para>Click <emphasis role="bold">Add</emphasis>. MORE NEEDED WHEN
-            FIXED</para>
+            <para>Click <emphasis role="bold">Add</emphasis>.</para>
           </listitem>
         </orderedlist>
+      </sect4>
+
+      <sect4>
+        <title>To modify permissions for a group:</title>
 
-        <para>To modify permissions for a group:<orderedlist>
+        <para><orderedlist>
             <listitem>
               <para>Click the <emphasis role="bold">Groups</emphasis> menu
               item in ECL Watch.</para>
@@ -609,8 +709,9 @@
             </listitem>
 
             <listitem>
-              <para>Press OK to confirm. Confirmation of the request is
-              shown.</para>
+              <para>Press OK to confirm.</para>
+
+              <para>Confirmation of the request is shown.</para>
             </listitem>
           </orderedlist></para>
       </sect4>
@@ -651,89 +752,96 @@
           <para>Delete a resource</para>
         </listitem>
       </itemizedlist>
+    </sect3>
 
-      <sect4>
-        <title>Adding and editing feature permissions</title>
+    <sect3>
+      <title>Adding and editing feature permissions</title>
+
+      <para>Each feature contains a list of resources which are used to
+      control access to an HPCC feature or folders containing files or
+      workunits. The main HPCC feature permission setting are controlled using
+      the <emphasis role="bold">ESP Features for SMC</emphasis> setting. When
+      new features are added to the HPCC System, the release notes inform you
+      that new permissions may be set. This is also true for <emphasis
+      role="bold">ESP Features for ECLDirectAccess</emphasis> and <emphasis
+      role="bold">Esp Features for WsEclAccess</emphasis>. Generally, all the
+      permissions you require to control access to these features are already
+      included.</para>
+
+      <para>However, to control access to file or workunit scopes, you must
+      add the location as a resource before you can set permissions.</para>
+    </sect3>
 
-        <para>Each feature contains a list of resources which are used to
-        control access to an HPCC feature or folders containing files or
-        workunits. The main HPCC feature permission setting are controlled
-        using the <emphasis role="bold">ESP Features for SMC</emphasis>
-        setting. When new features are added to the HPCC System, the release
-        notes inform you that new permissions may be set. This is also true
-        for <emphasis role="bold">ESP Features for ECLDirectAccess</emphasis>
-        and <emphasis role="bold">Esp Features for WsEclAccess</emphasis>.
-        Generally, all the permissions you require to control access to these
-        features are already included.</para>
+    <sect3>
+      <title>To add a scope:</title>
 
-        <para>However, to control access to file or workunit scopes, you must
-        add the location as a resource before you can set permissions.</para>
+      <orderedlist>
+        <listitem>
+          <para>Click the <emphasis role="bold">Permissions</emphasis> menu
+          item in ECL Watch, locate the feature you want and click <emphasis
+          role="bold">Edit</emphasis>.</para>
 
-        <para>To add a scope:</para>
+          <para>The resources for that feature are listed.</para>
+        </listitem>
 
-        <orderedlist>
-          <listitem>
-            <para>Click the <emphasis role="bold">Permissions</emphasis> menu
-            item in ECL Watch, locate the feature you want and click <emphasis
-            role="bold">Edit</emphasis>. The resources for that feature are
-            listed.</para>
-          </listitem>
+        <listitem>
+          <para>Press the <emphasis role="bold">Add</emphasis> button.</para>
+        </listitem>
 
-          <listitem>
-            <para>Press the <emphasis role="bold">Add</emphasis>
-            button.</para>
-          </listitem>
+        <listitem>
+          <para>Enter the exact name of the scope you want to add (for example
+          a file or workunit scope) in the <emphasis
+          role="bold">Name</emphasis> field and also a short <emphasis
+          role="bold">Description<emphasis>.</emphasis></emphasis></para>
+        </listitem>
 
-          <listitem>
-            <para>Enter the exact name of the scope you want to add (for
-            example a file or workunit scope) in the <emphasis
-            role="bold">Name</emphasis> field and also a short <emphasis
-            role="bold">Description<emphasis>.</emphasis></emphasis></para>
-          </listitem>
+        <listitem>
+          <para>Click <emphasis role="bold">Submit</emphasis>.</para>
 
-          <listitem>
-            <para>Click <emphasis role="bold">Submit</emphasis>. Confirmation
-            of your request is shown.</para>
-          </listitem>
+          <para>Confirmation of your request is shown.</para>
+        </listitem>
 
-          <listitem>
-            <para>Go back to the features page using the link provided.</para>
-          </listitem>
+        <listitem>
+          <para>Go back to the features page using the link provided.</para>
+        </listitem>
 
-          <listitem>
-            <para>Locate your new scope in the list and click <emphasis
-            role="bold">Permissions</emphasis>. The <emphasis
-            role="bold">Administrator</emphasis> and <emphasis
-            role="bold">Authenticated Users</emphasis> groups are shown
-            showing the default permission settings which you can update as
-            appropriate.</para>
-          </listitem>
+        <listitem>
+          <para>Locate your new scope in the list and click <emphasis
+          role="bold">Permissions</emphasis>.</para>
 
-          <listitem>
-            <para>To add more users and groups and set permissions for this
-            scope, click <emphasis role="bold">Add</emphasis>. The <emphasis
-            role="bold">Add Permissions</emphasis> window is displayed.</para>
-          </listitem>
+          <para>The <emphasis role="bold">Administrator</emphasis> and
+          <emphasis role="bold">Authenticated Users</emphasis> groups are
+          shown showing the default permission settings which you can update
+          as appropriate.</para>
+        </listitem>
 
-          <listitem>
-            <para>Select a <emphasis role="bold">User</emphasis> or <emphasis
-            role="bold">Group</emphasis> from the dropdown lists provided and
-            check the checkboxes for <emphasis role="bold">allow</emphasis>
-            and <emphasis role="bold">deny</emphasis> as appropriate.</para>
-          </listitem>
+        <listitem>
+          <para>To add more users and groups and set permissions for this
+          scope, click <emphasis role="bold">Add</emphasis>.</para>
 
-          <listitem>
-            <para>Click <emphasis role="bold">Add</emphasis>. Confirmation of
-            your request is shown.</para>
+          <para>The <emphasis role="bold">Add Permissions</emphasis> window is
+          displayed.</para>
+        </listitem>
 
-            <para><emphasis role="bold">Note:</emphasis>This description shows
-            how to add a file or workunit scope, However if you do need to add
-            a new resource any other feature area, the process is the
-            same.</para>
-          </listitem>
-        </orderedlist>
+        <listitem>
+          <para>Select a <emphasis role="bold">User</emphasis> or <emphasis
+          role="bold">Group</emphasis> from the dropdown lists provided and
+          check the checkboxes for <emphasis role="bold">allow</emphasis> and
+          <emphasis role="bold">deny</emphasis> as appropriate.</para>
+        </listitem>
 
-        <para>To edit the permissions for a feature resource:</para>
+        <listitem>
+          <para>Click <emphasis role="bold">Add</emphasis>. Confirmation of
+          your request is shown.</para>
+
+          <para><emphasis role="bold">Note:</emphasis>This description shows
+          how to add a file or workunit scope, However if you do need to add a
+          new resource any other feature area, the process is the same.</para>
+        </listitem>
+      </orderedlist>
+
+      <sect4>
+        <title>To edit the permissions for a feature resource:</title>
 
         <orderedlist>
           <listitem>
@@ -768,8 +876,12 @@
             process for each user or group separately.</para>
           </listitem>
         </orderedlist>
+      </sect4>
+
+      <sect4>
+        <title>To delete a resource from a feature list:</title>
 
-        <para>To delete a resource from a feature list:<orderedlist>
+        <para><orderedlist>
             <listitem>
               <para>Click the <emphasis role="bold">Permissions</emphasis>
               menu item in ECL Watch, locate the feature you want and click
@@ -792,20 +904,26 @@
               shown.<emphasis role="bold"></emphasis></para>
             </listitem>
           </orderedlist></para>
+      </sect4>
 
-        <para>To delete the resource permission settings for a user or group:
-        <orderedlist>
+      <sect4>
+        <title>To delete the resource permission settings for a user or
+        group:</title>
+
+        <para><orderedlist>
             <listitem>
               <para>Click the <emphasis role="bold">Permissions</emphasis>
               menu item in ECL Watch, locate the feature you want and click
-              <emphasis role="bold">Edit</emphasis>. The resources for that
-              feature are listed.</para>
+              <emphasis role="bold">Edit</emphasis>.</para>
+
+              <para>The resources for that feature are listed.</para>
             </listitem>
 
             <listitem>
               <para>Locate the resource you want to remove and click <emphasis
-              role="bold">Permissions</emphasis>. The users and groups are
-              displayed.</para>
+              role="bold">Permissions</emphasis>.</para>
+
+              <para>The users and groups are displayed.</para>
             </listitem>
 
             <listitem>
@@ -814,8 +932,10 @@
             </listitem>
 
             <listitem>
-              <para>Click OK to confirm. Confirmation of your request is
-              shown.<emphasis role="bold"></emphasis></para>
+              <para>Click OK to confirm.</para>
+
+              <para>Confirmation of your request is shown.<emphasis
+              role="bold"></emphasis></para>
             </listitem>
           </orderedlist></para>
       </sect4>
@@ -1364,7 +1484,7 @@
 
         <mediaobject>
           <imageobject>
-            <imagedata fileref="images/US003.jpg" />
+            <imagedata fileref="../images/US003.jpg" />
           </imageobject>
         </mediaobject>
       </figure></para>
@@ -1413,13 +1533,11 @@
     <para>Attempting to access a file in a folder for which access is not
     granted will result in one of the following errors:</para>
 
-    <para>DFS Exception: 4 Create access denied for scope
-    &lt;filepath&gt;</para>
+    <programlisting>DFS Exception: 4 Create access denied for scope &lt;filepath&gt;</programlisting>
 
-    <para></para>
+    <para>or</para>
 
-    <para>DFS Exception: 3 Lookup access denied for scope
-    &lt;filepath&gt;</para>
+    <programlisting>DFS Exception: 3 Lookup access denied for scope &lt;filepath&gt;</programlisting>
 
     <para></para>
 
@@ -1493,7 +1611,7 @@
   <sect2>
     <title>Workunit Access Control</title>
 
-    <para>There are 2 aspects of workunit security:</para>
+    <para>There are 2 aspects of workunit (WU) security:</para>
 
     <itemizedlist>
       <listitem>

initfiles/etc/DIR_NAME/environment.xml.in

@@ -29,7 +29,7 @@
   <Switch name="Switch"/>
  </Hardware>
  <Programs>
-  <Build name="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}" url="${INSTALL_DIR}">
+  <Build name="${projname}_${version}-${stagever}" url="${INSTALL_DIR}">
    <BuildSet installSet="deploy_map.xml"
              name="dafilesrv"
              path="componentfiles/dafilesrv"
@@ -371,7 +371,7 @@
   </Build>
  </Programs>
  <Software>
-  <DafilesrvProcess build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+  <DafilesrvProcess build="${projname}_${version}-${stagever}"
                     buildSet="dafilesrv"
                     description="DaFileSrv process"
                     name="mydafilesrv"
@@ -381,7 +381,7 @@
              name="s1"
              netAddress="."/>
   </DafilesrvProcess>
-  <DaliServerProcess build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+  <DaliServerProcess build="${projname}_${version}-${stagever}"
                      buildSet="dali"
                      environment="${CONFIG_DIR}/${ENV_XML_FILE}"
                      name="mydali"
@@ -392,7 +392,7 @@
              netAddress="."
              port="7070"/>
   </DaliServerProcess>
-  <DfuServerProcess build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+  <DfuServerProcess build="${projname}_${version}-${stagever}"
                     buildSet="dfuserver"
                     daliServers="mydali"
                     description="DFU Server"
@@ -423,14 +423,14 @@
    <Category dir="${EXEC_PREFIX}/lib/[NAME]/queries/[INST]" name="query"/>
    <Category dir="${EXEC_PREFIX}/lock/[NAME]/[INST]" name="lock"/>
   </Directories>
-  <DropZone build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+  <DropZone build="${projname}_${version}-${stagever}"
             buildSet="DropZone"
             computer="localhost"
             description="DropZone process"
             directory="${RUNTIME_PATH}/mydropzone"
             name="mydropzone"/>
   <EclAgentProcess allowedPipePrograms="*"
-                   build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+                   build="${projname}_${version}-${stagever}"
                    buildSet="eclagent"
                    daliServers="mydali"
                    defaultMemoryLimitMB="300"
@@ -445,7 +445,7 @@
              name="s1"
              netAddress="."/>
   </EclAgentProcess>
-   <EclCCServerProcess build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+   <EclCCServerProcess build="${projname}_${version}-${stagever}"
                     buildSet="eclccserver"
                     daliServers="mydali"
                     description="EclCCServer process"
@@ -458,7 +458,7 @@
              name="s1"
              netAddress="."/>
   </EclCCServerProcess>
-   <EclSchedulerProcess build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+   <EclSchedulerProcess build="${projname}_${version}-${stagever}"
                 buildSet="eclscheduler"
                 daliServers="mydali"
                 description="EclScheduler process"
@@ -468,7 +468,7 @@
                name="s1"
                netAddress="."/>
   </EclSchedulerProcess>
-   <EspProcess build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+   <EspProcess build="${projname}_${version}-${stagever}"
               buildSet="esp"
               componentfilesDir="${COMPONENTFILES_PATH}"
               daliServers="mydali"
@@ -673,7 +673,7 @@
   </EspProcess>
   <EspService allowNewRoxieOnDemandQuery="false"
               AWUsCacheTimeout="15"
-              build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+              build="${projname}_${version}-${stagever}"
               buildSet="espsmc"
               description="ESP services for SMC"
               disableUppercaseTranslation="false"
@@ -870,7 +870,7 @@
     </ProcessFilters>
    </Properties>
   </EspService>
-  <EspService build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+  <EspService build="${projname}_${version}-${stagever}"
               buildSet="ws_ecl"
               description="WS ECL Service"
               name="ws_ecl">
@@ -891,7 +891,7 @@
                          service="ws_ecl"/>
    </Properties>
   </EspService>
-  <EspService build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+  <EspService build="${projname}_${version}-${stagever}"
               buildSet="ecldirect"
               clusterName="hthor"
               description="ESP service for running raw ECL queries"
@@ -913,7 +913,7 @@
                          service="ecldirect"/>
    </Properties>
   </EspService>
-  <FTSlaveProcess build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+  <FTSlaveProcess build="${projname}_${version}-${stagever}"
                   buildSet="ftslave"
                   description="FTSlave process"
                   name="myftslave"
@@ -928,7 +928,7 @@
                 baseDataDir="${RUNTIME_PATH}/hpcc-data/roxie"
                 blindLogging="false"
                 blobCacheMem="0"
-                build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+                build="${projname}_${version}-${stagever}"
                 buildSet="roxie"
                 callbackRetries="3"
                 callbackTimeout="500"
@@ -1108,7 +1108,7 @@
                       netAddress="."/>
   </RoxieCluster>
   <SashaServerProcess autoRestartInterval="0"
-                      build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+                      build="${projname}_${version}-${stagever}"
                       buildSet="sasha"
                       cachedWUat="* * * * *"
                       cachedWUinterval="24"
@@ -1161,7 +1161,7 @@
              port="8877"/>
   </SashaServerProcess>
   <ThorCluster autoCopyBackup="false"
-               build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}"
+               build="${projname}_${version}-${stagever}"
                buildSet="thor"
                computer="localhost"
                daliServers="mydali"
@@ -1186,7 +1186,7 @@
    <ThorMasterProcess computer="localhost" name="m1"/>
    <ThorSlaveProcess computer="localhost" name="s1"/>
   </ThorCluster>
-  <Topology build="${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}" buildSet="topology" name="topology">
+  <Topology build="${projname}_${version}-${stagever}" buildSet="topology" name="topology">
    <Cluster name="hthor" prefix="hthor">
     <EclCCServerProcess process="myeclccserver"/>
     <EclSchedulerProcess process="myeclscheduler"/>

initfiles/etc/DIR_NAME/version.in

@@ -1 +1 @@
-${CPACK_RPM_PACKAGE_VERSION}_${CPACK_RPM_PACKAGE_RELEASE}
+${projname}_${version}-${stagever}

plugins/datastream/CMakeLists.txt

@@ -3,6 +3,7 @@ cmake_minimum_required (VERSION 2.6)
 
 set ( HPCC_DATASTREAM_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR})
 set ( HPCC_SOURCE_DIR ${HPCC_DATASTREAM_SOURCE_DIR}/../../)
+include(${HPCC_SOURCE_DIR}/version.cmake)
 
 set ( CMAKE_MODULE_PATH "${HPCC_SOURCE_DIR}/cmake_modules")
 set ( EXECUTABLE_OUTPUT_PATH "${CMAKE_BINARY_DIR}/${CMAKE_BUILD_TYPE}/bin" )
@@ -31,17 +32,6 @@ message ("-- 64bit architecture is ${ARCH64BIT}")
 
 set (CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -D_DEBUG -DDEBUG")
 
-###
-## Version Information keep in synch with top level hpcc versioning
-###
-set ( HPCC_PROJECT "community" )
-set ( HPCC_MAJOR 3 )
-set ( HPCC_MINOR 6 )
-set ( HPCC_POINT 2 )
-set ( HPCC_MATURITY "rc" )
-set ( HPCC_SEQUENCE 3 )
-###
-
 include(${HPCC_SOURCE_DIR}/cmake_modules/optionDefaults.cmake)
 include(${HPCC_SOURCE_DIR}/cmake_modules/commonSetup.cmake)
 

plugins/dbconnectors/ecljdbc/src/main/java/com/hpccsystems/ecljdbc/CMakeLists.txt

@@ -2,19 +2,9 @@ cmake_minimum_required(VERSION 2.8)
 
 #configure_file("EclVersionTracker.java.in" "EclVersionTracker.java")
 
-###
-## Version Information keep in synch with top level hpcc versioning
-###
-set ( HPCC_PROJECT "community" )
-set ( HPCC_MAJOR 3 )
-set ( HPCC_MINOR 6 )
-set ( HPCC_POINT 2 )
-set ( HPCC_MATURITY "rc" )
-set ( HPCC_SEQUENCE 3 )
-###
-
 set ( HPCC_ECLJDBC_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-set ( HPCC_SOURCE_DIR ${HPCC_DATASTREAM_SOURCE_DIR}/../../../../../../../../../..)
+set ( HPCC_SOURCE_DIR ${HPCC_ECLJDBC_SOURCE_DIR}/../../../../../../../../../..)
+include(${HPCC_SOURCE_DIR}/version.cmake)
 
 set ( CMAKE_MODULE_PATH "${HPCC_SOURCE_DIR}/cmake_modules")
 set ( EXECUTABLE_OUTPUT_PATH "${CMAKE_BINARY_DIR}/${CMAKE_BUILD_TYPE}/bin" )

version.cmake

@@ -0,0 +1,10 @@
+###
+## Version Information
+###
+set ( HPCC_PROJECT "community" )
+set ( HPCC_MAJOR 3 )
+set ( HPCC_MINOR 6 )
+set ( HPCC_POINT 3 )
+set ( HPCC_MATURITY "closedown" )
+set ( HPCC_SEQUENCE 1 )
+###