User Administration and Security - How To

Topics | How To | Troubleshoot | Support | Related Topics

Create a User Account

Delete a User

Change the Name of a User

Change a User Password

Change the Expiration Date of a User Password

Change the Description of a User

Disable a User

Create a User Group

Delete a User Group

Change a User Group Description

Disable a User Group

Re-Assign the Capabilities of a User Group

Associating or Disassociating a User Group to a CommCell Object

View Users Logged In

Require Authentication for Agent Installation

Single Sign On

Add a New Domain Controller

Edit/View Properties of an External Domain

Enable/Disable Single Sign On

Delete a Domain Controller

Add a New External User Group

Disable Single Sign On/Change the Target CommCell from a Specific Console

Create a User Account

Required Capability: See Capabilities and Permitted Actions

To create a user account:

1. From the CommCell Browser, click the Security icon, right-click the CommCell Users icon, and then click New User.
2. From the General tab of the User Properties dialog box type the User Name and Password. Then confirm the Password.
3. Optionally you can enter a full Name, description, and e-mail or pager address.
4. If you want to enable the user account immediately, select the Enabled check box. If you want to create the account but leave it inactive until some later time, then clear the Enabled option (this option is selected by default).
5. If you want the user's password to expire on a periodic basis, select the Age Password check box and then select the number of days for which the password is to remain valid.

6. To assign the new user to a user group, from the User Groups tab select a user group from the Available Groups pane and then move the group to the Member Groups pane. Note that unless you assign the user account to a user group, the user will not have any capabilities after logging on.

7. Click Create New User Group to create a user group to which this user can be associated. For more information, see Create a User Group.

8. Click OK.

Delete a User

Before You Begin

• You cannot delete the user that you defined as the CommCell administrator user during the installation of software. This user remains enabled at all times.
• Deletions are effective immediately, and once a user is deleted, the user will immediately not be able to perform functions within the CommCell Console.

Required Capability: See Capabilities and Permitted Actions

To delete a user:

1. From the CommCell Browser, click the Security icon and then the CommCell Users icon.
2. From the right pane of the CommCell Browser, right-click the user you want to delete, and then click Delete from the short-cut menu.
3. Click Yes to the confirmation prompt that appears delete the user.

Change the Name of a User

Required Capability: See Capabilities and Permitted Actions

To change the name of a user:

1. From the CommCell Browser, click the Security icon and then the CommCell Users icon.
2. From the right pane of the CommCell Browser, right-click the user whose name you want to change, then select Properties.
3. From the General tab of the User Properties dialog box, type a new user name in the User Name field.
4. When you are finished, click OK.
5. You are prompted to enter your user login password in the Enter Password dialog box. Type your password and click OK.

Change a User Password

Required Capability: See Capabilities and Permitted Actions

To change password of a user:

1. From the CommCell Browser, click the Security icon and then the CommCell Users icon.
2. From the right pane of the CommCell Browser, right-click the user whose password you want to change, then click Properties.
3. From the General tab of the User Properties dialog box, select the Change Password check box.
4. Type the new user password in the Password field, and re-type it in the Confirm Password box.
5. When you are finished, click OK.
6. You are prompted to enter your user login password in the Enter Password dialog box. Type your password and click OK.

Change the Expiration Date of a User Password

Required Capability: See Capabilities and Permitted Actions

To change the expiration date for a user password:

1. From the CommCell Browser, click the Security icon and then the CommCell Users icon.
2. From the right pane of the CommCell Browser, right-click the user whose password expiration date you want to change, then click Properties.
3. From the General tab of the User Properties dialog box, select a new number of days from the Age Password list box.
4. Click OK.

Change the Description of a User

Required Capability: See Capabilities and Permitted Actions

To change the description of a user::

1. From the CommCell Browser, click the Security icon and then the CommCell Users icon.
2. From the right pane of the CommCell Browser, right-click the user whose description you want to change, then select Properties.
3. To change the full name, type the name in the Full Name box.
4. To change the description, change the description in the Description box.
5. To change the e-mail or pager address of the user, type the e-mail or pager address in the E-mail box.
6. When you are finished, click OK.

Disable a User

Before You Begin

If you disable an existing user account, this user will immediately not be able to create or receive scheduled reports or alerts. However, this disabled user will retain all assigned rights within the CommCell until the user has logged off. Once this disabled user has logged off, the user cannot log on to the CommCell.

Required Capability: See Capabilities and Permitted Actions

To disable a user:

1. From the CommCell Browser, click the Security icon and then the CommCell Users icon.
2. From the right pane of the CommCell Browser, right click an existing user and select Properties.
3. Deselect the Enabled field of the General tab of the User Properties dialog box to disable the user.
4. Click OK.

Create a User Group

Required Capability: See Capabilities and Permitted Actions

To create a user group:

1. From the CommCell Browser, click the Security icon, right-click the CommCell User Groups icon, and then click New User Group.
2. From the General tab of the User Group Properties dialog box, type the name you want to assign to the user group (up to 32 characters; do not include trailing spaces) and some descriptive information that characterizes the user group.
3. If you want this user group to be disabled, de-select the Enabled check box (this option is selected by default).
4. If you want the user group to possess all capabilities select All Capabilities. If you want this user to posses only certain capabilities, click the Capabilities tab, and the perform the following:
   • Assign capabilities to a user group by moving capabilities from the Available Capabilities pane to the Assigned Capabilities pane.
   • When you are finished, click OK.
5. If you want the user group to be associated with all CommCell resources, select All Associations. If you want the user group to only be associated with specific objects, click the Associated Entities tab, and follow the procedure in Associating or Disassociating a User Group to a CommCell Object.

   Do not select the All Capabilities and All Associations check boxes if you do not want to risk exposing all CommCell features and resources to users that may not have adequate training or knowledge. For this reason, these options are cleared by default.

6. To assign users to a users group, click the Users tab, and then assign users to the group, as necessary.
7. Click Create New User to create a user to be associated with this user group. For more information, see Create a User Account.
8. Click OK.

Delete a User Group

Before You Begin

You cannot delete the master user group. The master user group is the primary CommCell administrator group and remains available at all times.

Required Capability: See Capabilities and Permitted Actions

To delete a user group:

1. From the CommCell Browser, click the Security icon and then the CommCell User Groups icon.
2. From the right-hand pane of the CommCell Browser, right-click the user group you want to delete, and then click Delete from the short-cut menu.
3. A confirmation prompt appears, asking if you are sure that you want to delete this user group. Click Yes to delete.

Change a User Group Description

Required Capability: See Capabilities and Permitted Actions

To change the description of a user group:

1. From the CommCell Browser, click the Security icon and then the CommCell User Groups icon.
2. From the right-hand pane of the CommCell Browser, right-click the user group whose description you want to change, and then click Properties.
3. From the User Group Properties dialog box, type a new description in the Description field.
4. When you are finished, click OK.

Disable a User Group

Before You Begin

If you disable an existing user group account, this user group will immediately not be able to create or receive scheduled reports or alerts.

Required Capability: See Capabilities and Permitted Actions

To disable a user group:

1. From the CommCell Browser, click the Security icon and then the CommCell User Groups icon.
2. From the right-hand pane of the CommCell Browser, right-click the user group that you want to enable or disable, and then click Properties.
3. From the User Group Properties dialog box, deselect the Enabled check box (is enabled by default).
4. When you are finished, click OK.

Reassign the Capabilities of a User Group

Required Capability: See Capabilities and Permitted Actions

To reassign the capabilities to a user group:

1. From the CommCell Browser, click the Security icon and then the CommCell User Groups icon.
2. From the right-hand pane of the CommCell Browser, right-click the user group whose capabilities you want to re-assign, then click Properties from the short-cut menu.
3. From the Capabilities tab of the User Group Properties dialog box, re-assign the capabilities to the user group, as necessary.
4. When you are finished, click OK.

Associate or Disassociate a User Group to a CommCell Object

Required Capability: See Capabilities and Permitted Actions

To associate or disassociate a user group to a CommCell entity:

1. From the CommCell Browser, click the CommServe, client computer group, client computer, agent, MediaAgent, Library, Storage Policy, backup set, subclient, or Shelf media, and then select Properties.
2. From the Security tab, select the appropriate user groups to which you want to associate to the CommCell object from the Available Groups pane, and then move the user group to the Associated Groups pane.
3. Click OK.

View Users Logged In

Required Capability: See Capabilities and Permitted Actions

To view the users that are currently logged in to the CommCell Console:

1. From the CommCell Browser, right-click the CommServe, then select View->Users Logged In.
2. The Users Logged In dialog box displays the user's login name, host name, time logged in, and idle time.
3. Click OK.

Require Authentication for Agent Installation

Before You Begin

• Enabling this feature will prevent any unauthorized users from installing agents on the CommCell. Authorized users include those with Administrative Management capabilities.

Required Capability: See Capabilities and Permitted Actions

To enable authentication for agent installs:

1. From the CommCell Browser, right click on the CommCell, and select Properties from the popup menu.
2. Select the CommCell Properties (Security) tab.
3. Select the Require Authentication for Agent Installation option to enable the feature.
4. Click OK.

Add a New Domain Controller

Required Capability: See Capabilities and Permitted Actions

To add a new domain controller:

1. From the CommCell Browser, click the Security icon, and right-click on the Name Servers icon. From the popup menu, select Add New Domain.
2. Enable the secure Lightweight Directory Access Protocol (LDAP) for additional network security with the external domain. Remember that this can only be enabled when the external domain has been configured to use the secure LDAP (with the proper SSL certificate). If this protocol is enabled from the Add New Domain Controller dialog box, but not configured from the external domain; the feature is not enabled. To verify whether the external domain client has been configured for LDAP, see Verify LDAP configuration on External Domain.

   Note that setting up the secure LDAP environment is required for the feature to work properly. It involves the following steps:

   • setting up certificate servers
   • importing of the same SSL certificates on both the CommServe and the external domain
   • setting up the proper DNS (very important especially when the external domain client and the CommServe computer are in two different domains, etc.).

   After completing these steps, you can verify if your environment is set up correctly by checking if the external domain is accessible. This ensures the DNS is set up properly. Then follow the steps in the Verify LDAP configuration on External Domain to see if the certificates are set up properly for secure communication to take place.

3. Enter the appropriate information in the Add New Domain Controller dialog box. You will need to enter the following information:
   • NetBIOS Name: Enter the NetBIOS name (IP address) of the external domain.
     Note that different domains have different NetBIOS names. If you do not know the NetBIOS name of your domain, you can retrieve it using the LDP utility and searching the sub-tree of configuration naming context for the NetBIOS name attribute using the following filter:

     ( &(objectCategory=crossRef)(SystemFlags=3)(dnsroot=%s)))

     Replace dnsRoot with your domain, e.g., gp.cv.company.com (i.e., the Fully Qualified Host Name) based on your Active Directory configuration.

   • Domain Name: Enter the Fully Qualified Domain Name (FQDN), e.g., company.com.
   • User Account: Click Edit to enter the user account information for the external domain.
   • Optional: Enable the domain controller for the SSO feature (Single Sign On).
   • Optional: Enable/Disable the use of this controller.
   • Click OK.

Edit/View Properties of an External Domain

Required Capability: See Capabilities and Permitted Actions

To edit/view the properties of an external domain:

1. From the CommCell Browser, click the Security icon, and right-click on the Name Servers icon.

2. Right click on the domain for which you wish to view the properties, and select Properties from the popup menu.

Enable/Disable Single Sign On

Required Capability: See Capabilities and Permitted Actions

To enable/disable Single Sign On:

1. From the CommCell Browser, click the Security icon, and right-click on the Name Servers icon.

2. Right click on the domain for which you wish to enable/disable the feature, and select Properties from the popup menu.

3. Enable or disable the Enable SSO option.

Delete an External Domain

Required Capability: See Capabilities and Permitted Actions

To delete an external domain:

1. From the CommCell Browser, click the Security icon, and right-click on the Name Servers icon.

2. Right click on the domain for which you wish to view the properties, and select Delete from the popup menu.

Add a New External User Group

Required Capability: See Capabilities and Permitted Actions

To add a new external user group:

1. From the CommCell Browser, click the Security icon and expand all the nodes.
2. Click on the external domain for which you want to add an external user group, and right click on the External Group icon.
3. From the Add New External Group dialog box, select the external user group for which you want to associate the CommCell user groups. Note that the external user group that you select must have their Group Scope defined as Global. This can be verified in the external domain’s interface; check the external user group’s properties. This will prevent any conflicts that may arise during Single Sign On login for an external domain user when this user and corresponding external domain user groups reside in child and parent domains.
4. Select the CommCell user groups to associate with the specified external user group.
5. Click OK.

Disable Single Sign On/Change the Target CommCell from a Specific Console

Required Capability: See Capabilities and Permitted Actions

To disable Single Sign On for a specific console: 

1. Right-click on the application icon, and select Properties.
2. From the Console Properties dialog box, select the Shortcut tab.
3. In the Target field, add the following command -sso=disabled, and click OK. When launching the application from this application icon, the Single Sign On feature will be disabled, and users can enter alternate login information.

To temporarily disable Single Sign On:

1. Launch the application using the application icon.
2. When prompted with the Connect to CommCell login box, click Cancel. This will allow users to enter different login credentials.

To add another target CommCell for Single Sign On:

1. Create another application shortcut.
   • Right-click on current application icon.
   • Select Create Shortcut.
2. Right-click on the new application shortcut, and select Properties.
3. From the Console Properties dialog box, select the Shortcut tab.
4. In the Target field, change the name of the CommServe, and click OK. This method adds another shortcut with a different target CommCell

To change the target CommCell for Single Sign On:

1. Right-click on the application shortcut, and select Properties.
2. From the Console Properties dialog box, select the Shortcut tab.
3. In the Target field, change the name of the CommServe, and click OK.

Back to Top