User Administration and Security - How To
Topics | How To
| Troubleshoot | Support
| Related Topics
Create a User Account
Delete a User
Change the Name of a User
Change a User Password
Change the Expiration Date of a User Password
Change the Description of a User
Disable a User
Create a User Group
Delete a User Group
Change a User Group Description
Disable a User Group
Re-Assign the Capabilities of a User Group
Associating or Disassociating a User Group to a CommCell Object
View Users Logged In
Require Authentication for Agent Installation
Single Sign On
Add a New Domain Controller
Edit/View Properties of an External Domain
Enable/Disable Single Sign On
Delete a Domain Controller
Add a New External User Group
Disable Single Sign On/Change the
Target CommCell from a Specific Console
Required Capability: See
Capabilities
and Permitted Actions
To create
a user account:
- From the CommCell Browser, click the Security icon, right-click the CommCell Users icon, and then
click New User.
- From the
General tab of the User Properties dialog box type the User Name
and Password. Then confirm the Password.
- Optionally you can enter a full Name, description, and e-mail or pager address.
- If you want to enable the user account immediately, select the Enabled
check box. If you want to create the account but leave it inactive until some
later time, then clear the Enabled option (this option is selected by default).
- If you want the user's password to expire on a periodic basis, select the
Age Password check box and then select the number of days for
which the password is to remain valid.
-
To assign the new user to a user group, from the
User Groups
tab select a user group from the Available Groups pane and then move
the group to the Member Groups pane. Note that unless you assign the user account to a user group,
the user will not have any capabilities after logging on.
-
Click Create New User Group to create a user group to which this
user can be associated. For more information, see
Create a User Group.
-
Click OK.
Before You Begin
- You cannot delete the user that you defined as the CommCell administrator
user during the installation of software. This user remains enabled at all times.
- Deletions are effective immediately, and once a user is deleted, the user
will immediately not be able to perform functions within the CommCell Console.
Required Capability: See
Capabilities
and Permitted Actions
To delete
a user:
- From the CommCell Browser, click the Security icon and then the
CommCell Users icon.
- From the right pane of the CommCell Browser, right-click the user you want
to delete, and then click Delete from the short-cut menu.
- Click Yes to the confirmation prompt that appears delete
the user.
Required Capability: See
Capabilities
and Permitted Actions
To change
the name of a user:
- From the CommCell Browser, click the Security icon and then the CommCell Users icon.
- From the right pane of the CommCell Browser, right-click the user whose
name you want to change, then select Properties.
- From the
General tab of the User Properties dialog box, type a new user name
in the User Name field.
- When you are finished, click OK.
- You are prompted to enter your user login password in the Enter Password
dialog box. Type your password and click OK.
Required Capability: See
Capabilities
and Permitted Actions
To change
password of a user:
- From the CommCell Browser, click the Security icon and then the
CommCell Users icon.
- From the right pane of the CommCell Browser, right-click the user whose
password you want to change, then click Properties.
- From the
General tab of the User Properties dialog box, select the Change
Password check box.
- Type the new user password in the Password field, and re-type it
in the Confirm Password box.
- When you are finished, click OK.
- You are prompted to enter your user login password in the Enter Password
dialog box. Type your password and click OK.
Required Capability: See
Capabilities
and Permitted Actions
To change
the expiration date for a user password:
- From the CommCell Browser, click the Security icon and then the
CommCell Users icon.
- From the right pane of the CommCell Browser, right-click the user whose
password expiration date you want to change, then click Properties.
- From the
General tab of the User Properties dialog box, select a new number
of days from the Age Password list box.
- Click OK.
Required Capability: See
Capabilities
and Permitted Actions
To change
the description of a user::
- From the CommCell Browser, click the Security icon and then the
CommCell Users icon.
- From the right pane of the CommCell Browser, right-click the user whose
description you want to change, then select Properties.
- To change the full name, type the name in the Full Name box.
- To change the description, change the description in the Description
box.
- To change the e-mail or pager address of the user, type the e-mail or pager
address in the E-mail box.
- When you are finished, click OK.
Before You Begin
If you disable an existing user account, this user will immediately not
be able to create or receive scheduled reports or alerts. However, this disabled
user will retain all assigned rights within the CommCell until the user has
logged off. Once this disabled user has logged off, the user cannot log on to
the CommCell.
Required Capability: See
Capabilities
and Permitted Actions
To disable
a user:
- From the CommCell Browser, click the Security icon and then the
CommCell Users icon.
- From the right pane of the CommCell Browser, right click an existing user
and select Properties.
- Deselect the Enabled field of the General tab of the User
Properties dialog box to disable the user.
- Click OK.
Required Capability: See
Capabilities
and Permitted Actions
To create
a user group:
- From the CommCell Browser, click the Security icon, right-click the CommCell User Groups icon, and
then click New User Group.
- From the
General
tab of the User Group Properties dialog box, type the name you want to assign
to the user group (up to 32 characters; do not include trailing spaces) and
some descriptive information that characterizes the user group.
- If you want this user group to be disabled, de-select the Enabled
check box (this option is selected by default).
- If you want the user group to possess all capabilities select All
Capabilities. If you want this user to posses only certain capabilities,
click the
Capabilities tab, and the perform the following:
- Assign capabilities to a user group by moving capabilities from the
Available Capabilities pane to the Assigned Capabilities pane.
- When you are finished, click OK.
- If you want the user group to be associated with all CommCell resources,
select All Associations. If you want the user group to only
be associated with specific objects, click the
Associated Entities tab, and follow the procedure in
Associating or Disassociating a
User Group to a CommCell Object.
|
Do not select the All Capabilities and All
Associations check boxes if you do not want to risk exposing all
CommCell features and resources to users that may not have adequate
training or knowledge. For this reason, these options are cleared by
default. |
- To assign users to a users group, click the
Users
tab, and then assign users to the group, as necessary.
- Click Create New User to create a user to be associated with this
user group. For more information, see
Create a User Account.
- Click OK.
Before You Begin
You cannot delete the master user group. The master user group is
the primary CommCell administrator group and remains available at all times.
Required Capability: See
Capabilities
and Permitted Actions
To delete
a user group:
- From the CommCell Browser, click the Security icon and then the
CommCell User Groups icon.
- From the right-hand pane of the CommCell Browser, right-click the user group
you want to delete, and then click Delete from the short-cut menu.
- A confirmation prompt appears, asking if you are sure that you want to delete
this user group. Click Yes to delete.
Required Capability: See
Capabilities
and Permitted Actions
To change
the description of a user group:
- From the CommCell Browser, click the Security icon and then the
CommCell User Groups icon.
- From the right-hand pane of the CommCell Browser, right-click the user group
whose description you want to change, and then click Properties.
- From the
User Group
Properties dialog box, type a new description in the Description
field.
- When you are finished, click OK.
Before You Begin
If you disable an existing user group account, this user group will
immediately not be able to create or receive scheduled reports or alerts.
Required Capability: See
Capabilities
and Permitted Actions
To disable
a user group:
- From the CommCell Browser, click the Security icon and then the
CommCell User Groups icon.
- From the right-hand pane of the CommCell Browser, right-click the user group
that you want to enable or disable, and then click Properties.
- From the User Group Properties dialog box, deselect the Enabled
check box (is enabled by default).
- When you are finished, click OK.
Required Capability: See
Capabilities
and Permitted Actions
To reassign
the capabilities to a user group:
- From the CommCell Browser, click the Security icon and then the
CommCell User Groups icon.
- From the right-hand pane of the CommCell Browser, right-click the user group
whose capabilities you want to re-assign, then click Properties
from the short-cut menu.
- From the
Capabilities
tab of the User Group Properties dialog box, re-assign the capabilities
to the user group, as necessary.
- When you are finished, click OK.
Required Capability: See
Capabilities
and Permitted Actions
To
associate or disassociate a user group to a CommCell entity:
- From the CommCell Browser, click the CommServe, client computer group, client computer, agent, MediaAgent, Library, Storage Policy, backup set, subclient, or Shelf media, and then select Properties.
- From the Security tab, select the appropriate user groups to which
you want to associate to the CommCell object from the Available Groups
pane, and then move the user group to the Associated Groups pane.
- Click OK.
Required Capability: See
Capabilities
and Permitted Actions
To view
the users that are currently logged in to the CommCell Console:
- From the CommCell Browser, right-click the CommServe, then select View->Users
Logged In.
- The Users
Logged In dialog box displays the user's login name, host name, time logged
in, and idle time.
- Click OK.
Before You Begin
- Enabling this feature will prevent any unauthorized users from
installing agents on the CommCell. Authorized users include those with
Administrative Management capabilities.
Required Capability: See
Capabilities
and Permitted Actions
To
enable authentication for agent installs:
- From the CommCell Browser, right click on the CommCell, and select
Properties from the popup menu.
- Select the
CommCell Properties (Security) tab.
- Select the Require Authentication for Agent Installation option to enable the
feature.
- Click OK.
Required Capability: See
Capabilities
and Permitted Actions
To add
a new domain controller:
- From the CommCell Browser, click the Security icon, and
right-click on the Name Servers icon. From the popup menu, select
Add New Domain.
- Enable the secure Lightweight Directory Access Protocol (LDAP) for
additional network security with the external domain. Remember that this can
only be enabled when the external domain has been configured to use the
secure LDAP (with the proper SSL certificate). If this protocol is enabled from the
Add New
Domain Controller dialog box, but not configured from the external
domain; the feature is not enabled. To verify whether the external domain
client has been configured for LDAP, see
Verify LDAP
configuration on External Domain.
Note that setting up the secure LDAP
environment is required for the feature to work properly. It involves
the following steps:
- setting up certificate servers
- importing of the same SSL certificates on both the CommServe and the
external domain
- setting up the proper DNS (very important especially when the
external domain client and the CommServe computer are in two different
domains, etc.).
After completing these steps, you can verify if your environment is set
up correctly by checking if the external domain is accessible. This ensures
the DNS is set up properly. Then follow the steps in the
Verify LDAP
configuration on External Domain to see if the certificates are set up
properly for secure communication to take place.
- Enter the appropriate information in the
Add New
Domain Controller dialog box. You will need to enter the following
information:
- NetBIOS Name: Enter the NetBIOS name (IP address) of the external domain.
Note that different domains
have different NetBIOS names. If you do not know the NetBIOS name of your
domain, you can retrieve it using the LDP utility and searching the sub-tree of
configuration naming context for the NetBIOS name attribute using the following filter:( &(objectCategory=crossRef)(SystemFlags=3)(dnsroot=%s)))
Replace dnsRoot with your domain, e.g.,
gp.cv.company.com (i.e., the Fully Qualified Host Name) based on your Active Directory configuration.
- Domain Name: Enter the Fully Qualified Domain Name (FQDN), e.g.,
company.com.
- User Account: Click Edit to enter the user account information for
the external domain.
- Optional: Enable the
domain controller for the SSO feature (Single Sign On).
- Optional: Enable/Disable the use of this controller.
- Click OK.
|
You can also access the Add New Domain Controller dialog box from the
CommCell Console's Action dropdown menu. |
Required Capability: See
Capabilities
and Permitted Actions
To
edit/view the properties of an external domain:
- From the CommCell Browser, click the Security icon, and
right-click on the Name Servers icon.
-
Right click on the domain for which you wish to view the properties, and
select Properties from the popup menu.
Required Capability: See
Capabilities
and Permitted Actions
To
enable/disable Single Sign On:
- From the CommCell Browser, click the Security icon, and
right-click on the Name Servers icon.
-
Right click on the domain for which you wish to enable/disable the
feature, and
select Properties from the popup menu.
-
Enable or disable the Enable SSO option.
Required Capability: See
Capabilities
and Permitted Actions
To
delete an external domain:
- From the CommCell Browser, click the Security icon, and
right-click on the Name Servers icon.
-
Right click on the domain for which you wish to view the properties, and
select Delete from the popup menu.
Required Capability: See
Capabilities
and Permitted Actions
To add
a new external user group:
- From the CommCell Browser, click the Security icon and expand all
the nodes.
- Click on the external domain for which you want to add an external user
group, and right click on the External Group icon.
- From the
Add
New External Group dialog box, select the external user group for which
you want to associate the CommCell user groups. Note that the external user
group that you select must have their Group Scope defined as
Global. This can be verified in the external
domain’s interface; check the external user group’s properties. This will
prevent any conflicts that may arise during Single Sign On login for an
external domain user when this user and corresponding external domain user
groups reside in child and parent domains.
- Select the CommCell user groups to associate with the specified external
user group.
- Click OK.
Required Capability: See
Capabilities
and Permitted Actions
To
disable Single Sign On for a specific console:
- Right-click on the application icon, and select Properties.
-
From the Console Properties dialog box, select the Shortcut
tab.
-
In the Target field, add the following command
-sso=disabled, and click OK. When
launching the application from this application icon, the Single Sign On
feature will be disabled, and users can enter alternate login information.
|
This method disables the Single Sign On feature for this application
shortcut. To re-enable the feature, simply remove the
-sso=disabled command. |
To
temporarily disable Single Sign On:
- Launch the application using the application icon.
- When prompted with the Connect to CommCell login box, click
Cancel. This will allow users to enter different login credentials.
|
This method allows the user to enter alternate login information once. The
next time a user launches the application using the same application shortcut; it will once
again use the single sign on feature. |
To add
another target CommCell for Single Sign On:
- Create another application shortcut.
- Right-click on current application icon.
- Select Create Shortcut.
-
Right-click on the new application shortcut, and select Properties.
-
From the Console Properties dialog box, select the Shortcut
tab.
-
In the Target field, change the name of the CommServe, and click
OK. This method adds another shortcut with a different target CommCell
|
This method adds another application shortcut with a different target
CommCell. When this new application shortcut is used to launch application, it
will automatically access the new CommCell. |
To
change the target CommCell for Single Sign On:
-
Right-click on the application shortcut, and select Properties.
-
From the Console Properties dialog box, select the Shortcut
tab.
-
In the Target field, change the name of the CommServe, and click
OK.
|
This method changes the target CommCell for the Single Sign On feature. When
this application shortcut is used to launch application, it will automatically
access the new CommCell. |
Back to Top