Topics | How To | Tasks | Troubleshoot | Related Topics
Capabilities and Permitted Actions
Users have access to the resources and features of the CommCell based on the following:
A user group is a logical entity through which capabilities are assigned. Users that are members of a user groups are entitled to the same rights as the user group. A user group can either administer the CommNet Server, (with the CommNet Server capability), or can administer a selected CommCell (with the CommCell Administration capability), or both.
The master user group is created automatically upon installation of the software. This group is automatically assigned to administer the CommNet Server and any CommCell that is part of the CommNet domain. Additional user groups can be created from the CommNet Browser.
All users that perform software functions must have a user account and be assigned to one or more user group(s). Once a user is part of a user group, this user assumes all the rights of the member user group.
When a user opens a CommNet Browser, depending on the user group to which the user is attached, only those CommCells that can be controlled by the user will be displayed. If a user is part of a user group that does not have the capability to control specific Cells, that user will not see those Cells in the CommNet Browser.
A default user is automatically created when the software is installed. This user is by default assigned to the master user group.
If necessary, additional users can be created.
Name Servers comprises of external domains and external user groups to which CommNet user groups can be associated in order to utilize the Single Sign On feature and/or to use external domain user account credentials for logging in. For more information, see Single Sign On.
The capabilities of each user group permit its member users to perform certain actions. For information on these permitted actions. The following table lists the actions that a user can perform based on the assigned capabilities of the member user group: (Note that a user group with the CommCell Administration capability can only perform actions on the associated CommCells.)
| Capability | Permitted Action |
| CommNet Administration Only |
License Administration Cell Registration / Cell Re-Registration Modify CommNet Server properties Create or modify a user Create/modify a user group with only CommNet Administration capability Create/modify/delete alerts Modify/delete schedules (a user that created a schedule can modify and/or delete it without the CommNet administration capability) Create/modify/delete cost categories and billable entities Configure/modify the SLA configuration Create/modify/delete cell-client groups Add/Modify/Delete Global Filters |
| CommCell Administration Only |
Generate CommCell reports Generate client computer and storage resource information of a CommServe Create/modify/delete cell-client groups (a user can only modify/delete a cell-client group that they created) Create schedules Able to view:
|
| CommNet Administration and CommCell Administration |
All capabilities from CommNet Administration and CommCell Administration,
and: Synchronize CommCells Modify CommCell registration Modify CommServe data collection policy CommCell authentication Modify CommCell configuration Create/modify a user and user group with the CommCell Administration capability only Create/modify/delete cell-client groups |
For the Users node, the Users Status task from the Users Tasks section of the CommNet Browser can be used to view the various attributes of all the users within the CommNet domain.
For a particular user, the Summary task from the User Tasks section of the CommNet Browser can be used to view detailed information about that user.
Each window displays the local time of the CommNet Server.
For the User Groups node, the User Groups Status task from the User Groups Tasks section of the CommNet Browser can be used to look at various attributes of all the user groups within the CommNet domain.
For a particular user group, the Summary task from the User Group Tasks section of the CommNet Browser can be used to view all members and capabilities of a user group.
Each task window displays the local time of the CommNet Server.
The Single Sign On feature enables users to login to the CommNet Server using their user-account credentials for the Active Directory service provider, inheriting capabilities on the CommNet Server based on their Active Directory group membership permission(s), which must include the Browse capabilities.
If the Single Sign On feature is enabled for this Active Directory domain, the login/password entry screen is bypassed, and the user is authenticated without them having to enter any login/password information. Users can also launch the CommNet Server and select Cancel before the application initiates the login process. The username field is pre-populated if the user is connecting to the CommNet Server, and the Active Directory domain they are currently logged into has been configured on the CommNet Server. Users also have the option to overwrite this username with other Active Directory user account credentials; the username must be entered in the following format: <domain name>\<user name>. When a username is entered with a domain name, the CommNet Server automatically recognizes that the password information must be authenticated by the external domain server.
Single Sign On supports Active Directory configured with secure Lightweight Directory Access Protocol (LDAP), which provides additional network security. If Active Directory (the external domain) is configured with LDAP, you can configure the external domain controller from the Add/Edit New Domain Controller dialog box to use the secure LDAP for additional network security with the external domain. Remember that this can only be enabled when the external domain has been configured to use the secure LDAP. If this protocol is enabled from the CommNet Browser's Add/Edit New Domain Controller dialog box, but not configured from the external domain; the feature is not enabled.
Before the Single Sign On feature can be used, users must provide the information required to communicate with the Active Directory service provider (such as domain name, hostname of directory server, directory service type, username and password) so that it will be maintained in the CommNet database for authentication purposes. To do this, you must Add a New Domain Controller, which registers the external domain with the CommNet Server. Once you enter this information, you or an administrator, must associate certain external domain user groups (domain name\user group) with a user group defined in the CommNet. This will provide the external domain users access to the CommNet entities. For more information, see Add a New External User Group.
Once configured, if necessary, users can temporarily disable the feature or change user credentials. For more information, see Disable Single Sign On from a Specific Browser.
There are no license requirements to utilize this feature.