The administrator manages all accounts on the SE server or the SE servers of a Management Cluster, with the exception of the service accounts. He/She creates new accounts and changes or deletes existing accounts. There are local accounts and LDAP accounts:
A local account is created on the MUs of the SE server configuration and is completely managed in the SE Manager.
An LDAP account is created on an LDAP server and is also managed from there. For an LDAP account, "Add new account" means that the account is released for usage on the SE server and enables access to the SE Manager just like a local account. "Remove account" means the account gets locked and is no longer available for use on the SE server.
The local accounts admin for the administrator and service for Customer Support are predefined and cannot be deleted.
As administrator you can create, modify and delete further accounts for the administrator, BS2000 administrator, operator, XenVM administrator and AU administrator roles. You cannot administer the service account (Service role).
You can also manage passwords and password attributes (e.g. validity time) for the local accounts, see section "Managing passwords".
As BS2000 administrator, operator, XenVM administrator or AU administrator you are authorized to manage your own account, i.e. you can change the access password for your local account yourself, see section "Managing passwords".
A XenVM administrator has access to XenVM systems and to XenVM devices.
The operator obtains access to BS2000 systems and the corresponding BS2000 devices only in accordance with his/her individual authorizations which are assigned by the administrator, see section "Managing access to the BS2000 console and dialog".
On the Accounts tab you can create and manage accounts:
For the BS2000 administrator, operator, XenVM administrator and AU administrator the functionality is limited to displaying his/her own account and changing the name and comment.
Displaying accounts
> | Select Authorizations Local accounts and LDAP accounts can be distinguished via the icon in the Type tab. The Customer Support account service (Service role) is only displayed. You cannot administer service accounts. |
Add new account
> | Select Add new account. |
> | In the following dialog, select whether you want to create a local account or release an LDAP account. You only have this option if an LDAP server is configured. |
> | Enter all required information for the new account. |
The following is required to release an LDAP account:
On the SE server of the MU on which the LDAP is to be released, access to the LDAP server is configured and active.
If you have activated the check in the LDAP directory tree, the account is only created if it exists in the LDAP. If you have not activated the check, you can also add an account that does not exist in the LDAP (yet).
There must be no local account with the same name.
Note:
Access to BS2000 dialog and BS2000 console is not supported for LDAP accounts which are longer than 8 characters or contain uppercase letters.
You can create an account for the XenVM administrator role only if at least one SU x86 with a XenVM license exists in the SE server configuration.
You can create an account for the AU administrator role only if at least one AU exists in the SE server configuration.
Change an account
You can change the Name and Comment properties of an account.
For the BS2000 administrator, operator, XenVM administrator and AU administrator the functionality is restricted to his/her own account.
> | In the required account click the Change icon and change the required account properties. |
Remove an account
Every user with the administrator role can remove any other user. Only the predefined accounts admin and service cannot be deleted.
> | Click the Remove icon by the required account. Confirm the action. The removed account is no longer displayed in the Accounts tab. An LDAP account is locked for use on the SE server but still exists on the LDAP server. |