The administrator resp. security administrator manages all accounts on the SE server or the SE servers of a Management Cluster, with the exception of the service accounts. They create new accounts and change or delete existing accounts. There are local accounts and LDAP accounts:
A local account is created on the MUs of the SE server configuration and is completely managed in the SE Manager.
An LDAP account is created on an LDAP server and is also managed from there. For an LDAP account, "Add new account" means that the account is released for usage on the SE server and enables access to the SE Manager just like a local account. "Remove account" means the account is no longer available for use on the SE server.
The local accounts admin for the administrator and service for Customer Support are predefined and cannot be deleted.
As administrator resp. security administrator you can create, modify and delete further accounts with a basic role or a user-defined role. You cannot administer the service account (Service role).
You can also manage passwords and password attributes (e.g. validity time) for the local accounts, see section "Managing passwords".
Users who are not an administrator or security administrator are only authorized to manage their own account, i.e. they can change the access password for their local account themselves, see section "Managing passwords".
BS2000 operators obtain access to BS2000 systems and the corresponding BS2000 devices only in accordance with their individual authorizations which are assigned by the administrator resp. security administrator, see section "Managing access to the BS2000 console and dialog".
On the Accounts tab you can create, delete and manage accounts:
For users who are not an administrator or security administrator, the functionality is limited to displaying their own account and changing the name and comment.
Displaying and managing accounts
> | Select Authorizations -> Users, Accounts tab. Local accounts and LDAP accounts can be distinguished via the icon in the Type tab. The Customer Support account service (Service role) is only displayed, you cannot administer it. |
Add new account
> | Select Add new account. |
> | In the following dialog, select whether you want to create a local account or release an LDAP account. You only have this option if an LDAP server is configured. |
> | Enter all required information for the new account. |
The following is required to release an LDAP account:
On the SE server on which the LDAP account is to be released, access to the LDAP server is configured and active (see section "Access to an LDAP server").
If you have activated the check in the LDAP directory tree, the account is only created if it exists in the LDAP. If you have not activated the check, you can also add an account that does not exist in the LDAP (yet).
There must be no local account with the same name.
Note:
Access to BS2000 dialog and BS2000 console is not supported for LDAP accounts which are longer than 8 characters or contain uppercase letters.
You can create an account for the AU administrator role only if at least one AU exists in the SE server configuration.
Change an account
You can change the Name and Comment properties of an account.
For users who are not an administrator or security administrator, the functionality is restricted to their own account.
> | In the row of the required account click the Change icon and change the required account properties. |
Remove an account
Every user with the Administrator or Security administrator role can remove any other user. Only the predefined accounts admin and service cannot be deleted.
> | Click the Remove icon by the required account. Confirm the action. The removed account is no longer displayed in the Accounts tab. An LDAP account is locked for use on the SE server but still exists on the LDAP server. |