2.3 User and Group Accounts

User accounts are required to identify valid users of Operations Center components. In Operations Center, administrators can use these authentication methods:

  • Native authentication, which requires creating a user in Operations Center

  • Integrated LDAP authentication, which requires importing users from LDAP

  • A combination of native and integrated LDAP authentication, to ensure that some users retain access to the Operations Center server when the LDAP directory is unavailable

Administrators can also create group accounts for organizing users and assigning permissions:

Special system user and group accounts exist by default. To create custom groups, see Section 2.6.1, Creating a Group. Custom groups should be used when defining access privileges (see Section 4.4, Access Privileges Overview).

2.3.1 Special User and Group Accounts

The following special user accounts exist in Operations Center:

  • admin: The Default admin account that is the super/system administrator. The server does not function without this account.

  • guest: The guest account is used to access the Operations Center home page before a user logs in through the Console or Web. The dashboard cannot be accessed without this account.

The following rules apply to these special user accounts to ensure that they retain all of their privileges. Unexpected behavior might occur if you do not follow these rules:

  • Do not delete these user accounts

  • Do not limit user logins for these accounts

  • Do not restrict user access via the Console or Web for either of these accounts

The following special group accounts exist in Operations Center:

  • users: The users account is used to assign standard user permissions (view and access to Services and Elements) to any user. New users are automatically added to this group. This group should not be deleted. Restricted user access should be defined using custom groups.

  • admins: The admins account is used to delegate administrative rights to administrative users. The default admin account is a member of this group. The following rules apply to the Admins group and its members to ensure that administrators retain all of their privileges:

The following rules apply to these special user group accounts to ensure that they retain all of their privileges. Unexpected behavior might occur if you do not follow these rules:

  • Do not delete these groups

  • Do not limit user logins for members of the admins group

  • Do not restrict user access via the Console or Web for members of the admins group

2.3.2 Creating a User

Operations Center user accounts can be created one of two ways: either by creating each user account manually, or by importing a group of users using an LDAP connection.

For more information about importing LDAP users, see Section 3.2.2, Configuring LDAP Authentication.

To create a new user:

  1. In the Explorer pane, expand the Administration root element > Security.

  2. Right-click Users and select Create User to display the Create User dialog box:

  3. In the Create User dialog box, specify the following information in the appropriate field:

    User Property

    Description

    Name

    The user ID for logging in to Operations Center. Usually, it is a combination of the user’s first name initial and full last name. It must contain at least three characters.

    Password, Password (again)

    The password that corresponds to the user ID. It must contain at least three characters.

    Full Name

    The user’s first and last names. Each must contain at least three characters.

    E‑mail, Phone, Fax and Pager Numbers

    This standard contact information is optional. Specify the country and area codes if necessary.

    Logins

    The maximum number of concurrent logins that the user is allowed. Enter 0 (zero) to prevent the user from logging in to any Operations Center component (Console or Web). If this field is left blank, unlimited concurrent logins are allowed.

    Home

    This option is relevant only to the dashboard application. Use the Browse button to select a starting point in the element hierarchy for viewing data within portlets. This default element is displayed when the user accesses a portlet. The default home element is Enterprise, which is the top level of the entire element hierarchy.

    Restrict Usage

    To restrict user access through either the Operations Center console or the Operations Center Web components, select the corresponding check box.

    • If Operations Console is selected, the user cannot log in to the Operations Center console.

    • If Web Access is selected, the user cannot log in and access data on the server by using custom portals/dashboards built by using the dashboard, Web services, or SQL Views.

    • Do not restrict access for Admin user accounts to both the Operations Center console and the Web. If both restrictions are selected, admin users cannot log in, even if they are members of the Admins group.

    The symbol identifies required properties: Name, Password, Password (again), and Full name. As soon as these properties are defined, the Create button can be selected.

    HINT:Each method of Web Access requires an individual Web user connection. This directly affects the number of licensed Web users required for a server.

  4. To add a user to a group, select a group name in the Groups section, then click Add.

  5. To enable the user for Section 508 accessibility functionality in the Operations Center Dashboard, select Enable Accessibility Options.

    For information about enabling 508 accessibility, see Enabling the Dashboard for Section 508 Accessibility in the Operations Center 5.6 Dashboard Guide.

  6. Click Create.

    The user account is created. The Create User dialog box opens so that you can create another user.

  7. Click Close or continue creating users by repeating the previous steps.

2.3.3 Changing User Group Memberships

To add or remove a user from a group:

  1. To add a user to a group, select a group name in the Groups section, then click Add.

    For information on creating groups, see Section 2.6.1, Creating a Group.

  2. To remove a user from a group, select the group name in the right pane, then click Remove.

2.3.4 Forcing Password Resets

To force new users to change their passwords upon initial login:

  1. Add the following as a property in the /OperationsCenter_install_path/config/Formula.custom.properties file:

    ResetPassword=password

    For more information about the Formula.custom.properties file, see Making Custom Changes in the Operations Center 5.6 Server Configuration Guide.

  2. Stop and restart the Operations Center server for changes in the Formula.custom.properties file to take effect.

    For instructions on stopping and starting the Operations Center server, see Configuring Operations Center Start Conditions in the Operations Center 5.6 Server Configuration Guide.

  3. In the Operations Center console, in Create User dialog box, set the password to password.

    IMPORTANT:Using the ResetPassword property can conflict with the Password Pattern feature in the Configuration Manager, which enables specifying a value or regular expression as a password pattern. The user’s password must match the specified pattern or the user cannot log in. If ResetPassword=password is used, but the Password Pattern is set to a regular expression that does not match password, the user cannot log in to Operations Center software.

2.3.5 Alerting Users About Password Expiration

Set the PasswordExpirationWarning property to automatically alert users that their password is expiring. If the user does not change the password before it expires, the system administrator must reset their password. By default, this property is not set and users are not warned before password expiration.

To alert users that their password is expiring:

  1. Add the following as a property in the /OperationsCenter_install_path/config/Formula.custom.properties file:

    PasswordExpirationWarning

    Set the parameter to the number of days before password expiry to start warning users.

    For more information about the Formula.custom.properties file, see Making Custom Changes in the Operations Center 5.6 Server Configuration Guide.

  2. Stop and restart the Operations Center server for changes to take effect.

    For instructions on stopping and starting the Operations Center server, see Configuring Operations Center Start Conditions in the Operations Center 5.6 Server Configuration Guide.

2.3.6 Editing User Accounts

To edit a user account:

  1. In the Explorer pane, expand the Administration root element > Security > Users.

  2. Right-click the account name and select Properties to open the Status property page.

  3. In the left pane, click User to open the User property page.

  4. Modify the user account data as needed.

  5. Click Apply to save the changes.

2.3.7 Deleting User Accounts

To delete a user account:

  1. In the Explorer pane, right-click a user account and select Delete User. A confirmation dialog opens.

  2. Click Yes to confirm the deletion.