Security
The security function enables you to manage which users can log in to the user interface and which applications each user can access. You can also limit the users who can work with particular configuration items (CIs).
The topics in this section explain concepts related to security and how to configure the security function to provide the security you want for your environment.
- Security overview
The security function enables you to manage which users can log in to the product user interface and which applications and data each user can access. - Authentication and authorization
The process of logging in to Control Desk is called authentication. The control that determines which users can use which applications is called authorization. - Plan for security
Security planning includes choosing a security option, deciding which users work with each Control Desk application, and, optionally, which users can work with which configuration items. - LDAP authentication
You can use a directory server that implements the Lightweight Directory Access Protocol (LDAP) for authentication and for storing user and group information. - Non-LDAP authentication
When you use non-LDAP authentication, information about users and groups is maintained only in the Maximo® database. With this approach, you can create and manage user IDs, passwords, and security groups from the user interface. Non-LDAP authentication also allows users to self-register. - Types of users
System-level users are different from application-level users. - Configuring security
You must configure security for Control Desk before users can log into the interface and use its applications. The steps you will follow to configure security depend on whether you are using WebSphere application security or Maximo security. - Configuring for single sign-on
In order to launch from Control Desk to TADDM without logging in again, you must configure several components to work together. - Security
The security function enables you to manage which users can log in to the user interface and which applications each user can access. You can also limit the users who can work with particular configuration items (CIs). - Adding security groups
Security privileges control user access to modules, applications, menu options, and data. All security access is based on security groups. - Deleting a security group
When you delete a security group from your directory server, it is not deleted from the Maximo database. - Configuring access collections
If you wish, you can limit the users who can work with particular configuration items (CIs). You can activate this security function by defining access collections, which contain groups of CIs, and assigning groups of users to work with those access collections. For example, you might want administrators to work with CIs in their local area, or to work with certain types of CIs. If you do not use this function, each user that logs in to Control Desk is able to work with any CI in the applications to which that user's security groups give access. If you want to control users' access to configuration items, follow these steps. - Synchronizing access collections
If you define access collections in Control Desk, you might want to synchronize those definitions with the TADDM component. The synchronization ensures that similar access restrictions are enforced in the TADDM user interface. - Using security groups to control access to application views
This product provides new security groups that enable you to control whether users access the express or advanced versions of the Changes applications: SDADESKAGENT, SDAPROCESSAGENT, SDAPROCESSASSET, and SDAAGENT. The SDAPROCESSADMIN group enables access to administrative applications. - Configuring security groups to determine access
You can configure new or existing security groups to control access to the express and advanced views of the Changes application. - Configuring security for Self Service Center
If you are using the Self Service Center, you must configure it to enable access to all the features. - Configuring security for Service Catalog applications
Service Catalog provides a method for granting access to catalogs or revoking access to offerings for Security Groups.
Parent topic: Security