Security overview

The security function enables you to manage which users can log in to the product user interface and which applications and data each user can access.

Another, optional, aspect of security is the ability to limit the users who can work with particular configuration items (CIs). You can activate this security function by defining access collections, which contain groups of CIs, and assigning users to work with those access collections.

Security components

Figure 1 shows the components of the security function and their relationships:

Figure 1. Security components

These components provide different parts of the security function:

Directory server

Stores the user IDs, passwords, and security groups defined in your environment. Also called the "LDAP server," because it implements the lightweight directory access protocol. This server is optional, and its use is supported only if you choose to use WebSphere® application security.

Virtual Member Manager

If you use a directory server, the Virtual Member Manager provides an interface between the directory server and other Control Desk components. All interactions with the directory server flow through the Virtual Member Manager, whose common interface masks the differences between directory servers. Thus other components do not need to be configured to work with a particular directory server.

Authentication service and client

A client-server application that provides the single-sign-on capability for Control Desk. This application enables you to launch from one interface to another, using the credentials supplied when the user was authenticated, eliminating the need to provide credentials again. For example, you can launch from the Actual CIs application in the Control Desk interface to a TADDM topology view. This function is available only if you use WebSphere application security.

Figure 2. Authentication service and client