You must configure security for Control Desk before
users can log in to the interface and use its applications.
Before you begin
Before beginning these steps, you must have a supported directory
server installed. The application server on which
Control Desk is
installed must be configured to use that directory server.
About this task
Your users must be defined in your directory server. If you
are using a previously installed and configured directory server with
your users already defined, you are ready to begin. If you have not
created records for all your users, create them using the user interface
of the directory server before beginning these steps.
Procedure
- Each process manager defines a set of roles. If you choose
automatic configuration, these roles are added to your directory server
as security groups. If you choose not to use automatic configuration,
you must create the security groups in your directory server before
proceeding. If you create the security groups yourself,
you can:
- Use security groups that are already defined in your directory
server.
- Create the same security groups that Control Desk provides.
- Create new security groups that differ from the groups provided
by Control Desk.
- Use some mixture of new and existing security groups.
- Assign each user to one or more of these security groups.
The security groups to which a user belongs determine which applications
and menu items that user can use. These groups also determine which
start center the user sees when logging in to Control Desk.
If you use access collections, the user's memberships in security
groups also determines which configuration items that user can work
with. If you are using WebSphere application security for authentication
and authorization, use the directory server user interface to assign
users to groups. If you are using WebSphere application security for
authentication only, use the Users application to assign users to
groups.
- Configure the VMM cron task to copy user information from
your directory server in to the Maximo® database.
If you are managing groups in your directory server, you must also
copy group information.
- If you created new security groups, click to open the Security Groups application.
Use this application to specify the application access permissions
for each security group.
- Each user must have a site defined. After your users are
copied from the directory server into the Maximo database,
click to open the Users application.
You can assign a site to a group of users by using the Set
Security Profile action. View the help for the Users application
for more details.
- To enable the single-sign-on capability, so that you can
launch to the TADDM UI
without logging in again, follow the steps in Configuring for single sign-on.
- If you want to use access collections to control which
users can work with some configuration items, define the access collections.
Follow the procedure described in Configuring access collections.
- If you defined access collections, configure the synchronization
of access collections between the TADDM and Maximo databases.
Follow the procedure described in Synchronizing access collections.
What to do next
After you complete these steps, log in to
Control Desk with
user IDs that are assigned to different roles. Verify that each user
sees a start center appropriate to that role, and that each user can
open only those applications associated with that role.