Skip to main content
Top
Review meshIQ Products (G2.com)

User Group Management

Some of the content described in this article is available in meshIQ Secure/Control Center versions 12.1 and greater. 
For a quick overview of what's new or changed, visit the meshIQ Highlights page for a version-by-version breakdown.  

Jump to Section:
Version 12.x and Later
Version 11.3 and Earlier

Version 12.x and Later

By combining similar users into groups, you can save time when assigning permissions to new users. For example, if all testers are in a group called “QA Testing,” you can assign the necessary permissions to the group all at once, by assigning one or more roles to the group. Then when a new tester is hired, the administrator only needs to know to add the new hire to the “QA Testing” group, rather than having to know the individual permissions that a tester needs.

You can create user groups using one of the following options:

  • Add a User Group – Adds an existing domain user group to Control Center.
  • Add a Domain User Group – Creates a new user group in both the domain and Control Center in a single step from the Control Center UI.

You see Working with Tables in the Customizing the meshIQ Control Center interface for more information about managing columns.

Jump Ahead

Add a Domain User Group

  1. On the left toolbar, select User Group Management.
  2. Click the Add Domain User Group icon AddUsrBt.png. The Domain User Group Create Window opens.
  3. On the General tab, select the user group type:
    • Native
    • LDAP
    • Kerberos
  4. Configure the remaining fields.

Continue with Step 3 in the Add a User Group section below.

Add a User Group

  1. On the left toolbar, select User Group Management.
  2. Click the Add User Group icon Add buttin.png.
  3. On the General tab, enter the user's Name (required), Effective Name, Description, and Principal Name (required).
    • The Effective Name is the user passed to the IBM MQ agent/connection manager when processing message requests or performing actions, such as changing properties or starting channels. When the agent/CM is running with alternate user checks active (+u), this user will be one against which IBM MQ security definitions apply. If "-" is entered, it will use whatever the user logged in with as the effective name.
    • For user groups that are assigned a role with the right to Access All Projects (such as the Administrator role), the Principal Name can be used to limit the selections in the Manage Projects list, so that these high-level users can replicate the Manage experience of other users who can't see all projects. (The Navigator Projects list is described in the Creating widgets in the dashboard article; see the Select a project section.)
    • The default regular expression (.*) allows all projects to be listed. You can leave the default, or enter a different regular expression to identify the names of the user groups whose Navigator experience you would like members of this higher-level user group to be able to replicate. The Manage Project list for this user group will then include all unique descriptions for these other user groups, whose purview is more limited.
    • To simplify the Projects list in Manage, modify the user group descriptions in the Control Center application so that groups that can see the same data share the same definition, even if they have different rights. This way, the Projects list functions as a list of the categories of users according to what they are allowed to see.
  4. Review this information about the options at the bottom of this dialog:
    • To prevent others from working on this record, select the Locked option. Default records are locked to indicate they should not be changed.
    • To set up user groups ahead of time, you can enter them in the Control Center application but select the Disabled option. This prevents the group from being available for use before the system is set up and ready to use. You can also use this option to disable a user group rather than deleting it.
      User group general tab.png
  5. To add or remove users to or from the group, select the Users tab. To find a user in the list, enter some or all of the term you want to filter by in the Search for users field. Both columns are immediately filtered by the term that you have entered.
    • In the Non-assigned Users column, select the check boxes for the users that you want to add to this group. Click the single right arrow Right arrow.png to add the user to this group. The user moves to the Assigned Users column. Click the double right arrow Double right arrow.png to add all users to this group.
    • If you've assigned a user by mistake, select it and click the single left arrow left arrow.png to remove it from the Assigned Users column. To remove all users, click the double left arrow Double left arrow.png.
      User group user tab.png
  6. To assign one or more roles to a user group, click the Roles tab. Select the check box for the roles that carry the permissions that you want the user group to have.
  7. For each role, define the specific areas that you are granting this user group access to. Click the expand button Expand.png to choose the server group that you want to provide access to; then click the expand button for the server group to provide access to an object group.

For a quick, read-only view of only the roles that are assigned to this user group, you can hide other roles: click the View Mode slider View mode off.png.  The slider turns blue View mode on.png to indicate that View Mode is on.  In this mode, you can only view roles, server groups, and object groups; you cannot add or remove them.

  1. Click Save.
    User group role tab.png

Import LDAP Users

  1. On the User Group Management page, click Import LDAP user groups in the top-right corner. The Import LDAP User Groups dialog opens.
     
  2. Select the LDAP server from the drop-down list and click Load. The list of available LDAP user groups is displayed.
  3. To find a user group in the list, enter some or all of the term you want to filter by in the Search for LDAP user groups field.
  4. In the Available LDAP user groups column, select the user groups that you want to import.
  5. Click the single right arrow Right arrow.png to move selected user groups to the Selected LDAP user groups column.
    Click the double right arrow Double right arrow.png to move all user groups to the Selected LDAP user groups column.
    Alternatively, drag and drop user groups from the Available LDAP user groups column to the Selected LDAP user groups column..
  6. Click Ok to import the selected user groups.

Preview a User Group

To preview a user group's record, select the checkbox next to the user group name, then click Preview from the Selected menu.

Edit a User Group

To edit user group's record, select the check box for a user group name. On the Selected menu, click Edit

Edit user.png

Update the user group information by following the relevant section:

On the User Groups tab (applicable only for domain user groups):

  • Select Include LDAP Users to view and include LDAP users.
  • Select the LDAP server from the drop-down list.

For the remaining steps, see Add a Domain User Group.

Delete a User Group

To delete a user group, select the checkbox next to the user group name. From the Selected menu, click Delete. In the Delete User Group dialog, type DELETE (in all capital letters) in the provided field.
Then click Yes, Delete to confirm, or No, Keep to cancel the action.

Delete user group action.png

Copy a User Group

To copy a user  group's record, select the checkbox next to the user group name. From the Selected menu, click Copy.
You can rename the copied record, make any necessary changes, and then click Save.

________________________________________________________________________________________________________________

Version 11.3 and Earlier

By combining similar users into groups, you can save time when assigning permissions to new users. For example, if all testers are in a group called “QA Testing,” you can assign the necessary permissions to the group all at once, by assigning one or more roles to the group. Then when a new tester is hired, the administrator only needs to know to add the new hire to the “QA Testing” group, rather than having to know the individual permissions that a tester needs.

UserGroupList.png

Add a user group

  1. On the left toolbar, select Security Manager Security manager button.png > User Group Management.

  2. Click the add icon AddUsrBt.png.
  3. On the General tab, enter the user's Name (required), Effective Name, Description, and Principal Name (required).
  • The Effective Name is the user passed to the IBM MQ agent/connection manager when processing message requests or performing actions, such as changing properties or starting channels. When the agent/CM is running with alternate user checks active (+u), this user will be one against which IBM MQ security definitions apply. If “=” is entered, it will use whatever the user logged in with as the effective name.

  • For user groups that are assigned a role with the right to Access All Projects (such as the Administrator role), the Principal Name can be used to limit the selections in the Navigator Projects list, so that these high-level users can replicate the Navigator experience of other users who can't see all projects. (The Navigator Projects list is described in the  Adding a viewlet to your dashboard article; see the Select a project section.)
    The default regular expression (.*) allows all projects to be listed. You can leave the default, or enter a different regular expression to identify the names of the user groups whose Navigator experience you would like members of this higher-level user group to able to replicate. The Navigator Project list for this user group will then include all unique descriptions for these other user groups, whose purview is more limited.

    To simplify the Projects list in Navigator, modify the user group descriptions in the security application so that groups that can see the same data share the same definition, even if they have different rights. This way, the Projects list functions as a list of the categories of users according to what they are allowed to see. 

  1. Review this information about the options at the bottom of this dialog:
  • To prevent others from working on this record, select the Locked option and click Save. Default records are locked to indicate they should not be changed.
  • To set up user groups ahead of time, you can enter them in the security application but select the Disabled option. This prevents the group from being available for use before the system is set up and ready to use. You can also use this option to disable a user group rather than deleting it.
  1. To add or remove users to or from the group, select the Users tab. To find a user in the list, enter some or all of the term you want to filter by in the Search for users field. Both columns are immediately filtered by the term that you have entered.
    In the Non-assigned Users column, select the check boxes for the users that you want to add to this group. Click the single right arrow Right arrow.png to add the user to this group.  The user moves to the Assigned Users column. Click the double right arrow Double right arrow.png to add all users to this group.  
    If you've assigned a user by mistake, select it and click the single left arrow left arrow.png to remove it from the Assigned Users column.  To remove all users, click the double left arrow Double left arrow.png.
  2. To assign one or more roles to a user group, click the Roles tab. Select the check box for the roles that carry the permissions that you want the user group to have.
  3. For each role, define the specific areas that you are granting this user group access to. Click the expand button Expand.png to choose the server group that you want to provide access to; then click the expand button for the server group to provide access to an object group.

For a quick, read-only view of only the roles that are assigned to this user group, you can hide other roles: click the View Mode slider View mode off.png.  The slider turns blue View mode on.png to indicate that View Mode is on.  In this mode, you can only view roles, server groups, and object groups; you cannot add or remove them.

  1. Click Save.

Add a new usergroup.gif

Preview a User Group

To preview a user group's record, select the checkbox next to the user group name, then click Preview from the Selected menu.

Edit a User Group

Select the check box for a user group's record. On the Selected menu, click Edit. Use the Add a user group instructions above to make changes to the user group's record. 

Edit user.png

Delete a User Group

Select the check box for a user group's record. On the Selected menu, click Delete. On the Delete Confirmation dialog, click Yes to delete the user group, or No to cancel the delete action.

Delete user.png

Copy a User Group

To copy a user  group's record, select the checkbox next to the user group name. From the Selected menu, click Copy.
You can rename the copied record, make any necessary changes, and then click Save.