Some of the content described in this article is available in Navigator versions 10.5 and greater. See 10.5 Highlights for an overview of feature changes.
By combining similar users into groups, you can save time when assigning permissions to new users. For example, if all testers are in a group called “QA Testing,” you can assign the necessary permissions to the group all at once, by assigning one or more roles to the group. Then when a new tester is hired, the administrator only needs to know to add the new hire to the “QA Testing” group, rather than having to know the individual permissions that a tester needs.
Add a user group
-
On the left toolbar, select Security Manager > User Group Management.
- Click the add icon .
- On the General tab, enter the user's Name (required), Effective Name, Description, and Principal Name (required).
- The Effective Name is the user passed to the IBM MQ agent/connection manager when processing message requests or performing actions, such as changing properties or starting channels. When the agent/CM is running with alternate user checks active (+u), this user will be one against which IBM MQ security definitions apply. If “=” is entered, it will use whatever the user logged in with as the effective name.
- For user groups that are assigned a role with the right to Access All Projects (such as the Administrator role), the Principal Name can be used to limit the selections in the Navigator Projects list, so that these high-level users can replicate the Navigator experience of other users who can't see all projects. (The Navigator Projects list is described in the Adding a viewlet to your dashboard article; see the Select a project section.)
The default regular expression (.*) allows all projects to be listed. You can leave the default, or enter a different regular expression to identify the names of the user groups whose Navigator experience you would like members of this higher-level user group to able to replicate. The Navigator Project list for this user group will then include all unique descriptions for these other user groups, whose purview is more limited.
To simplify the Projects list in Navigator, modify the user group descriptions in the security application so that groups that can see the same data share the same definition, even if they have different rights. This way, the Projects list functions as a list of the categories of users according to what they are allowed to see.
- Review this information about the options at the bottom of this dialog:
- To prevent others from working on this record, select the Locked option and click Save. Default records are locked to indicate they should not be changed.
- To set up user groups ahead of time, you can enter them in the security application but select the Disabled option. This prevents the group from being available for use before the system is set up and ready to use. You can also use this option to disable a user group rather than deleting it.
- To add or remove users to or from the group, select the Users tab. To find a user in the list, enter some or all of the term you want to filter by in the Search for users field. Both columns are immediately filtered by the term that you have entered.
In the Non-assigned Users column, select the check boxes for the users that you want to add to this group. Click the single right arrow to add the user to this group. The user moves to the Assigned Users column. Click the double right arrow to add all users to this group.
If you've assigned a user by mistake, select it and click the single left arrow to remove it from the Assigned Users column. To remove all users, click the double left arrow . - To assign one or more roles to a user group, click the Roles tab. Select the check box for the roles that carry the permissions that you want the user group to have.
- For each role, define the specific areas that you are granting this user group access to. Click the expand button to choose the server group that you want to provide access to; then click the expand button for the server group to provide access to an object group.
For a quick, read-only view of only the roles that are assigned to this user group, you can hide other roles: click the View Mode slider . The slider turns blue to indicate that View Mode is on. In this mode, you can only view roles, server groups, and object groups; you cannot add or remove them.
- Click Save.
Edit a user group
Select the check box for a user group's record. On the Selected menu, click Edit. Use the Add a user group instructions above to make changes to the user group's record.
Delete a user group
Select the check box for a user group's record. On the Selected menu, click Delete. On the Delete Confirmation dialog, click Yes to delete the user group, or No to cancel the delete action.