Managing system users
The BMC Atrium Discovery Administrator is responsible for setting up details of all the users who are permitted to use the BMC Atrium Discovery system. Users are allocated a user name and a password, which they must enter in order to log on to the system. Each user is a member of one or more user groups, which defines the parts of the system that user is permitted to access. For example, users defined as members of the Admin group are able to create and edit user details, while members of the Public group cannot access these areas.
BMC Atrium Discovery can integrate with your corporate Lightweight Directory Access Protocol (LDAP) infrastructure. LDAP groups can be mapped to BMC Atrium Discovery groups and hence assigned permissions on the system. For information about setting up LDAP, see Managing LDAP.
As well as being the means of controlling user security, a user is actually set up on the system as a Person data object, and can subsequently be associated with other objects.
All actions on the system are recorded against a user's ID for audit purposes. Users should always use their own ID and keep their security details safe.
Enabling other users
Each user has an initial password in BMC Atrium Discovery that is the same as the user name. BMC recommends that you change the password when you first log on as the system user. Not doing so will make it easier for someone to gain access to the BMC Atrium Discovery UI.
Use the system user only for configuration tasks which require system privileges.
To enable other users
- Click the Administration tab.
- In the Security section of the Administration page, click the Users icon.
- For each user, click the Set Password link.
- On the Set Password page, enter the new password in each text entry field, and then click Apply.
- After you have changed the passwords for each user, log off from the system user account by clicking the logout icon at the top right of the page.
Creating a new user
The BMC Atrium Discovery Administrator can set up new users and assign them to groups. Before creating users, you must ensure that you have set up all the groups that you need. See Managing groups.
To create a new user
- From the Users page, click Add at the bottom of the page.
- In the Add User page, enter the following details for the new user:
Login ID of the user.
Full name of user.
Enter the password to be allocated to this user. Repeat the password for security reasons.
A read only display of the rules which are used to validate the password strength.
Select one or more groups that this user will be a member of. By default, all new users are members of the public group.
- To save the changes, click OK.
User names are case sensitive. That is, user names with the same spelling but different case are permitted, for example, Johnson and JOHNSON are not recognized as duplicates.
Amending a user's details
You can change a user's name and the groups that they are a member of. The access defined by the group membership will apply the next time this user logs on.
To Amend a user's details
- From the Users page, click Edit next to the user. The page is redisplayed showing editable fields.
- Amend or overwrite Full Name field.
- Select one or more Groups that this user is to be a member of.
- To save the changes, click OK.
Changing a user's password
If users forget their passwords or if a password is not kept secure, you can assign a new password.
To set a new password for a user
- From the Users page, click Set Password.
The page is redisplayed, showing blank Password fields. The existing password is not displayed.
If the password policy requires a password to be changed, the label "MUST be changed" is displayed next to the user.
- Enter a new password for this user in the Password field. Confirm the password in the Verify Password field.
- To save the changes, click Apply. The new password will apply the next time the user attempts to log on.
- You can also specify that the user changes their password on their next login. To do this click Must Change Password.
This section describes the preferred way to set or reset user passwords. However, you can also change users passwords at the command line.
tw_passwd utility enables you to change the password of a specified user interface user. To use the utility, enter the following command at command prompt:
- username is the name of the UI user to change.
Changing passwords for command line users
tw_passwd utility is for changing UI users' passwords. To change the passwords for command line users, as the root user, use the Linux command
passwd. This is described in Changing the root and user passwords
Reactivating a user account
If a user's account is not used for a specified period of time, their account is deactivated. See Managing security policies for information on configuring account deactivation. To reactivate a deactivated user account you must be logged on as a member of the unlocker group and reactivating user accounts must be enabled in the security options page. You can also deactivate a user's account manually.
A deactivated account is never automatically reactivated.
To reactivate a locked user account
- Check that account reactivation is allowed (see Managing security policies)
- From the Users page, click Reactivate next to the user account to be reactivated.
Deleting a user
You can delete any existing user except for yourself or the default system-created users.
To delete an existing user
- From the Users page, click Delete next to the user to be deleted.
User permissions in BMC Atrium Discovery are additive. That is, when you grant a user an additional permission (through adding the user to another group), that permission is added to the user's existing permissions. For example, if you grant appmodel permissions to a user with discovery permissions, the user gains no additional permissions because all of the appmodel permissions were already granted in the discovery permission set. Similarly, you cannot add readonly permissions to a system user in the hope of achieving a read only system user.