Configuring role-mapping rules for an Analyzer or a Collector


If the groups in your LDAP server correspond to the user roles in the Real User Analyzer or Real User Collector components, you can map those groups to the user roles. Mapping LDAP groups to user roles enables you to manage your user permissions for the Analyzer and Collector from your LDAP server. Should some of the users in the LDAP group require a different permission, you can override the group permission for those users. 

Users in any LDAP group that is not mapped to a role are assigned the catch-all user role when they attempt to log on. By default, the catch-all role is No Access, which prohibits access to the system. 

This topic describes how you can perform the following procedures:

Note

You can also perform the following procedures on the Real User Monitor.

Before you begin

To add a role-mapping rule on an Analyzer or a Collector

  1. On the Analyzer or Collector, point to Administration > General Settings, and then click Accounts & LDAP management., and select the Role mapping view.
  2. On the Action menu, click Add/Edit.
  3. On the Add/edit mapping rule page, click Add.
  4. In the LDAP group list, select a group.
  5. In the Role box, assign a role to the LDAP group.
    Example: Operator.

    Alternatively, you can select No access.
  6. Click Save.

To change the catch-all user role for Analyzer or Collector users

  1. On the Analyzer or Collector, point to  Administration > General Settings, and then click Accounts & LDAP management.
  2. Select the Role mapping view.
  3. On the Action menu, click Add/Edit.
  4. To specify the catch-all role, in the All others list, select a role. 
  5. Click Save.

To over-ride LDAP mapping for a single user on an Analyzer or a Collector

  1. On the Analyzer or Collector, point to Administration > General Settings > Accounts & LDAP Management, select LDAP Settings, and select the Accounts view.
  2. On the Action menu, click Add an account.
  3. In the User Name box, type the name of the user.
  4. Select the Authentication type LDAP.
  5. Select Override role mapping, and select the role that you want for the specified user.
  6. Click Save.

Note

If an account is deleted while its user is logged on, the session terminates after the user's next action.

Related topics

Configuring-LDAP-authentication-for-an-Analyzer-or-a-Collector

Configuring-LDAP-group-lookup-for-an-Analyzer-or-a-Collector

Adding-an-LDAP-managed-account-on-an-Analyzer-or-a-Collector

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*