Configuring role-mapping rules for an Analyzer or a Collector

If the groups in your LDAP server correspond to the user roles in the Real User Analyzer or Real User Collector components, you can map those groups to the user roles. Mapping LDAP groups to user roles enables you to manage your user permissions for the Analyzer and Collector from your LDAP server. Should some of the users in the LDAP group require a different permission, you can override the group permission for those users. 

Users in any LDAP group that is not mapped to a role are assigned the catch-all user role when they attempt to log on. By default, the catch-all role is No Access, which prohibits access to the system. 

This topic describes how you can perform the following procedures:

• • Before you begin
  • To add a role-mapping rule on an Analyzer or a Collector
  • To change the catch-all user role for Analyzer or Collector users
  • To over-ride LDAP mapping for a single user on an Analyzer or a Collector
  • Related topics

Before you begin

• You must have Administrator-level access, or higher, to complete these procedures.
• You must have completed the tasks described in the following topics:
  • Configuring-LDAP-authentication-for-an-Analyzer-or-a-Collector
  • Configuring-LDAP-group-lookup-for-an-Analyzer-or-a-Collector

To add a role-mapping rule on an Analyzer or a Collector

1. On the Analyzer or Collector, point to Administration > General Settings, and then click Accounts & LDAP management., and select the Role mapping view.
2. On the Action menu, click Add/Edit.
3. On the Add/edit mapping rule page, click Add.
4. In the LDAP group list, select a group.
5. In the Role box, assign a role to the LDAP group.
   Example: Operator.
   
   Alternatively, you can select No access.
6. Click Save.

To change the catch-all user role for Analyzer or Collector users

1. On the Analyzer or Collector, point to  Administration > General Settings, and then click Accounts & LDAP management.
2. Select the Role mapping view.
3. On the Action menu, click Add/Edit.
4. To specify the catch-all role, in the All others list, select a role. 
5. Click Save.

To over-ride LDAP mapping for a single user on an Analyzer or a Collector

1. On the Analyzer or Collector, point to Administration > General Settings > Accounts & LDAP Management, select LDAP Settings, and select the Accounts view.
2. On the Action menu, click Add an account.
3. In the User Name box, type the name of the user.
4. Select the Authentication type LDAP.
5. Select Override role mapping, and select the role that you want for the specified user.
6. Click Save.

Related topics

Configuring-LDAP-authentication-for-an-Analyzer-or-a-Collector

Configuring-LDAP-group-lookup-for-an-Analyzer-or-a-Collector

Adding-an-LDAP-managed-account-on-an-Analyzer-or-a-Collector