Creating an administrator with system login

The following scenario describes what happens when an administrator tries to log on to the console:

  • that has never before tried to log on, that is not yet created in the BCM database as an administrator but who has a valid local system login.

For this scenario to work, you must however have activated the option to create new administrators via their system login. To make sure this option is activated proceed as follows, as by default it is deactivated:

  1. Log on to the console with the predefined admin login.
  2. Then go to the Global Settings and the System Variables node.
  3. Select the Security tab.
  4. Mark the value in the right window pane.
  5. Click the Edit > Properties properties.pngmenu item.
     The Properties pop-up window appears.
  6. Check the Create Default System Administrator box.
  7. Click OK to confirm and close the window.
     The required option is now activated.

As the user is not registered in the database, he can only use his local system login to log on to the BMC Client Management console. The following happens:

  1. The user logs on with his system login and password.
  2. Basic authentication is executed via the HttpProtocolHandler:
    • The HTTP protocol handler verifies with the Host Access module if the requesting client is authorized to connect to the master server. If no modifications were made in the Host Access module since startup the requesting client is authorized.
    • Then the HTTP protocol handler verifies with the User Access module if the supplied login and password are authorized. When checking the table of configured users the handler will find an equivalent as system and authorize the login.
    • Then the vision64database module will verify with the database if an administrator user exists for this login/password pair, which is not the case. As the login was authorized beforehand, the database module will create a new user with the provided login and password in the access list. However, no capabilities and access rights are assigned at creation time.
    • Now the console window appears with a connection to the requested master server, but the displayed contents are very limited:
      • He will only be able to see the following top nodes: Search , Global Settings , Device Topology and Alerts and Events . However, he will not be able to view any devices in the Device Topology nor will he be able to execute operations on Global Settings subnodes.
      • As he has no capabilities assigned either, he will not be able to execute any operations on the visible nodes and objects in the console.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*