Specifications

10 User Groups

Users that have been added to the DTX Control system may be added to the following two types of user groups:

• Built-In - The DTX 5000-CTL Management Appliance is delivered with six predefined user groups: Appliance

Administrators, Auditors, DTX Control administrators, Everyone, User Administrators and Users. All users are

automatically included in the Everyone user group when they are added to the DTX Control system. Users may be

added to any of the other user groups. The privileges that a user has to perform tasks on the DTX Control system is

dependent on the built-in user group to which the user is a member.

• User-defined - You may also define custom groups, based on any criteria you wish. For example, you may want to

define groups based on user administrators with read-only access, software developers at a specific location, global

network infrastructure personnel based on job title and so on.

Built-in user groups appear in the User Groups - Built-in window and user-defined user groups appear in the User Groups -

User Defined window. The windows may also display the following fields. Use the Customize link to add or remove fields

in the display:

• Authentication Server - Name of the authentication server assigned to the user. See Authentication Services on page

56.

• Role - Role of a user-defined user group, which may be None, User, Auditor, Appliance Administrator, User

Administrator or DTX Control Administrator. The role column for a built-in user group or a user-defined user group with

a role of None will be empty.

• Type - Type of user group, which will be built-in or user-defined.

To display user groups:

1. Click the Users tab.

2. Click Groups in the top navigation bar. Built-In will automatically be selected in the side navigation bar and the User

Groups - Built-in window will open. To display the user-defined groups, click User-Defined in the side navigation bar.

The User Groups - User Defined window will open.

Group naming in external authentication services

Groups in Active Directory (AD) external authentication services are specified using a combination of their Active

Directory folder and group name, minus the group container specified in the DTX Control software.

The group container defaults to the AD domain root if it is unspecified.

For example, if you have an AD external authentication service for the “sw.eng.mydomain.com” domain with no group

container specified, the “Domain Users” group in the “sw.eng.mydomain.com/Users” folder will have a DTX Control

equivalent of “Users/Domain Users”.

Using the same example, but with a group container of “Users”, the DTX Control equivalent is “Domain Users”.

Using the same example, but with a group container of “mydomain.com”, the DTX Control equivalent is

“eng/sw/Users/Domain Users”.

Groups in LDAP external authentication services are specified using a modified distinguishedName of their LDAP object,

minus the group base DN specified in the DTX Control software.

For example, if you have an LDAP external authentication service with a group base DN of “ou=myldap,c=US”, the

“cn=Admin Users,ou=Users,o=myldap,c=US” group will have a DTX Control equivalent of “Admin Users”.

Using the same example, but with the “cn=Admin Users,c=Sunrise,ou=Users,o=myldap,c=US” group, the DTX Control

equivalent is “Sunrise/Admin Users”.

724-746-5500 | blackbox.com Page 84

Chapter 10 User Groups