Product data

ManualsBrandsSDMC ManualsMedia PlayerTMP-3T

221

222

223

224

225

226

227

228

229

230

200 IBM Systems Director Management Console: Introduction and Overview

9.1.2 IBM Systems Director concepts

Users in IBM Systems Director are users that are defined in the configured user

registry. By default in IBM Systems Director, user creation and assignment to

user groups are handled on the user registry level. A user registry is an entity

handling users. This entity can be the local operating system of the SDMC, an

LDAP server, or a Kerberos server. Each user registry has its own set of users

that is independent of those on any other user registry in the network. The

process of identifying a user and making sure that the user is who he claims to

be is called

authentication. Usually authentication is done by entering a user

name and a password.

Authorization then occurs when an authenticated user is assigned permissions to

perform tasks. The IBM Systems Director in the SDMC uses a role-based access

control (RBAC) model for authorization. A role is a collection of permissions on

operations within IBM Systems Director that are then assigned to a user. There

are predefined roles in SDMC, and roles can also be defined by a user that has

SMAdministrator authority. Furthermore, roles can be combined to form even

larger sets of permissions. To learn more about roles and their definitions, refer to

section 3.7, “Managing Credentials”, in Implementing IBM Systems Director 6.1,

SG24-7694.

It is possible to add users to the SDMC that have been defined in different user

registries, for example, using the user registry of the SDMC base operating

system. LDAP and Kerberos can be used for authentication and authorization as

well. This situation offers more flexibility and allows for a wide range of

configuration options.

As an extension to this concept, the SDMC allows for the creation of users and

user groups in the underlying base operating system of the SDMC. Some system

users and user groups are already preinstalled on that base operating system.

Users

Initially, only the following interactive user registry users are defined to the

SDMC:

򐂰 root

This is the root user of the underlying operating system.

Note: If another user registry is employed besides the one of the underlying

basic operating system of the SDMC, all of those users not defined on the

SDMC base operating system must be created in that remote user registry.

The SDMC can only read entries in remote user registries but cannot create

them.