176 lines
12 KiB
HTML
176 lines
12 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Manage users and groups with Management Central" />
|
||
|
<meta name="abstract" content="iSeries Navigator can help you as a system administrator to keep track of the users, groups, and their level of privileges on one or more endpoint systems." />
|
||
|
<meta name="description" content="iSeries Navigator can help you as a system administrator to keep track of the users, groups, and their level of privileges on one or more endpoint systems." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzaih2.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzamz/rzamzconfigssomgtcentral.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzaihsyncfunc.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakhpropagatescenario_propagateiserisatobandc.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzaihuseradmin" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Manage users and groups with Management Central</title>
|
||
|
</head>
|
||
|
<body id="rzaihuseradmin"><a name="rzaihuseradmin"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Manage users and groups with Management Central</h1>
|
||
|
<div><p>iSeries™ Navigator
|
||
|
can help you as a system administrator to keep track of the users, groups,
|
||
|
and their level of privileges on one or more endpoint systems.</p>
|
||
|
<p>For more information about these
|
||
|
and other Management Central tasks and topics, refer to the detailed task
|
||
|
help that is available from the iSeries Navigator window. Click <span class="uicontrol">Help</span> from
|
||
|
the menu bar and select <span class="menucascade"><span class="uicontrol">iSeries Navigator overview</span> > <span class="uicontrol">Management Central</span></span>.</p>
|
||
|
<p>The following list gives you an idea of the many ways in which iSeries Navigator
|
||
|
can make your job easier.</p>
|
||
|
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="void" border="0" rules="none"><tbody><tr><th valign="top" width="20%" class="firstcol" id="d0e42">Create a user definition</th>
|
||
|
<td valign="top" width="80%" headers="d0e42 ">You can create a user definition and then create multiple users across
|
||
|
multiple systems based on the definition. First, create user definitions for
|
||
|
the types of users on your systems. Then, when a request comes in for a new
|
||
|
user, all special authorities, attributes, and other information common to
|
||
|
that type of user are already stored in the user definition. You can even
|
||
|
specify a command to be run after a user is created from a user definition!
|
||
|
If you need assistance in entering or selecting an i5/OS™ command, you can click <span class="uicontrol">Prompt</span> to
|
||
|
select appropriate parameters and values. <p>When you create a new user from
|
||
|
the user definition, you specify the name for the user, a brief description
|
||
|
to help you identify this user in a list of users, and a new password for
|
||
|
the user. All other properties of the new user are based on the properties
|
||
|
stored in the user definition, unless you choose to change them. You may also
|
||
|
select the groups the user should belong to and provide personal information
|
||
|
about the user at the time the user is created.</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e56"> </th>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e58">Create, edit, and delete users and groups</th>
|
||
|
<td valign="top" width="80%" headers="d0e58 ">You can create, edit, and delete users and groups across multiple endpoint
|
||
|
systems or system groups--and even schedule these actions. For example, use
|
||
|
the Edit Users function to change the properties for one or more users on
|
||
|
the selected endpoint systems or system groups. If you need to change the
|
||
|
authority level for several users on multiple systems, or if a user who has
|
||
|
access to multiple systems changes his or her name, you can easily edit that
|
||
|
information and apply the change to all systems. <p>When you use iSeries Navigator
|
||
|
to delete users, you can select an action to be taken if any of the selected
|
||
|
users owns objects on any system from which that user is being deleted. You
|
||
|
can click <span class="uicontrol">Scan for Owned Objects</span> to see what objects
|
||
|
the selected users own on the selected endpoint systems or across the selected
|
||
|
system groups.</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e72"> </th>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e74">Collect an inventory</th>
|
||
|
<td valign="top" width="80%" headers="d0e74 ">You can collect an inventory of the users and groups on one or more
|
||
|
endpoint systems, and then view, search, or export that inventory to a PC
|
||
|
file. Extensive advanced search capabilities are provided for easy searching.
|
||
|
For example, you can search the inventory to see who has Security Officer
|
||
|
privileges, as well as query other profile properties. Also, you can sort
|
||
|
these inventory lists by clicking on any column heading. For example, you
|
||
|
can group together all users in the inventory who have Security Officer privileges
|
||
|
by clicking the Privilege Class heading. <p>You can perform various actions
|
||
|
from the User Inventory list by right-clicking one or more users and selecting
|
||
|
an action from the menu. For example, you can delete a user, edit a user,
|
||
|
view its properties, or scan for objects owned by a user. You can do similar
|
||
|
actions with groups by selecting Group Inventory for an endpoint system.</p>
|
||
|
<p>It
|
||
|
is recommended that you schedule collection of users and groups inventory
|
||
|
on a recurring basis to keep your central system's inventory current. Changes
|
||
|
that you make to the user or group inventory on an endpoint system or system
|
||
|
group under Management Central are automatically updated in the current central
|
||
|
system's inventory.</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e84"> </th>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e86">Send users and groups</th>
|
||
|
<td valign="top" width="80%" headers="d0e86 ">You can send users and groups from one system to multiple endpoint
|
||
|
systems or system groups. All the user properties you need are sent to the
|
||
|
target systems, including the user name and passwords (LAN server password
|
||
|
as well as the i5/OS password),
|
||
|
security settings, private authorities, Enterprise Identity Mapping (EIM)
|
||
|
associations, and mail options. If the user has an entry in the system distribution
|
||
|
directory on the source system, an entry is created (or updated) for that
|
||
|
user on the target system. <p>You can also specify the action to be taken
|
||
|
if any user in the list that you are sending already exists on the target
|
||
|
system. When you are sending users, you can select not to change the user
|
||
|
that already exists, or you can select to update the existing user with the
|
||
|
settings from the user you are sending. When you are sending users, you can
|
||
|
click Advanced to specify advanced send options. The advanced send options
|
||
|
include specifying the mail system for the user and synchronizing the unique
|
||
|
identifier of the user on the target system based on the user identifier of
|
||
|
the user being sent.</p>
|
||
|
<p>To <span class="uicontrol">send</span> users or groups
|
||
|
from one system to another, you must also have save/restore (*SAVSYS) authority.</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e102"> </th>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e104">Scan for owned objects</th>
|
||
|
<td valign="top" width="80%" headers="d0e104 ">You can scan for owned objects to find out what objects a user or group
|
||
|
owns across multiple endpoint systems or system groups, and you can even scan
|
||
|
for objects owned by multiple users simultaneously.</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e109"> </th>
|
||
|
</tr>
|
||
|
<tr><th valign="top" width="20%" class="firstcol" id="d0e111">Synchronize unique identifiers</th>
|
||
|
<td valign="top" width="80%" headers="d0e111 ">You can synchronize the unique identifiers of users and groups across
|
||
|
multiple endpoint systems to ensure that each of these numbers points to the
|
||
|
same user on every system. This is especially important when you are working
|
||
|
with systems in a clustering environment or a system with logical partitions.
|
||
|
The user identification and group identification numbers are another way of
|
||
|
identifying a user or group to a program. For example, the user identification
|
||
|
and group identification numbers are used by programming interfaces in the
|
||
|
integrated file systems environment. <p>You can choose to synchronize unique
|
||
|
identifiers when you create new users or groups, when you edit users or groups,
|
||
|
or when you send users or groups from one system to another. Be sure to keep
|
||
|
your user and group inventories current if you are synchronizing unique identifiers
|
||
|
when you create or edit users or groups.</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
<div class="note"><span class="notetitle">Note:</span> All i5/OS special
|
||
|
authorities and other authorities that are needed when working with users
|
||
|
and groups in the character-based interface are honored when managing users
|
||
|
and groups with iSeries Navigator.
|
||
|
This includes security administration (*SECADM) privileges, all object (*ALLOBJ)
|
||
|
privileges, and authority to the profiles with which you are working. However,
|
||
|
even a user with the most restricted set of system privileges (*USER) can
|
||
|
view, search, or export a user or group inventory that has been collected
|
||
|
by another user with the correct authorities. The user with *USER
|
||
|
authority cannot create or delete users, edit existing users, or send users
|
||
|
to another system.</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaih2.htm" title="After Management Central has been set up, you can use it to streamline your server administration tasks.">Work with Management Central</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzaihsyncfunc.htm" title="You can synchronize the configuration of key functions, such as EIM and Kerberos, across a group of endpoint systems.">Synchronize functions</a></div>
|
||
|
</div>
|
||
|
<div class="relinfo"><strong>Related information</strong><br />
|
||
|
<div><a href="../rzamz/rzamzconfigssomgtcentral.htm">Scenario: Configure the Management Central servers for single signon</a></div>
|
||
|
<div><a href="../rzakh/rzakhpropagatescenario_propagateiserisatobandc.htm">Propagate system settings from the model system (iSeries A) to iSeries B and iSeries C</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|