friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaih_5.4.0.1/rzaihuseradmin.htm

176 lines
12 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Manage users and groups with Management Central" />
<meta name="abstract" content="iSeries Navigator can help you as a system administrator to keep track of the users, groups, and their level of privileges on one or more endpoint systems." />
<meta name="description" content="iSeries Navigator can help you as a system administrator to keep track of the users, groups, and their level of privileges on one or more endpoint systems." />
<meta name="DC.Relation" scheme="URI" content="rzaih2.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzamz/rzamzconfigssomgtcentral.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaihsyncfunc.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakhpropagatescenario_propagateiserisatobandc.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaihuseradmin" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Manage users and groups with Management Central</title>
</head>
<body id="rzaihuseradmin"><a name="rzaihuseradmin"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Manage users and groups with Management Central</h1>
<div><p>iSeries™ Navigator
can help you as a system administrator to keep track of the users, groups,
and their level of privileges on one or more endpoint systems.</p>
<p>For more information about these
and other Management Central tasks and topics, refer to the detailed task
help that is available from the iSeries Navigator window. Click <span class="uicontrol">Help</span> from
the menu bar and select <span class="menucascade"><span class="uicontrol">iSeries Navigator overview</span> &gt; <span class="uicontrol">Management Central</span></span>.</p>
<p>The following list gives you an idea of the many ways in which iSeries Navigator
can make your job easier.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="void" border="0" rules="none"><tbody><tr><th valign="top" width="20%" class="firstcol" id="d0e42">Create a user definition</th>
<td valign="top" width="80%" headers="d0e42 ">You can create a user definition and then create multiple users across
multiple systems based on the definition. First, create user definitions for
the types of users on your systems. Then, when a request comes in for a new
user, all special authorities, attributes, and other information common to
that type of user are already stored in the user definition. You can even
specify a command to be run after a user is created from a user definition!
If you need assistance in entering or selecting an i5/OS™ command, you can click <span class="uicontrol">Prompt</span> to
select appropriate parameters and values. <p>When you create a new user from
the user definition, you specify the name for the user, a brief description
to help you identify this user in a list of users, and a new password for
the user. All other properties of the new user are based on the properties
stored in the user definition, unless you choose to change them. You may also
select the groups the user should belong to and provide personal information
about the user at the time the user is created.</p>
</td>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e56">&nbsp;</th>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e58">Create, edit, and delete users and groups</th>
<td valign="top" width="80%" headers="d0e58 ">You can create, edit, and delete users and groups across multiple endpoint
systems or system groups--and even schedule these actions. For example, use
the Edit Users function to change the properties for one or more users on
the selected endpoint systems or system groups. If you need to change the
authority level for several users on multiple systems, or if a user who has
access to multiple systems changes his or her name, you can easily edit that
information and apply the change to all systems. <p>When you use iSeries Navigator
to delete users, you can select an action to be taken if any of the selected
users owns objects on any system from which that user is being deleted. You
can click <span class="uicontrol">Scan for Owned Objects</span> to see what objects
the selected users own on the selected endpoint systems or across the selected
system groups.</p>
</td>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e72">&nbsp;</th>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e74">Collect an inventory</th>
<td valign="top" width="80%" headers="d0e74 ">You can collect an inventory of the users and groups on one or more
endpoint systems, and then view, search, or export that inventory to a PC
file. Extensive advanced search capabilities are provided for easy searching.
For example, you can search the inventory to see who has Security Officer
privileges, as well as query other profile properties. Also, you can sort
these inventory lists by clicking on any column heading. For example, you
can group together all users in the inventory who have Security Officer privileges
by clicking the Privilege Class heading. <p>You can perform various actions
from the User Inventory list by right-clicking one or more users and selecting
an action from the menu. For example, you can delete a user, edit a user,
view its properties, or scan for objects owned by a user. You can do similar
actions with groups by selecting Group Inventory for an endpoint system.</p>
<p>It
is recommended that you schedule collection of users and groups inventory
on a recurring basis to keep your central system's inventory current. Changes
that you make to the user or group inventory on an endpoint system or system
group under Management Central are automatically updated in the current central
system's inventory.</p>
</td>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e84">&nbsp;</th>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e86">Send users and groups</th>
<td valign="top" width="80%" headers="d0e86 ">You can send users and groups from one system to multiple endpoint
systems or system groups. All the user properties you need are sent to the
target systems, including the user name and passwords (LAN server password
as well as the i5/OS password),
security settings, private authorities, Enterprise Identity Mapping (EIM)
associations, and mail options. If the user has an entry in the system distribution
directory on the source system, an entry is created (or updated) for that
user on the target system. <p>You can also specify the action to be taken
if any user in the list that you are sending already exists on the target
system. When you are sending users, you can select not to change the user
that already exists, or you can select to update the existing user with the
settings from the user you are sending. When you are sending users, you can
click Advanced to specify advanced send options. The advanced send options
include specifying the mail system for the user and synchronizing the unique
identifier of the user on the target system based on the user identifier of
the user being sent.</p>
<p>To <span class="uicontrol">send</span> users or groups
from one system to another, you must also have save/restore (*SAVSYS) authority.</p>
</td>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e102">&nbsp;</th>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e104">Scan for owned objects</th>
<td valign="top" width="80%" headers="d0e104 ">You can scan for owned objects to find out what objects a user or group
owns across multiple endpoint systems or system groups, and you can even scan
for objects owned by multiple users simultaneously.</td>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e109">&nbsp;</th>
</tr>
<tr><th valign="top" width="20%" class="firstcol" id="d0e111">Synchronize unique identifiers</th>
<td valign="top" width="80%" headers="d0e111 ">You can synchronize the unique identifiers of users and groups across
multiple endpoint systems to ensure that each of these numbers points to the
same user on every system. This is especially important when you are working
with systems in a clustering environment or a system with logical partitions.
The user identification and group identification numbers are another way of
identifying a user or group to a program. For example, the user identification
and group identification numbers are used by programming interfaces in the
integrated file systems environment. <p>You can choose to synchronize unique
identifiers when you create new users or groups, when you edit users or groups,
or when you send users or groups from one system to another. Be sure to keep
your user and group inventories current if you are synchronizing unique identifiers
when you create or edit users or groups.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note"><span class="notetitle">Note:</span> All i5/OS special
authorities and other authorities that are needed when working with users
and groups in the character-based interface are honored when managing users
and groups with iSeries Navigator.
This includes security administration (*SECADM) privileges, all object (*ALLOBJ)
privileges, and authority to the profiles with which you are working. However,
even a user with the most restricted set of system privileges (*USER) can
view, search, or export a user or group inventory that has been collected
by another user with the correct authorities. The user with *USER
authority cannot create or delete users, edit existing users, or send users
to another system.</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaih2.htm" title="After Management Central has been set up, you can use it to streamline your server administration tasks.">Work with Management Central</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaihsyncfunc.htm" title="You can synchronize the configuration of key functions, such as EIM and Kerberos, across a group of endpoint systems.">Synchronize functions</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzamz/rzamzconfigssomgtcentral.htm">Scenario: Configure the Management Central servers for single signon</a></div>
<div><a href="../rzakh/rzakhpropagatescenario_propagateiserisatobandc.htm">Propagate system settings from the model system (iSeries A) to iSeries B and iSeries C</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink