Manage users

IBM® Rational® Test Control Panel has multiple choices associated with its security model. Depending on the security option selected during installation of Rational Test Control Panel, different options are available based on the user accounts.

Security model

The features available within Rational Test Control Panel depend on the security model option chosen during installation but the application’s security settings can be changed at any time after installation.

In addition, Rational Test Control Panel 8.5.1.1 or later supports domain-level security, which is role based.
Note: By default, domain-level security is not enabled.

User types

Rational Test Control Panel supports the following user types:
  • System administrators
  • Users
Rational Test Control Panel system administrators can accomplish the following tasks:
  • Change the Rational Test Control Panel login passwords of other users and assign administrative privileges to other users if the built-in security functionality of Rational Test Control Panel is being used.
    Note: If the Active Directory or LDAP security models of Rational Test Control Panel are being used, user administrator tasks are managed by Active Directory or LDAP (whichever is applicable).
  • Create, rename, and delete domains.
  • Delete published stubs.
  • View the activity and audit logs of Rational Test Control Panel.
Rational Test Control Panel users can accomplish the following tasks:
  • Change their own Rational Test Control Panel login passwords within Rational Test Control Panel if the built-in security functionality of Rational Test Control Panel is being used.
    Note: If the Active Directory or LDAP security models of Rational Test Control Panel are being used, users can change the Rational Test Control Panel login passwords within Active Directory or LDAP (whichever is applicable).
  • View the Environment and start and stop stubs.
  • View agents.
  • View and modify scheduled tests.

User privileges

The following table outlines how Rational Test Control Panel access rights are determined by the security model option used.

If this Rational Test Control Panel security model option is being used...

Who can access Rational Test Control Panel as a user?

Who can be a Rational Test Control Panel system administrator?

None

Anyone who knows the Rational Test Control Panel application’s URL.

Anyone who knows the Rational Test Control Panel application’s URL.

Note: This means that users cannot be created within the Rational Test Control Panel application.

Rational Test Control Panel Built-in

Anyone who has been assigned a Rational Test Control Panel user name and password by a administrator.

When creating or modifying users, a system administrator can specify that a particular user is a system administrator.

Active Directory/Lightweight Directory Access Protocol (LDAP)

Any user with an Active Directory/LDAP user account that is a member of an Active Directory/LDAP user group that is selected during a fresh installation of Rational Test Control Panel or when you modify an existing installation.

A Rational Test Control Panel system administrator must have an Active Directory/LDAP user account that is a member of an Active Directory/LDAP administrators group that was selected during (or after) installation of Rational Test Control Panel.

User roles

If you are using Rational Test Control Panel 8.5.1.1 or later and domain-level security is enabled, the Users page on the Domains and environments tab of the Administration page can be used to assign the following roles to Rational Test Control Panel system administrators and users:
  • Domain administrator
  • (Domain) user
  • (Domain) API user
If domain-level security is enabled:
  • Rational Test Control Panel system administrators can accomplish the following tasks:
    • Create new domains.
    • Add and remove other users to and from domains.
    • Assign and remove domain user, domain API user, or domain administrator roles to those users.
    • View the activity and audit logs of Rational Test Control Panel.
  • Rational Test Control Panel domain administrators can accomplish the following domain-level tasks in the domain(s) in which they have that role:
    • Add and remove other users to and from domains.
    • Assign and remove domain user, domain API user, or domain administrator roles to those users.
    • Delete projects published by other users.
    • Delete scenarios created by other users.
    • Delete Recording Studio recordings of other users.
    Note: To accomplish all of these domain-level tasks, Rational Test Control Panel system administrators must assign themselves or be assigned to the domain administrator role.
  • Rational Test Control Panel domain users can accomplish the following domain-level tasks in the domain(s) in which they have that role:
    • View Recording Studio recordings of other users.
    • View the Environments landscape.
    • View agents.
    • View and modify scheduled tests.
    • Publish stubs.
    • Start and stop stubs.
  • Rational Test Control Panel domain API users can access Rational Test Control Panel command-line functions and REST API for the domain(s) in which they have that role, including starting and stopping stubs, but cannot log into and access the user interface of Rational Test Control Panel. It is recommended that you create one (or more) user accounts with the API user role and have your remote processes (such as the Rational Integration Tester Agent or automated scripts that call the REST API) operate as these users by providing them security tokens generated for one of these API users. This prevents the tokens that are stored with the unattended processes from being used to access the user interface. For more information about creating security tokens, see Creating and assigning security tokens.
Related concepts:
Domain management
Related tasks:
Enabling and disabling domain-level security
Feedback