After you create a user, manually configure additional permissions for the user
account.
Before you begin
You must be assigned the Security administration role with permission to Manage security (Full permission) to perform these steps.
About this task
When you create a user, default permissions are automatically applied. If the user account
needs additional permissions, you must add these permissions manually after the initial user
creation. You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.
Procedure
- Click . If you are on 2.3.3.3, click .
- Select a user to modify from the list.
Attention: Neither the display name nor the user name can be modified after the user has
been created.
- Click the dotted line in the Email address field to edit the email
address or to add an address.
- Click edit next to the Password field and
type a password for the user.
- From the User groups field, select a user group from the drop-down
menu.
To view all the members of a group of which the user is a member, click the name of
the group. This brings you to the User groups pane with the group you chose
selected. By default, every user is a member of the Everyone group, so
clicking Everyone is a useful shortcut to the User
groups pane if you want to examine other groups before adding the user.
- Expand Authorized Resources to view the resource access available
to the user. Expand each category to view the details.
To view other users' resources
and associated details, you must have both the View all cloud resources (Read-only) and View all security resources (Read-only) roles. Being assigned
the View users/groups (Read-only) role by
itself is not sufficient to view other users' resources and details.
- Expand Globalization preferences and select Enable
bidirectional if the user prefers to view the user interface in a supported
bidirectional language. Select the base text direction and national calendar from the drop-down
menus.
- Modify the roles for this user.
You can select or clear roles
to control the level of access a user is assigned. If a user is a member of a group, then the user
has the permissions defined by that group. If a user is a member of multiple groups, then the user
has the sum of the permissions defined by these groups. When you modify the permissions defined for
the group, the modifications are propagated to all the members of the group. The following
permissions are available:
- Select the specific Workload Management sub-roles for the user. A
selected check box means the user has permission to perform that operation.
- Create new patterns
- Create new environment profiles
- Create new catalog content
- IBM License Metric Tool (ILMT)
- Select the specific Administrators roles for the user.
- Select the Allow delegation when full permission is selected
option to allow a user with at least one full permission role to grant and revoke security roles to
and from other users.
- Workload resources administration role
- View all workload resources (Read-only)
- Manage workload resources (Full permission)
- Cloud group administration role
- View all cloud resources (Read-only)
- Manage cloud resources (Full permission)
- Hardware administration role
- View all hardware resources (Read-only)
- Auditing role
- View all auditing reports (Read-only)
- Manage auditing (Full permission)
- Security administration role
- View users/groups (Read-only)
- View all security resources (Read-only)
- Manage security (Full permission)