Administering users

After you create a user, manually configure additional permissions for the user account.

Before you begin

You must be assigned the Security administration role with permission to Manage security (Full permission) to perform these steps.

About this task

When you create a user, default permissions are automatically applied. If the user account needs additional permissions, you must add these permissions manually after the initial user creation.

You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.

Procedure

  1. Click System > Users. If you are on 2.3.3.3, click Security and access > Users.
  2. Select a user to modify from the list.
    Attention: Neither the display name nor the user name can be modified after the user has been created.
  3. Click the dotted line in the Email address field to edit the email address or to add an address.
  4. Click edit next to the Password field and type a password for the user.
  5. From the User groups field, select a user group from the drop-down menu.
    To view all the members of a group of which the user is a member, click the name of the group. This brings you to the User groups pane with the group you chose selected. By default, every user is a member of the Everyone group, so clicking Everyone is a useful shortcut to the User groups pane if you want to examine other groups before adding the user.
  6. Expand Authorized Resources to view the resource access available to the user. Expand each category to view the details.
    To view other users' resources and associated details, you must have both the View all cloud resources (Read-only) and View all security resources (Read-only) roles. Being assigned the View users/groups (Read-only) role by itself is not sufficient to view other users' resources and details.
  7. Expand Globalization preferences and select Enable bidirectional if the user prefers to view the user interface in a supported bidirectional language. Select the base text direction and national calendar from the drop-down menus.
  8. Modify the roles for this user.
    You can select or clear roles to control the level of access a user is assigned. If a user is a member of a group, then the user has the permissions defined by that group. If a user is a member of multiple groups, then the user has the sum of the permissions defined by these groups. When you modify the permissions defined for the group, the modifications are propagated to all the members of the group. The following permissions are available:
    • Select the specific Workload Management sub-roles for the user. A selected check box means the user has permission to perform that operation.
      • Create new patterns
      • Create new environment profiles
      • Create new catalog content
      • IBM License Metric Tool (ILMT)
    • Select the specific Administrators roles for the user.
      • Select the Allow delegation when full permission is selected option to allow a user with at least one full permission role to grant and revoke security roles to and from other users.
      • Workload resources administration role
        • View all workload resources (Read-only)
        • Manage workload resources (Full permission)
      • Cloud group administration role
        • View all cloud resources (Read-only)
        • Manage cloud resources (Full permission)
      • Hardware administration role
        • View all hardware resources (Read-only)
        • Manage hardware resources (Full permission)
      • Auditing role
        • View all auditing reports (Read-only)
        • Manage auditing (Full permission)
      • Security administration role
        • View users/groups (Read-only)
        • View all security resources (Read-only)
        • Manage security (Full permission)