About users and groups
ITNCM - Base access is managed using the Account Management Web Interface. Account Management consists of ‘Groups' and ‘Users', which are used to provide access privileges. This is an important security feature, because you can limit the ability of users and groups to perform certain actions by assigning rights and permissions. User IDs and passwords needed for system logins are created through the Account Management web interface.
- administrator - All group activities are assigned to the administrator.
- operator - The following group activities are assigned to the operator: Execute Configuration Synchronization, Execute Configuration Change, Execute Direct Commands, Execute Import, View All Work, IDT Allow Manual Login, IDT enable Mode, IDT Access, View Native Commands, Apply Native Command Sets and Execute Compliance Policy.
- observer - The following group activities are assigned to the observer: IDT Allow Manual Login, IDT Access and View Native Commands.
User accounts must be created for access to ITNCM - Base, and group membership enhances the level of functionality available to users. Users' authorization for access, scope and functionality are all determined by the groups to which they belong.
In order to add groups and users, you need to have the appropriate permissions, the Manage Accounts activity, as well as Modify rights for the realm in which you are adding the group. To add security sets to a group, you also need Add rights for resources in that realm. A user's rights to realms and resources within realms are inherited from any group to which they belong. If a user belongs to several groups with different levels of security, the most lenient security settings apply.