Users and groups

An IBM® SPSS® Collaboration and Deployment Services user is an individual or a process that is allowed to access files and execute programs. The user is authenticated with a user name and password pair against an internal or external database. Users have different levels of access to application resources.

Users can be organized into groups based on the need for information access and manipulation. Organizing users into groups helps minimize the effort required to distribute permissions to multiple users in a uniform and organized way.

Users and groups are assigned access to system resources through the mechanism of roles. A role is a set of actions predefined within the system, such as access to files and MIME types, ability to change system configuration, etc. Role assignments can be added or removed, and new roles can be established as needs change. Note that roles must be explicitly assigned before users can access the system. See the topic Roles overview for more information.

IBM SPSS Collaboration and Deployment Services users and groups are handled by security providers. A security provider is the system that authenticates user credentials. Users and groups can be defined locally (in which case, IBM SPSS Collaboration and Deployment Services itself is the security provider) or derived from a remote directory, such as Windows Active Directory or OpenLDAP. See the topic Security providers for more information.

Some environments may require setting up groups of remotely defined users that are specific to IBM SPSS Deployment Manager. This will be the case if the groups specified in the remote directory are not fine-grained enough. The directory administrator may not be able to add these more specific groups because of policy restrictions or because queries of the remote directory from external applications may not be allowed. In these instances, locally specified groups of remote users, referred to as extended groups, will be added to the list of groups already defined in the remote directory.

In many environments, the number of users that exists in a remote directory is quite large, while only a small subset of the total user pool actually needs access to IBM SPSS Collaboration and Deployment Services. In this case, the administrator can specify a list of allowed users, and only those users will be allowed to log in. The allowed list acts as a filter on the user name, but the actual authentication of the user is performed against the remote directory in a normal manner.

Parent topic: Server Administration in Deployment Manager
Related information:
Creating a user
Editing a user
Locking and unlocking a user
Deleting a user
Creating a group
Editing a group
Deleting a group
Importing users and groups
Creating an extended group
Creating an allowed user