1) Introduction

2) Login
    2.1 Navigation menu
    2.2 Help   
    2.3 Usage
    2.4 About   
    2.5 Change password   
    2.6 Logout
 

3) Domain Management
     3.1 Engine Credentials
     3.1.1 Open engine configuration
     3.1.2. Open my credentials
     3.1.3. Open user credentials
     3.2 User registry configuration
     3.2.1 Open provider configuration

4) Session Management
     4.1 Viewing all active sessions
     4.1.1 Active sessions list pane
     4.1.2 Steps for opening user session details
     4.1.3 Steps for disconnecting a session
     4.1.4 Steps for disconnecting all sessions
     4.2 Session monitor
     4.2.1 Session configuration pane
     4.2.2 Session monitor pane
     4.2.3 Steps for setting session limits

5) Users & Groups
     5.1 Users     
     5.1.1 User list page

     5.1.2 Steps for creating new users in the new Web Admin console
     5.1.3 Open user
     5.1.4 Simple search and Advanced Search
     5.1.5 Add roles to multiple users
     5.1.6 Delete User
     5.2 Groups
     5.2.1 Groups list page
     5.2.2 Steps for creating new groups in the new Web Admin console
     5.2.3 Open group
     5.2.4 Simple search and Advanced Search
     5.2.5 Add roles to multiple groups
     5.2.6 Delete group

6) Reporting
     6.1 Introduction
    6.2 New Reports
    6.3 My Reports
    6.4 Steps to create a New report
    6.5 Example of using the Security report template Active users in session
    6.6 Report Maintenance

7) Known issues
     7.1 Domain management
     7.2 Session management
     7.3 Users and Groups
     7.4 Reporting
     7.5 General

8) Fixed issues
     8.1 11.7.1.1 RU1
     8.2 11.7.1.1 RU2
     8.3 11.7.1.1 SP1
     8.4 11.7.1.1 SP2
     8.5 11.7.1.3

    
 

 

Enter your Information Server administrator credentials and click the Login button.

On successful login, the following page is displayed.

 

2.1) Navigation menu

On the left side, there is a navigation pane, which consists of links to the various modules you can work with.

At the upper right corner, you can find two icons that have drop-down links. The first offers Help, Usage and About options, while the second offers Change password and Logout options.

2.2) Help

Help links to information available on IBM Documentation.

2.3) Usage


Click Usage to go to the "Usage of the Administration console in InfoSphere Information Server 11.7.1.3" document. This document is displayed.

2.4) About

On clicking the About link, a dialog window displays the current major release version along with copyright information.

Information about the current logged in user is displayed at the upper right corner.

 

2.5) Change Password

On clicking the Change password link, a dialog window is displayed to change the password of the currently logged in user.

Enter the current password, the new password, and click Save. After you log out and log in to the admin console, the changed password is in effect.

2.6) Logout

Click this button to log out of the current session. The log in screen is displayed.
 

3) Domain Management

In the Domain Management menu, you can manage engine credentials, and configure your user directories.

 

3.1) Engine Credentials

Use this pane to manage the mapping of IBM® InfoSphere® Information Server user names and engine credentials. Users can manage only the mapping for their own user name. Suite administrators can manage the mapping of credentials of all users.

Name

Displays the host name of an InfoSphere Information Server engine that is registered in the data integration domain.

User registry

Displays whether the InfoSphere Information Server engine and the metadata server are configured to use the same user registry.

After you select an engine, three options are displayed at the top of the screen: Open engine configuration, Open my credentials, and Open user credentials.

Open engine configuration

Shares the user registry and specifies the default InfoSphere Information Server engine credentials.

Open my credentials

Maps the credentials for your InfoSphere Information Server engine user account with your metadata server account.

Open user credentials

Creates credential mappings for suite users with IBM InfoSphere DataStage® and IBM InfoSphere QualityStage® privileges.

3.1.1) Open engine configuration pane

Use this pane to configure IBM® InfoSphere® Information Server and its engine to authenticate their users with the same user registry. If you cannot share the same user registry, you must establish credential mappings between the users defined in the registry used by the InfoSphere Information Server and the registry used by its engine. Only suite administrators can perform these tasks.

Share User Registry

Select this check box to indicate that the InfoSphere Information Server and its engine use the same user registry for storing credentials. You must ensure, through installation or postinstallation configuration, that the two user registries are the same.

Default Credentials

You can optionally specify default credential mapping. If specified, the user ID and password are used by all InfoSphere Information Server users for whom a specific credential mapping is not defined. If you selected the share user registry option, you cannot specify default credentials.

Steps for defining default credentials:

Before you begin

You must have suite administrator authority or IBM® InfoSphere® DataStage® and IBM InfoSphere QualityStage® administrator authority.

About this task

The default credentials are used for any users who do not have their own credential mappings. If you do not want users without mapped credentials to access the server, do not add default mapping credentials.

Procedure

1. In the Navigator pane, select Domain Management > Engine credentials.
2. Select the InfoSphere Information Server engine for which you want to specify the default credentials.
3. Click Open engine configuration.
4. In the User Name field, type the user name to be used by all InfoSphere Information Server users for whom a specific mapping is not defined.
5. In the Password field, type the corresponding password. The user name and password that you provide must be a valid user name and password for the operating system where the engine tier components are installed.
6. Confirm the password.
7. Click Save and Close.

3.1.2) Open my credentials pane

Use this pane to provide your IBM® InfoSphere® Information Server engine credentials. Credentials that are configured here override the default credentials that might have been defined for the engine.

If the Share User Registry mode is enabled in the Open Configuration pane, the fields and buttons in this pane are disabled.

User Name

Type a valid user name for logging in to the InfoSphere Information Server engine.

Password

Type the password for the InfoSphere Information Server engine user name.

Confirm Password

Type the password again.

Clear Fields

Click to clear your field entries. If you click Save, you cannot access the InfoSphere Information Server engine until you set up new credentials, or an Administrator sets default credential mapping in the Open Configuration pane.

3.1.3) Open user credentials pane

Use this pane to map IBM® InfoSphere® Information Server engine credentials to suite user accounts. This pane is accessible only to suite administrators.

If the Share User Registry mode is enabled in the Open Configuration pane, the fields and buttons in this pane are disabled.

This page consists of the three frames: Select users, Users with mapped credentials and Credentials to assign to selected users, which are necessary to do credential mapping.

User selections:

Use this frame to select the users for whom you need to set up credential mapping. You can use Filter, and Show additional filter to refine the search based on First name, Last name, Username, Roles and so on.
Note: Querying a large LDAP user registry for user IDs might result in LDAP timeouts if an appropriate filter is not set for the IDs to be returned.
Hence, when the Select users panel is first opened, since there is no filter applicable at that time, the UI only displays users that have roles assigned to them. This is also the behavior when Clear Filter is clicked, or Filter is clicked with an empty filter.
To retrieve IDs from the LDAP repository, you should set an appropriate non-empty filter.
Also, for an LDAP user registry, unless the registry is configured with attributes mapping, the filter works only with Username and Group ID.

Finalize selection of users

After selecting at least one user in the right frame, a button “Finalize selection of users” appears at top of the right frame. Click to map the selected suite users to the InfoSphere Information Server engine credentials specified in the bottom frame.

Users with mapped credentials:

After selecting the users to update, and clicking Finalize selection of users, the selected users are added to this frame.
 

Remove ()

Click the icon to remove mapped credentials of a user listed in Users with mapped credentials pane. A confirmation dialog opens, and on clicking Yes, the selected user’s mapped credentials are removed. Users whose mapped credentials are removed cannot connect to the InfoSphere Information Server engine unless a default mapping is defined in the Open Configuration pane.

If you want to remove all mapped users credentials, click Delete all mapped users button. A confirmation dialog opens, and on clicking Yes, the mapped credentials of all users is removed.
 

Credentials to assign to selected users:

Enter the InfoSphere Information Server engine credentials in the bottom frame to specify the credential mapping.

User Name

Type the log in name of the InfoSphere Information Server engine user. The user name must exist and be recognized by the Engine tier.

Password

Type the password of the InfoSphere Information Server engine user. This password must be valid for the specified user name.

Confirm Password

Type the password again.

Apply Only to Users without Credentials

Select this check box to map only suite users who do not already have a credential mapping.

Save or Save & close

Click to map the credentials.

Cancel

Click to close the pane without any changes.

Steps to map the credentials for a user

If you use the IBM® InfoSphere® Information Server user registry, you must create a credential mapping before you can use IBM InfoSphere DataStage® and IBM InfoSphere QualityStage® clients. Create users and groups in the Web console before you begin this task.

Procedure

8. Log in to the IBM InfoSphere Information Server Web console as an Administrator.
9. Under the Navigation pane, expand the Domain Management section and click Engine Credentials.
10. Select the InfoSphere Information Server engine for which you want to map user credentials.
11. Click Open User Credentials.
12. Enter First name or Last name to search for suite users.
13. Optional: Specify Advanced Search criteria and click Filter to display a list of users.
14. From the search results, select the suite users that you want to map to the engine tier operating system local credentials and click Finalize selection of users.
    
15. The selected user, or users are added to the Map user credentials panel.
    
16. On the User selection frame, select one or more users to map to the credentials. If you want to map some suite users to one user and map other suite users to a different user, select one subset of users and continue.
17. In the Assign User Credentials frame, specify a valid operating system user name and password for the system where the engine tier components are installed. If you want to preserve all previously configured credential mapping, select the Apply Only to Users without Credentials check box.
    
     
18. Click Save or Save & close and the specified user credentials are mapped with the engine credentials.
    
    
    In the Map user credentials frame, you can see the mapped user credential information.
    
19. To map credentials for additional suite users, do one of the following:
    • Repeat steps 8 through 11 to map credentials for additional users displayed in the Select users frame.
    • Repeat steps 5 through 10 to select from a new filtered list of users and map credentials for those users.1

What to do next

After you map the credentials, any suite user or group that is assigned an IBM InfoSphere DataStage and QualityStage user or administrator security role can log in to an InfoSphere DataStage and QualityStage client.

3.2) User registry configuration

Use this pane to view summary information about directory providers for logon credentials and authorizations. Only suite administrators can perform this task.
Note that for security reasons, the Information Server internal user registry should not be used in Production systems. Its intended purpose is to facilitate an install, and to provide a test environment where appropriate.

Display Name & Name

Shows the name of the repository that contains the logon credentials and authorizations.

Description

Shows the description of the repository.

Active Provider

Shows whether the repository is the current provider of logon credentials and authorizations. The current provider is listed as ‘true’. All others are listed as ‘false’.

For Internal user registry the pane looks as shown below. The 'Active provider' option is set to ‘true’.

 

For External LDAP user registry the pane looks as shown below. The 'Active provider' option is set to ‘true’.

Select a provider and the option “Open provider configuration” is displayed.

Open Provider Configuration

Click to view details about the selected directory provider.

3.2.1) Open provider configuration pane

Use this pane to view and modify the configuration of a directory provider. Only suite administrators can perform this task.

Some directory providers, such as IBM® InfoSphere® Information Server and IBM WebSphere® Application Server, are preconfigured and cannot be modified. Some directory providers are partially preconfigured and can only be partially modified. Not all check boxes are available if a directory provider is preconfigured or partially preconfigured.

Supports All Attributes

Shows a checkmark if the repository supports users, groups, and all of their attributes. Select to include all attributes in the repository.

Writable

Shows that the metadata can be edited only by using the external repository, not by using the Web console. Select to specify whether metadata can be written to the external repository.

User Attributes

Shows the list of user attributes that are in the repository. Select the specific attributes that you want to include in the repository.

Group Attributes

Shows the list of group attributes that are in the repository. Select the specific attributes that you want to include in the repository.

Open provider configuration pane:ASBDirectoryProvider

Open provider configuration pane:J2EEProvider

4) Session Management

Sessions are created for clients communicating with the server. Session management allows you to control the session behavior.
In Information Server 11.7.1.3, Session management also provides a Session monitor that can be used to monitor session usage, and detect situations where session exhaustion is about to occur or all configured sessions are already exhausted. In this state, only the Administrator is allowed to open the Administration console and examine session usage.



4.1) Viewing all active sessions

In the IBM® InfoSphere® Information Server Web console, you can view and manage the active user sessions.
 

Before you begin

You must have suite administrator authority.
 

About this task

A user session is an instance of a user with a connection to the IBM InfoSphere Information Server. You might want to view all active sessions to determine whether you need to set thresholds for the maximum number of user sessions to allow, to disconnect one or more users, or to view details about the user who is connecting.
 

Procedure

4.1.1) Active sessions list pane

Use this pane to view a list of all the active sessions and identifying information about sessions that run against the metadata server.



 

User Name

Shows the user ID of the active session.

Session ID

Shows the internal session ID of the active session.

Address

Shows the host name or network address of the client that is using the session.

Type

Shows the client type that is associated with the active session, such as IBM® InfoSphere® Information Server Web console, IBM InfoSphere Information Server console, or the IBM InfoSphere DataStage® client.

Created

Shows the timestamp of the start of the active session.

Last Updated

Shows the timestamp of the last action that the active session performed.

Trusted

Shows the value Yes if the trusted authentication mechanism was used to create the session.

Disconnect All

Click to disconnect all currently active user sessions. Any unsaved data in those unsaved sessions is lost.

Select a session; the options “Open session details” and “Disconnect” are displayed.

Open session details

Click to view details for the selected session.

Disconnect

Click to disconnect the selected session. Any unsaved data in that session is lost.

 

4.1.2) Steps for opening user session details

To view information about a current session that includes the user record, the duration of the session, and the security roles that are assigned to the user, you can open the details of a user session.
 

Before you begin

You must have suite administrator authority.
 

Procedure

1. In the Navigation pane, select Session Management > Active Sessions.
2. In the Active sessions list pane, select a user session.
3. Click Open session details link. The Session details pane shows detailed information about the user session.

4.1.3) Steps for disconnecting a session

You can disconnect an individual user session.
 

Before you begin

You must have suite administrator authority.
 

Procedure

1. In the Navigation pane, select Session Management > Active sessions list.
2. In the Active sessions list pane, select a session. If multiple users signed in with the same user account, only the selected session is disconnected.
3. Click Disconnect.
4. Click Yes to immediately end the session.

4.1.4) Steps for disconnecting all sessions

To force all active sessions to end immediately, you can disconnect all user sessions. You might want to disconnect all users to prepare for a system shutdown.
 

Before you begin

You must have suite administrator authority.
 

Procedure

1. In the Navigation pane, select Session Management > Active sessions list.
2. In the Active sessions list pane, click Disconnect all.
3. In the Disconnect all window, click Yes to immediately end all sessions.

4.2) Session monitor

'Global session properties' is removed from the 'Active sessions list' page. The options, Inactive session timeout, Maximum sessions, and Current sessions are now part of the 'Session monitor' page. 'Maximum sessions' is renamed as ‘Permitted sessions’ and Current sessions is renamed as ‘Active sessions’ in session configuration.

4.2.1) Session configuration pane

Use this pane to set the session properties for all suite users.

Inactive session timeout

Set the maximum idle time for all user sessions, in seconds. If a session does not have any activity for the specified time, it is automatically disconnected. Any changes to this setting only apply to new sessions; the changes do not apply to sessions in progress.

Permitted sessions

Set the maximum number of active sessions that can run against the server. Changing the value of 'Permitted sessions' does not disrupt existing sessions. If the new setting is less than the current number of active sessions, no new sessions are created until the total number of active sessions is less than the new setting for 'Permitted sessions'.

4.2.2) Session monitor pane

Active sessions

Shows the number of active sessions that are running against the server.

Surplus percentage

            Specified as a percentage of the value set for 'Permitted sessions'. This setting limits the number of surplus user sessions that are created after the permitted number of sessions are active.

Surplus sessions

The number of active sessions that exceeds the value set for 'Permitted sessions'. A nonzero value is an indication that the Administrator should do session cleanup.

Surplus sessions allowed

The number of sessions that can be created after the number of active sessions exceeds the value set for permitted sessions.
Initially, the value is set to:
    (Permitted sessions  *  Surplus percentage ) / 100
After the number of active sessions exceeds the value set for 'Permitted sessions', each time a new session is created, the value is decremented; if a session is closed, the value is incremented till it reaches its initial value.
If the value becomes zero, only an Administrator is allowed to create a session.

4.2.3) Steps for setting session limits

You can set the maximum number of active sessions on the server. You can also specify how long a session can remain inactive before it is automatically disconnected and how often the sessions are polled for inactivity.
 

Before you begin

You must have suite administrator authority.
 

Procedure

1. In the Navigation pane, select Session Management > Session monitor.
2. In the Session configuration pane, you can configure different session related parameters.
   Specify settings for 'Inactive session timeout' and 'Permitted sessions'. Also, specify a percentage of the value set for permitted sessions.
3. Click Save.
   
    

5) Users & groups
 

5.1) Users

Log in to new admin console UI with Information Server administrator credentials. In the Navigation pane on the left side, expand the norgie Users & groups.

Click the Users link to work with users. The User list page is displayed.

5.1.1) User list page

Use this pane to search for and view information about suite users, create a user, or assign security roles to a user.


Note: Querying a large LDAP user registry for user IDs might result in LDAP timeouts if an appropriate filter is not set for the IDs to be returned.
In ISF 11.7.1.1 RU1 patch, JR62755 changed the behavior when the Users panel is first opened. Since there is no filter applicable at that time, the UI only displays users that have roles assigned to them. This behavior is also applicable when Clear Filter is clicked, or Filter is clicked with an empty filter.
You should set an appropriate non-empty filter to retrieve IDs from the LDAP repository.
Also, for an LDAP user registry, unless the registry is configured with attributes mapping, the filter works only with Username and Group ID.

 

First name OR Given name

Type the given name of the user or a search pattern.

Last name or Family name

Type the family name or the user name of the user or a search pattern to filter the users that are displayed. If you use an external directory (for example, LDAP), you might search on user name instead of family name and given name.

Filter

Click to find users that match the criteria you entered.

Clear filter

Click to remove the filter terms and show the entire list of users.

Show additional filter criteria

Enter additional user metadata such as email address or title to filter the returned results. Additionally, you can select an assigned role to filter by security role.

First name

Shows the given name of the user.

Last name

Shows the family name of the user.

Username

Shows the name of the user.

Courtesy title

Shows the formal title of the user.

Business phone

Shows the business telephone number of the user.

Location

Shows the physical location of the user.

New user

Click to create a user. This task is not available if an external directory is used.

If you select any user/users from the list, the following options are displayed: Delete user, Open user, Add roles to multiple users.

Open user

Click to view and update the details of the selected user.

Add roles to multiple users

Click to assign security roles to the selected users.

Delete User

Click to delete the selected user. This task is not available if an external directory is used.

5.1.2) Steps for creating new users in the new Web Admin console

If the IBM® InfoSphere® Information Server internal user registry is used, you can create users as the first level of security. You must create a user for each person that needs to log in to InfoSphere Information Server.
 

Before you begin

You must have suite administrator authority.
 

Procedure

1. Log in to the new IBM InfoSphere Information Server Web console with admin credentials.
2. In the Navigation pane, select Users & groups > Users.
3. In the Users list pane, click New User.
4. In the Create new user pane, provide information about the user.
    

   Primary information:
   The User name, Password, Confirm password, First name (Given name), and Last name (Family name) fields are required.

   First Name (Given Name)

   Type the first name or given name of the user.

   Last Name (Family Name)

   Type the last name or family name of the user.

   
    
5. Provide additional information if required.

 

Additional user information:

Title

Type a title for the user.

Instant Messaging ID

Type the user's instant messaging ID.

Job Title

Type a job title for the user.

Home Phone Number

Type the telephone number of the user's home.

Office Phone Number

Type the telephone number of the user's office.

Mobile Phone Number

Type the number of the user's mobile phone.

Pager Number

Type the telephone number of the user's pager.

Fax Number

Type the telephone number of the user's fax machine.

Email Address

Type the email address of the user.

Business Address

Type the user's business address.

Location

Type the user's location.

Organization

Type the user's organization.

6. Roles

Expand the norgie Roles. Click the drop-down arrow, and specify whether the user is an administrator user of the suite, or a user of the suite. The suite user role is assigned by default.
 

7. In Select all component roles drop-down, select whether the user has any suite component roles. To log in to any of the product modules, a user must have the suite user role. Also, add at least one suite component role for each suite component that you want the user to access. For example, if you are creating a user to use IBM InfoSphere Information Analyzer, you must assign the suite user role and an Information Analyzer role; Project Administrator, Data Administrator, or User role.

8. Optional: Expand the Groups norgie. You can make a user a member of one or more groups.

In the “Select required groups from the below table” frame, you can use a filter to locate the groups you want the current user to belong to. Select groups as needed from the filtered output. The “Add selected groups” option is displayed on selecting a group. Click it to add the selected groups to the “Selected groups” frame on the left.
You can delete group/groups by clicking the Delete icon located next to the group.

If you want to remove all groups added for a user, click Clear all.

9. Click Save,
    The saved user information is displayed.

10. Click the Update button to make changes to the user.
       On clicking Update, the Update user page is displayed and you can make changes to the user.


11. Click Save and Close, to save the user information and move to the User list page.

5.1.3) Open user

From the list of users, select a user to update, and click the Open user link.

Other than the User name field and project roles, you can update all other information of the selected user in the Update user page.
View suite roles and component roles for the user by expanding the respective sections. Roles that are directly assigned to the user are displayed with their corresponding check-box checked.

 

Project roles drop-down:

Use this pane to view the project roles assigned of a user.

Within components, for example InfoSphere DataStage, or InfoSphere Information Analyzer, a user can be assigned the role of a component user (not component administrator) so that the user can log in and use that component. In addition to such component roles, to work in a component project, a user must have roles specific to that project. Such roles are called project-level roles. Use the component’s GUI to log in to the relevant project for that component and assign the role to the user.

For example, use the IBM® InfoSphere® DataStage Administrator client to log in to a specific DataStage project, and assign a user the InfoSphere DataStage and Quality Stage Operator role. After assignment, the role is listed on the Project Roles pane for that user.
For DataStage roles, the server host and project name of the associated project are displayed, while for Information Analyzer roles, the workspace is displayed.


 

You can optionally add the user to an existing group.

Select the group you want to add the user to, and click Add selected groups link.
Next, click Save or Save and Close.




Use the Print option to see the complete information about this particular user like Additional user information, roles and groups it is part of.

Print View:

When a user is added to a group, the user inherits the roles of that group. You can assign roles at the suite level or at the component level. If you use an external directory (for example, LDAP), you cannot use this pane to add new groups.

If a role is directly assigned to a user, the check-box for that role is checked. If a user inherits a role from a group, the inherited group information is displayed next to the role (under the 'Inherited from groups' column).

5.1.4) Simple search and Advanced search

Use this pane to search for users based on different search criteria. You can use First name, Last name to search for users.



Note: Querying a large LDAP user registry for user IDs might result in LDAP timeouts if an appropriate filter is not set for the IDs to be returned.
In ISF 11.7.1.1 RU1 patch, JR62755 changed the behavior when the Users panel is first opened. Since there is no filter at that time, the UI only displays users that have roles assigned to them. This behavior is also applicable when Clear Filter is clicked, or Filter is clicked with an empty filter.
You should set an appropriate non-empty filter to retrieve IDs from the LDAP repository.
Also, for an LDAP user registry, unless the registry is configured with attributes mapping, the filter works only with Username and Group ID.

First name

Type the given name of the user or a search pattern.

Last name or User name

Type the family name or the user name of the user or a search pattern to filter the users that are displayed.

Filter

Click to find users that match the criteria you entered.

Clear filter

Click to remove the filter terms and show the entire list of users.

Likewise, you can also filter based on User name, location, and roles.

If you use an external directory (for example, LDAP), you can search on user name instead of family name and given name.

Show additional filter criteria

You can enter additional user metadata to filter the returned results such as email address or title.

Note: You can filter on attributes like email address only if

• Internal user registry is in use or
• You use a Federated repository and mapped the attributes you are filtering on

Additionally, you can select an assigned role to filter by security role.

5.1.5) Add roles to multiple users

From the User list page select users, or use filter and Additional filter criteria to choose users that match your criteria, and then click the “Add roles to multiple users” link.

Select users from the filtered listing in the “Assign roles to selected users” frame.
Use the drop-downs for “Select suite roles” and “Select component roles” to select which roles to assign to the selected users.


Click Save or Save & close. The selected roles are assigned to the users.

5.1.6) Delete User

Click to delete the selected user/users. This task is not available if an external directory is used.

Click Yes to confirm the selection; the selected user, or users are deleted.

5.2) Groups

From the Navigation pane on the left side, expand the norgie Users & groups.

Click Groups link to work with groups. The Groups list page is displayed.

5.2.1) Groups list page

Use this pane to view information about groups, create a group, or assign security roles to a group.
 

Note: Querying a large LDAP user registry for group IDs might result in LDAP timeouts if an appropriate filter is not set for the IDs to be returned.
In ISF 11.7.1.1 RU1 patch, JR62755 changed the behavior when the Groups panel is first opened. Since there is no filter at that time, the UI only displays groups that have roles assigned to them. This behavior is also applicable when Clear Filter is clicked, or Filter is clicked with an empty filter.
You should set an appropriate non-empty filter to retrieve IDs from the LDAP repository.
Also, for an LDAP user registry, unless the registry is configured with attributes mapping, the filter works only with Username and Group ID.

Group name

Type a group name, group ID, or search pattern. If you use an external directory (for example, LDAP), you might search on group ID instead of name.

Filter

Click to show only groups that match the filter criteria in the object list.

Clear filter

Click to remove the filter terms and show all groups in the object list.

Show additional filter criteria

Enter additional user metadata to filter the returned results such as email address or location. Additionally, you can select an assigned role to filter by security role.

Location

Shows the physical location of the group.

New group

Click to create a new group and assign users to that group. This task is not available if an external directory is used.

After you select a group, the following options are displayed, Delete group, Open group, Add roles to multiple groups.

 

Delete group

Click to delete the selected group. This task is not available if an external directory is used.

Open group

Click to view and update the details of the selected group.

Add roles to multiple groups

Click to assign security roles to the selected groups.

5.2.2) Steps for creating new groups

If the IBM® InfoSphere® Information Server internal user registry is used, you can create user groups and assign security settings and roles to the groups. All users that belong to a group automatically inherit the security settings and roles that are assigned to the group.
 

Before you begin

You must have Administrator authority.

Procedure

1. Log in to the new IBM InfoSphere Information Server console with admin credentials.
2. In the navigation pane, select Users & groups > Groups.
3. In the Group list page, click New group link.

Type the ID of the new group. The following characters are valid when the internal User Registry is used:

• alphanumeric characters
• _ (underscore)
• - (hyphen)
• , (comma)
• \ (backslash)
• = (equal sign)
• . (period)
• $ (dollar sign) - not recommended if you want your local user ID to match the Internal User Registry ID

Name

Type the name of the group

Group Type

Type a category for the group. You can use this field to further categorize groups if needed. It is an optional classification that you can define in addition to the name field that gives the group more context, such Administrators of projects or Catalog Administrators.

Email Address

Type the email address of the group. Spaces are not allowed in this field.

Web Address

Type the URL of the group.

Location

Type the physical location of the group.

Organization

Type the organization of the group.

 

6. Roles- Expand the Roles norgie. You can specify Suite and Suite Component roles.

Select the suite roles and suite component roles that you want to assign to the group.

The roles are used to grant top-level and administrative access to IBM® InfoSphere® Information Server and its product modules, such as who can log in to InfoSphere Information Server, who has InfoSphere Information Server administrative rights, and who can access IBM InfoSphere DataStage®, IBM InfoSphere QualityStage®, or IBM InfoSphere Information Analyzer with regular user privileges or as administrators.

7. From the Select all suite roles drop-down, select the suite roles you want to assign to this group.

8. In the Select all component roles drop-down, select the component roles you want to assign for this group. You must add at least one suite component role for each suite component that you want the group of users to access. For example, if you are creating a group to access IBM InfoSphere Information Analyzer, you must assign either the Information Analyzer Project Administrator, Data Administrator, or User role.

9. Optional: Expand the Users norgie. You can add Users to this group.

In “Select required users from below table” frame, filter the users you want to add to the current group. Select users from the filtered output, and click 'Finalize selection of users'. The selected users are added to the “Selected users” frame on the left side.

You can delete user/users with Delete icon located next to the added user.

If you want to remove all users added to a group, click Clear all.

10. Click Save. The saved group information is displayed.

11. Click the Update button to make changes to the group. The Update group page is displayed and you can make changes to the group.


12. Click Save and close to go back to the Group list page.

5.2.3) Open group

Select the group you want to update from the list, and click the ‘Open group’ link.

Other than the Group ID field and project roles, you can update all other information of the selected group in Update group page.
View suite roles and component roles for the group by expanding the respective sections. Roles that are directly assigned to the group are displayed with their corresponding check-box checked.
 

Project roles drop-down:

Use this pane to view the project roles assigned to a group.

Within components, for example InfoSphere DataStage, or InfoSphere Information Analyzer, a group can be assigned the role of a component user (not component administrator). All users that are a member of that group can log in and use that component. In addition to such component roles, to work in a component project, a user must have roles specific to that project, either assigned directly or inherited from a group. Such roles are called project-level roles. You can use the component’s GUI to log in to the relevant project for that component and assign the role to a group.

For example, use the IBM® InfoSphere® DataStage Administrator client to log in to a specific DataStage project, and assign a group the InfoSphere DataStage and Quality Stage Operator role. After assignment, the role is listed on the Project Roles pane for that group. For DataStage roles, the server host and project name of the associated project are displayed, while for Information Analyzer roles, the workspace is displayed.

 

You can optionally add existing users to the group.

Select the user you want, to add it to the group and click the 'Finalize selection of users' link. Next, click Save or Save and Close.

 

Use the Print option to see the complete information about this particular user like Additional user information, roles and groups it is part of.

Print View:

When you add a user to a group, the user inherits the roles of that group. You can assign roles at the suite level or at the component level. If you use an external directory (for example, LDAP), you cannot use this pane to add new users to a group; instead, you should use your Directory provider's user interface.

5.2.4) Simple search and Advanced Search

Use this pane to search for groups based on different search criteria. You can search groups with Group name.


Note: Querying a large LDAP user registry for group IDs might result in LDAP timeouts if an appropriate filter is not set for the IDs to be returned.
In ISF 11.7.1.1 RU1 patch, JR62755 changed the behavior when the Groups panel is first opened. Since there is no filter at that time, the UI only displays groups that have roles assigned to them. This behavior is also applicable when Clear Filter is clicked, or Filter is clicked with an empty filter.
You should set an appropriate non-empty filter to retrieve IDs from the LDAP repository.
Also, for an LDAP user registry, unless the registry is configured with attributes mapping, the filter works only with Username and Group ID.

Group name

Type a group name, group ID, or search pattern. If you use an external directory (for example, LDAP), you can search on group ID instead of name.

Filter

Click to show only groups that match the filter criteria in the object list.

Clear filter

Click to remove the filter terms and show all groups in the object list.

 

Show additional filter criteria

Enter additional group information to filter the returned results such as email address or location. Additionally, you can select an assigned role to filter by security role.

If you use an external directory (for example, LDAP), you can search on group ID instead of group name.

In the drop-down for Roles, select an assigned role to filter by security role.

 

5.2.5) Add roles to multiple groups

In the Group list page select groups, or use filter and Additional filter criteria to choose groups that match your criteria. Next, click the “Add roles to multiple groups” link.

Select users in the “Assign roles to selected groups” page, and assign suite or component roles from the respective drop-downs.

Click Save or Save & close. The selected roles are assigned to the users.

5.2.6) Delete group

Click to delete the selected group/groups. This task is not available if an external directory is used.

Click Yes to confirm your selection; the selected group/groups are deleted.

6) Reporting:

6.1) Introduction

The new Administration console has limited Reporting functionality through the User interface as listed below:

    a. New report creation for Scheduling and Security Report templates
    b. View saved reports
    c. Edit report
    d. Delete reports
    e. Run selected report
    f. Open report result history etc.

Although optional fields are present in each New report creation page, currently, only the mandatory fields are supported in the New report creation and Edit report features.
 

Log in to the new Administration console with Administrator privileges. The Reporting link is located in the Navigation pane on the left side.

Reporting:

Expand this norgie to choose the tasks you want to perform under Reporting. On expanding the norgie, two links are displayed: New report and My reports.

6.2) New Report

Use this link to create a report that you can run to generate the results. You can specify parameter settings for the report, the report format, and the expiration policy for report results.

Click the New report, select any Report template from the Scheduling and Security report templates listed in the drop-down.

 

6.3) My reports

Use this link to view the list of reports that you created from various report templates. You can select a report from the list to perform the intended action from the available options.

i) Log in to the new Administration console with Administrator credentials.

ii) Click the Reporting link from the left Navigation pane.

iii) Expand the norgie and click New Report link.

iv) Select a Report template (Scheduling OR Security) from the drop-down list and click Next.

v) Provide values for all mandatory fields and click Save and run.

 

Name

Type a name for the report. By default, the name of the report is the same as the name of the template.

Description

Type a description of the report. By default, the description of the report is the same as the description of the template. Optional:

Save-in Folder

By default, the report is saved in the main Reports folder.

Parameters

NOTE: In Information Server 11.7.1 Fix Pack 1, only values provided for Required parameters are honored. Values provided for optional parameters are not consumed. and not supported in this release; any default value associated with such parameters is used.
Required parameters are indicated by an asterisk (*). Specify values for parameters; you can leave one or more required or optional parameter values unspecified, depending on whether you plan to run the report manually or by using a schedule.

Parameters that you specify values for, when you create or edit a report are called bound parameters. Parameters that you do not specify values for when you create or edit a report are called unbound parameters.

When you run a report using a schedule, you cannot specify values for parameters at the time of running the report. Hence, you cannot run a report by a schedule if the report has required parameters that are unbound. When you run a report manually, you can specify values for unbound parameters, but you cannot specify values for bound parameters.

Format

Specify the format of the report results. The number of available formats depends on which report template you use to create the report.

Output Format

Select a format for the report results.

                        HTML

Creates one or more HTML files. Specify HTML output options.

PDF

Creates a PDF file. Specify PDF output options.

RTF

Creates a file in rich text format.

TXT

Creates a file in text format. Specify Text output options.

XLS

Creates a file in XSL format that can be opened in Microsoft Excel. Specify XLS output options.

XML

Creates an XML file. Specify XML output options.

Settings

Specify the expiration policy and the retention policy for report results.

Expiration

Select the expiration policy for report results:

No Expiration

The report results do not expire.

Expire after

Specify the number of days, weeks, months, or years after which the report results expire. Report results are deleted at midnight on the day of expiration.

History Policy

Specify whether to replace or retain old report results, and the maximum number of results to retain for the report:

Replace Old Version

New report results replace previous results.

Archive as New Version

New report results are added to previous results.

Maximum Versions

Type the value for the maximum number of results that you want to save for the report.

vi) Click the Download button to view the report result.

 

You can generate other reports by repeating the same steps with any of the other report templates; provide values for mandatory fields and click Save and run.

6.5) Example of using the Security report template Active users in session:

6.6) Report Maintenance

 You can manage reports with the following:
         Open report settings, View report result, Run selected report, Open report result history, Delete report, etc. 

In the left Navigation pane, click the My reports link under the Reporting norgie. The My reporting page lists the name and description of each report, the template that the report was created from, and the date that it was created.
 

Select a report. Next, select one of the tasks listed at the top of the panel:

6.6.1) Open report settings:

Use this pane to view and edit the settings of a report. You can specify parameter settings for the report, the format, and expiration policy for report results.

Name

Type a name for the report. By default, the name of the report is the same as the name of the template.

Description

Type a description of the report. By default, the description of the report is the same as the description of the template. Optional:

Save-in Folder

By default, the report is saved in the main Reports folder.

Parameters

NOTE: In Information Server 11.7.1 Fix Pack 1, only values provided for Required parameters are honored. Values provided for optional parameters are not consumed; any default value associated with such parameters is used.
Required parameters are indicated by an asterisk (*). Specify values for parameters; you can leave one or more required or optional parameter values unspecified, depending on whether you plan to run the report manually or by using a schedule.

Parameters that you specify values for, when you create or edit a report are called bound parameters. Parameters that you do not specify values for when you create or edit a report are called unbound parameters.

When you run a report using a schedule, you cannot specify values for parameters at the time of running the report. Hence, you cannot run a report by a schedule if the report has required parameters that are unbound. When you run a report manually, you can specify values for unbound parameters, but you cannot change the values assigned to bound parameters.

Format

Specify the format of the report results. The number of available formats depends on which report template you use to create the report.

Output Format

Select a format for the report results.

                        HTML

Creates one or more HTML files. Specify HTML output options.

PDF

Creates a PDF file. Specify PDF output options.

RTF

Creates a file in rich text format.

TXT

Creates a file in text format. Specify Text output options.

XLS

Creates a file in XSL format that can be opened in Microsoft Excel. Specify XLS output options.

XML

Creates an XML file. Specify XML output options.

Settings

Specify the expiration policy and the retention policy for report results.

Expiration

Select the expiration policy for report results:

No Expiration

The report results do not expire.

Expire after

Specify the number of days, weeks, months, or years after which the report results expire. Report results are deleted at midnight on the day of expiration.

History Policy

Specify whether to replace or retain old report results, and the maximum number of results to retain for the report:

Replace Old Version

New report results replace previous results.

Archive as New Version

New report results are added to previous results.

Maximum Versions

Type the value for the maximum number of results that you want to save for the report.

Click Save and run if you want to save your changes. Otherwise, click Cancel button.

When you change the settings of a report, the changes are reflected in the report results the next time you run the report, either manually or by using a schedule. Changing the settings of a report does not change report results that were generated before you changed the settings.

6.6.2) View report result:

Displays the latest report result for the selected report in another tab or new window.

6.6.3) Run selected report:

Runs the selected report.

When report execution is completed, the report results are opened in a new tab or new window as shown below:

6.6.4) Open report result history:

Displays the list of report results for this report.

 

6.6.5) Delete:

Deletes one or more selected reports. You must have Delete permission for the report and on all results for a given report (if any) when deleting the report.

7) Known issues

1. Suite user is unable to save engine credentials in the "Open my credentials" panel.
    

1.     "Invalid credentials" message is displayed when maximum configured sessions are used.
2.     Trusted sessions or any indication of the same should not be displayed as they are intended to be transient.
3.     No error indication is provided when login to the Administration console by a non-admin user fails because all permitted sessions are in use.

1.     In various panels, roles are displayed with the role name. However, 'DirectoryCommand' output lists roles with role IDs. To see the mapping between Role ID and Role Name, refer to 'DirectoryCommand' help.

2.     In IBM Cloud Pak for Data environments, user and group role assignment should not be allowed.

3. In the Open group panel, although the check boxes for project roles are not checked, all listed project roles are directly assigned (project roles for a group cannot be inherited from another group).
5. Unable to close the Suite, Component and Project roles norgie in the Open user and Open group page.
5. In Open user and Open group page, Print doesn't work if requested a second time, or after doing a Save.
5. In the Add roles to multiple groups page, improvement is needed to the display of long group names.
5. After creating a user, the page should not be displayed as though another user can be created.
5. After creating a group, the Group ID field should not be editable.
5. Additional filter criteria does not work for the Courtesy title of Users.
5. With an Oracle 19c repository, while adding roles in 'Add roles to multiple users' page, intermittently an exception might be reported that something went wrong, and the console is not usable until you log in again.
5. With an Oracle 19c repository, while adding roles in 'Add roles to multiple users' page, intermittently a user is listed multiple times.
6. Improve display of the Open user credentials page in the User selection panel.
7. In the 'Add roles to multiple users' page, when all or individual, Suite or Component roles are selected or deselected, roles for all users are incorrectly displayed before clicking Save.

1.     Folder management feature (Create, Rename and Delete a folder) is currently not available.
2.     Reporting search functionality is not implemented.
3.     Access control feature which manages the list of users, groups, and roles that have access to a selected report, is currently not available.
4.     The features to add reports as Favorites, and to remove reports from Favorites are currently not available.
5.     The ability to set Preferences for Maximum Result History Limit, Default Expiration, Default History Policy is currently unavailable.
6.     There are some overlapping sections in reports generated with RTF format.  
7.     In the “List of Users” new report creation page, incorrect items are listed in the Components drop-down.
8.     The Report Result Status is not displayed.
9.     Reports created in the new Administration console are not listed under the Save reports tab of the Information Server Console (Mozart Console). However, they are listed in “View Reports by date”.
10. In Reporting > New report > Report templates, when a Scheduling template is selected, the check boxes for selecting all Components or all Topics is not functional.
11. In Reporting > New report > Report templates, for the Security template, List of users, no components are listed in the drop down list.

1.     Customers using Information Server releases before version 11.7.1.1, that desire to use the new Administration console should upgrade to version 11.7.1.1 or later.
2.     Context-specific help links are not functional.
3.     The “Remember me” checkbox in the log in screen is not completely implemented.
4.     A warning message is not displayed if you cancel out of a panel when unsaved data is present.
5.     Limitation on the pagination in Engine Credential, Users and Groups panels: You must finalize the contents in the first page before you move on to the next page. If you move to the next page without finalizing, the previous page selections are lost.
6.     Native Language Support (NLS) is not provided.
7.     If you change the Engine tier host name, the host name change document and scripts do not replace the old host name in XMETA.registration_ASBNode. As a result, the new Administration console lists the old host name in the Engine Credentials panel. Similar behavior might also be seen if an IP address is assigned to multiple host names. Updating the entry in XMETA resolves the issue.
8. The Reporting console (new Administration console) feature in the DataStage Designer reports error status 404 when connecting from a version 11.7.1.1 client to a 11.7.1.1 Service Pack 1 or later server.
9. In 11.7.1.3, clicking Usage does not take you to the "Usage of the Administration console in InfoSphere Information Server 11.7.1.3" document.
    

8) Fixed Issues

8.1) 11.7.1.1 RU1

1.    JR62767-In installations that have configured multiple engine tiers, the Engine credentials panel displays duplicate entries in the list of engine tiers.
2.    JR62755-If your LDAP user registry contains a large number of users and groups, the Users and Groups page does not load and display the users list. In ISF 11.7.1.1 RU1 patch, JR62755 changes the behavior of this page to address this issue. For details, see sections that filter user or group IDs.
3.    JR62502-Unable to log in to the new Information Server Administration Console after 11.7.1 Fix Pack 1 is installed.
4.    JR62814 Launchpad does not display Microservices tier icons properly. Enhance configuration to allow launchpad to work with short/long hostname or IP. Follow the post install steps in 11711 RU1 readme file to resolve the issue.

1.    JR62880 - Various issues related to handling of Project roles in the Administration console.
           a. In Open user and Open Group panels, within roles, the "Select all project roles" listing provides checkboxes for users to maintain project related roles. However, none of these roles can be changed in the Administration console. Additionally, the roles listed do not specify the project that they are associated with.
           b. User does not inherit project roles from group membership when LDAP is used.
           c. DataStage Project roles inherited from a group are not displayed as inherited.
2.    JR62945 - In Domain management->User registry configuration->Open provider configuration of the Administration console, the list of attributes is determined by the user registry in use.

8.3) 11.7.1.1 SP1

1.     In some panels, saved data is not reflected in the UI when Save is clicked.
2.     There might be panels where long LDAP names might not be word wrapped or scrollable.
3.     User suite and component roles are shown as inherited even when the role was directly assigned to the user.
4.     Group suite and component roles are shown as inherited even though a group cannot inherit roles.
5.     Group count is showing as 1 when no group is assigned to a user in the Open user page.
6.     If no user is selected for credential mapping in the Open user credential page, no error message is displayed .
7.     A user without Suite User role can log in to the console.
8.     JR63465 - Log in to the administration console fails when Chrome or EDGE browsers are used.
9.     JR63385 - After 11.7.1.1 Rollup patch 2 is installed, Information Analyzer project roles are not listed.
10.     On the Microservices tier, clicking on the Reporting link is redirecting to the log in screen.

8.4) 11.7.1.1 SP2

8.5) 11.7.1.3