Administering Users, Groups, and Security

Administering Users, Groups,

and Security

Overview

This chapter includes information on the following topics:

“Managing Users” on page 65

“Managing Groups” on page 84 “Preferred Databases” on page 100

“File Server” on page 103 “Roles” on page 107

“Security Templates” on page 118 “Renaming Users” on page 121

See the WorkSite Server Installation Guide for an introduction to using DBAdmin.

Managing Users

Each WorkSite database has its own list of validated users. To gain access to a database, the user must first be added to the list of validated users.

A user’s access to documents in the database is limited by the security status of documents (such as public or private), and the user’s membership in any groups that are defined for the database. A user’s role determines the user’s access to document management functions. See “Creating Roles” on page 110.

Users are differentiated into five types, based on the operating system that they use.

Microsoft Windows OS Domain Users. Users who access the database through Microsoft Windows. Database user IDs and full names must match those listed on the network for these users.

Novell NDS Users. Users who access the database through Novell NDS. Database user IDs

and full names must match those listed on the network for these users.

LDAP Directory Users. Users who access the database through directory services that use

the Lightweight Directory Access Protocol. Database user IDs and full names must match those listed on the directory service for these users.

Novell Bindery Users. Users who access the database through Novell Bindery. Database user IDs and full names must match those listed on the network for these users.

Virtual Users. Users entered directly into WorkSite and not synchronized or populated from another source.

The following actions can be performed in a User Information table using the DBAdmin tool:

Add users to a database selectively from lists of users on the network Change a user’s operating system type

Synchronize database user information with network information (except for LDAP users) Create new Virtual users and groups

Enable or disable the login feature for individual users

Purpose of the User Table

The user table is necessary to give users access to the database. Figure 26 shows how the user table functions in the WorkSite system.

Managing Users

User accounts are stored in the database. The WorkSite Server verifies each user’s login against accounts stored in the SQL database. It gives users access to those databases on which they are valid users.

Users log into the WorkSite Server but their account details are stored in the SQL database. Users only see the databases on which they have accounts.

Adding Users

To give users access to a database, you must first add them to the user information table for that database.

NOTE

Before you can add a Novell user, Windows user, or Novell NDS user to a database, the user must be defined as a user on the network. The Add User function in the DBAdmin tool only allows you to add Novell, Windows, or Novell NDS users who are already defined on the network.

To add users to a WorkSite database: 1. Start DBAdmin.

From the Windows Start menu, point to All Programs, then Autonomy and then select

iManage Database Administration.

2. Select the required database in the tree frame of the main program window. 3. Click the Database icon to display the information tables.

4. Select the User information table.

5. Click the Add icon from the toolbar or select Addfrom theManagemenu. The Add New Users dialog box is displayed (see Figure 27).

6. Click the appropriate tab for the type of user that you want to add, then enter the user’s information.

Adding Virtual Users

1. Select the required database in the tree frame of the main program window. 2. Click the Database icon and select the User information table. 3. Click the Add icon from the toolbar or select Addfrom theManagemenu.

The Add New Users dialog box is displayed. 4. Click the Virtual Users tab.

Figure 27 Add New Users dialog box, Virtual User tab

5. Under User Information, enter following information.

User ID: The user’s login ID. Full Name: The user’s full name. Location: The user’s PC location. Phone: The user’s telephone number. Ext: The user’s telephone extension. Fax: The user’s facsimile number. E-mail: The user’s e-mail address.

Managing Users

External Users. Select this option to designate this user as an external user, such as a

customer, part-time contractor, vendor or partner.By default, external users have limited privileges.

6. Enter a password for this user in the Password field and the Confirm Password field. You must enter the same password in both fields. There is no default password for new users. New users cannot be added with a blank password.

7. Select User Must Change Password at Next Logon to force this user to change their passwords the next time they connect to WorkSite.

8. Select Password Never Expires to exempt the user's password from the expiration settings. Use this option for system service accounts that should not expire rather than end-users.to prevent To specify the default number of days before passwords expire, see “Configuring WorkSite Database Options” on page 53.

NOTE

Autonomy does not recommend selecting Password Never Expires when adding users. 9. Click Add, then click Close to save the added user(s) and exit.

Adding Microsoft Windows OS Domain Users

The Add New Users dialog box is displayed.

Figure 28 Add New Users Dialog, Microsoft Windows OS Domain Users Tab

5. Select the appropriate domain from the List Users From list. 6. Select the user from the list of Domain Users.

7. Select the External Users option to designate this user as an external user, such as a customer, part-time contractor, vendor or partner. By default, external users have limited privileges.

8. Enter the password in the Password and Confirm Password fields to change the password that is assigned to all new users.

NOTE

There is no default password for new users. New users cannot be added with a blank password. You must enter a password in the Password and Confirm Password fields. 9. Select User Must Change Password at Next Logon. This option forces users to change

Managing Users

NOTE

Autonomy does not recommend selecting Password Never Expires when adding users. 10. Click Add after all the details are entered.

11. Click Close when finished adding users.

Adding Novell Bindery Users

The Add New Users dialog box is displayed. 4. Click the Novell Bindary Users tab.

Figure 29 Add New Users dialog box, Novell Bindery Users tab

5. Select the appropriate server from the List Users From list.

NOTE

The Novell Bindery Users tab displays users according to the server to which they are bound. If you want to add a user who is listed under a container object, use the Novell NDS Users tab.

6. To search through any list of users, click Find to perform a search. 7. Select the required user from the list of Domain Users.

8. Select the External Users option to designate this user as an external user, such as a customer, part-time contractor, vendor or partner. By default, external users have limited privileges.

9. Enter the password in the Password and Confirm Password fields to change the password assigned to all new users.

Managing Users

NOTE

There is no default password for new users. New users cannot be added with a blank password. You must enter a password in the Password and Confirm Password fields. 10. Select User Must Change Password at Next Logon. This option forces users to change

their passwords when they log in.

NOTE

Autonomy does not recommend selecting Password Never Expires when adding users. 11. Click Add, then click Close to save the added user(s) and exit.

Adding Novell NDS Users

To add Novell NDS users:

The Add New Users dialog box is displayed. 4. Click the Novell NDS Users tab.

Figure 30 Add New Users dialog box, Novell NDS Users tab

5. Select the server or container object in which the user is listed in the tree frame.

You can navigate between servers and container objects by selecting items in the tree frame. Each time you click an item in the tree frame, the list of users associated with that item are displayed in the table frame.

Figure 30 shows the Novell NDS Users tab with users from the NRT_OU container object displayed. Click the “..” in the tree frame to navigate up the tree.

6. Select the user from the list.

7. Select the External Users option to designate this user as an external user, such as a customer, part-time contractor, vendor or partner. By default, external users have limited privileges.

8. Enter the password in the Password and Confirm Password fields to change the password assigned to all new users.

Managing Users

NOTE

their passwords when they log in.

NOTE

Autonomy does not recommend selecting Password Never Expires when adding users. 10. Click Add, then click Close to save the added user(s) and exit.

Adding LDAP Directory Users

The Database Administration tool enables you to import users from an LDAP or Microsoft ADS server.

You can import all users contained in specific organizational units of the directory structure. WorkSite Server allows only user information to be imported; container information is not maintained.

NOTE

If you are adding more than a few LDAP Directory users from a common directory, Autonomy recommends that you use the Directory Service Synchronization Service described in

Chapter 11, “Directory Service Synchronization Service.” This service allows you to automate the import and synchronization of users from ADS or LDAP.

Adding LDAP Directory users is a multi-step process that requires you to know details about the LDAP Directory tree. You should be able to access the LDAP Directory server as an

administrator, and you will need to know the attributes used to store user information. The following steps describe how to add users from an LDAP Directory.

The Add New Users dialog box is displayed. 4. Click the LDAP Directory Users tab.

Figure 31 LDAP Directory Users Tab

Managing Users

Figure 32 LDAP Authentication Dialog

6. Under Directory Type, select Microsoft Active Directory or LDAP based on the type of directory service your organization uses.

7. Under Credentials, select one of the following options:

Use Sync Server Login—If you have WorkSite Directory Service Synchronization

installed, you can use the configuration information stored for the service to

authenticate with the LDAP server. You must have Directory Service Synchronization configured to communicate with the LDAP server to use this option. In the Sync Service Server field, enter the computer name where Directory Service Synchronization is installed.

Other Login—Use this option to manually authenticate with the LDAP Server. Enter

the fully qualified distinguished name of a user with administration privileges in the

User ID field and the user’s password in the Password field.

8. In the TCP port field, enter the port number that the LDAP server uses to communicate. The default port is 389.

9. In the LDAP Server field, enter the name of the server that is hosting the LDAP service. 10. Click OK. If the information entered is correct, the LDAP Attribute Mapping (User) dialog

Figure 33 LDAP Attribute Mapping (User) Dialog

The LDAP Attribute Mapping (User) dialog (as shown in Figure 33) allows you to map the attributes used to store user information in your LDAP directory to corresponding user data fields used by the WorkSite database.

Each field has a list of LDAP attributes that are commonly used to contain the data for the corresponding WorkSite field. If none of the options in the list are correct, you may enter the name of an attribute in the field.

11. In the Name field under Organizational Unit, select or enter the LDAP attribute that contains the names of the Organizational Unit (OU) containers on your LDAP Directory tree.

NOTE

If the LDAP attribute mapped to the Name field for a OU container returns a blank, that container will not be displayed in the Container column of the LDAP Directory Users tab. 12. In the User section, select or enter the LDAP attributes for each of the WorkSite properties

shown. Refer to Figure 33 for an example.

NOTE

If either of the LDAP attributes mapped to the Name or User ID fields for a user returns a blank, that user will not be displayed in the table frame of the LDAP Directory Users tab. 13. After completing the mapping of fields, click Update.

The LDAP Directory Users tab is displayed. If there are not too many directory objects (users) to display, all users that exist below the root level of the LDAP Directory are listed in the table frame.

Managing Users

Figure 34 Add New Users Dialog, LDAP Directory Users Tab

14. Select the server or container object in which the user is listed in the tree frame.

NOTE

To limit the number of users shown, refer to “Limiting the Number of Users Displayed” on page 80.

15. Select the user(s) to be added. Multiple users can be selected by using a Shift-click to select a continuous group or a Control-click to add individual users to those previously selected. 16. Select the External Users option to designate this user as an external user, such as a

customer, part-time contractor, vendor or partner. By default, external users have limited privileges.

17. Enter the password in the Password and Confirm Password fields to change the password assigned to all new users.

18. Select User Must Change Password at Next Logon. This option forces users to change their passwords when they log in.

NOTE

Autonomy does not recommend selecting Password Never Expires when adding users. 19. Click Add, then click Close to save the changes and exit.

Limiting the Number of Users Displayed

1. After completing the mapping of fields, if there are too many directory objects (users) to display, the following error message is displayed:

Figure 35 Too many directory objects warning

After you close the warning message, the LDAP Directory Users tab is displayed but the table frame is empty.

Managing Users

Figure 36 LDAP Directory Search Filter

3. Select the attribute to filter on in the LDAP Directory Search Filter dialog box:

Use Filter on Name Attribute. This check box applies search criteria against the

contents of the Full Name column in the user table.

Use Filter on Account Name Attribute. This check box applies search criteria against

the contents of the User ID column in the user table.

NOTE

Both attribute filters can be selected at the same time. When both filters are selected, the search criteria are treated as a logical AND operator. For an object to be displayed, it has to match both criteria.

4. Enter values for the Filter Value field(s). 5. Select the filter type:

Exact Match. The search object is returned only when there is an exact match with the

value entered in the Filter Value field.

Starts With. The search object is returned only when it begins with the value entered in

the Filter Value field.

6. Click OK to execute the search filter. The LDAP Directory Users tab is displayed with the results of the search.

Changing the Default Password

There is no default password for new users, and new users cannot be added with a blank password. Before you add users, you must set the password assigned to all new users when you add them to the database.

For each tab in the Add New Users dialog box, the Password and Confirm Password fields function to set the default password assigned to users being added from the current tab during this session.

All subsequent users added from the current tab after you set the default password will be assigned the new password. If you change tabs, you must enter a new default password for users being added in that window.

Editing User Information

There are two ways you can update information for users who have already been added to the database:

Synchronize users with the network. See “Synchronize Users” on page 83.

Edit information in the user information table for individual users.

To edit information for an individual database user:

1. Select the required WorkSite database and the user information table.

2. Select the user whose information you want to edit, and then click the Modify button in the toolbar.

Managing Users

Figure 37 Edit User Information Dialog

3. Make the required changes, then click OK. Refer to the online help by clicking Help for more information.

Synchronize Users

In addition to changing user information using the Modify command, you can update user

In document imanage WorkSite Server Administrator s guide (Page 65-125)