Novell iManager 2.7.5 Administration Guide - NetIQ

More documents

Recommendations

Info

NOTE: Novell iManager Role‐Based Services (RBS) grants rights based upon the Access Control List (ACL) capability of Novell eDirectory. The ACLs allow a trustee to be granted rights to a specific object or its subordinate objects. ACLs are not granted based upon specific object types. Each Novell iManager task defines its applicable object types and necessary ACLs. However, these ACLs allow the user to perform those operations with other object types through eDirectory APIs or other tools such as Novell ConsoleOne or NWAdmin. Use RBS to create specific roles within your organization. The roles contain tasks that an assigned user can perform within iManager, such as creating a new user or changing a password. Tasks are preassigned to roles but can be replaced, reassigned, or removed altogether. Furthermore, users are associated with roles in a specified scope, which is a container in the tree in which the user has the requisite permissions to perform a task. A role requires this threefold association of role, members, and scope to be complete. An RBS Role object creates an association between users and tasks. An administrator grants a user access to a task by making the user a member of the role to which the task is assigned. A user can be assigned to a role in the following ways: • Directly as a user • Through group and dynamic group assignments If a user is a member of a group or a dynamic group that is assigned to a role, then the user has access to the role. • Through organizational role assignments If a user is an occupant of a organizational role that is assigned a role, then the user has access to the role. • Through container assignment A User object has access to all of the roles that its parent container is assigned. This could also include other containers up to the root of the tree. A user can be associated with a role multiple times, each with a different scope. 6.1.1 RBS Objects in eDirectory The following table lists the RBS objects. iManager extends the eDirectory schema to include these objects when you install RBS. For more information, see “Installing RBS” on page 54. 52 Novell iManager 2.7.5 Administration Guide
Object rbsCollection Description A container object that holds all RBS Role and Module objects. rbsCollection objects are the uppermost containers for all RBS objects. A tree can have any number of rbsCollection objects. These objects have owners, which are users who have management rights over the collection. rbsCollection objects can be created in any of the following containers: • Country • Domain • Locality • Organization • Organizational Unit rbsRole Defining a role includes creating an rbsRole object and specifying the tasks that the role can perform. rbsRoles are container objects that can be created only in an rbsCollection container. Role members can be Users, Groups, Organizations, Organization Roles, or Organizational Units, and role members are associated to a role in a specific scope of the tree. The rbsTask and rbsBook objects are assigned to rbsRole objects. rbsTask rbsBook (aka Property Book) rbsScope A leaf object that holds a specific function, such as resetting login passwords. rbsTask objects are located only in rbsModule containers. A book is a leaf object that displays a group of pages that allow a user to view or modify the properties of an object or set of objects of the same type. Each page of the book has a tab that you click, to view a different page. A book object resides only in rbsModule containers and can be assigned to one or more roles and to one or more object class types. A leaf object used for ACL assignments (instead of making assignments for each User object). rbsScope objects represent the context in the tree where a role is performed and are associated with rbsRole objects. They inherit from the Group class. User objects are assigned to an rbsScope object. These objects have a reference to the scope of the tree that they are associated with. The objects are dynamically created when needed, then automatically deleted when no longer needed. They are located only in rbsRole containers. WARNING: Never change the configuration of an rbsScope object. Doing so has serious consequences and could possibly break the system. rbs Module Represents a container object that holds rbsTask and rbsBook objects. rbsModule objects have a module name attribute that represents the name of the product that defines the tasks or books (for example, eDirectory Maintenance Utilities, NMAS Management, or Novell Certificate Server Access). rbsModule objects can be created only in rbsCollection containers. Configuring and Customizing iManager 53
Page 1 and 2: www.novell.com/documentation Admini
Page 3 and 4: Contents About This Guide 7 1 Overv
Page 5 and 6: 6.3.1 Creating Reports . . . . . .
Page 7 and 8: About This Guide This guide describ
Page 9 and 10: 1 1Overview Novell iManager is a We
Page 11 and 12: 2 2Accessing iManager You access No
Page 13 and 14: 3 Save the changes and restart Tomc
Page 15 and 16: 2.5.5 Contextless Login Using Alter
Page 17 and 18: 3 3Navigating the iManager Interfac
Page 19 and 20: The iManager Header frame includes
Page 21 and 22: When a task is not selected, the Co
Page 23 and 24: 4 4Browsing Objects iManager lets y
Page 25 and 26: Tree View Content Frame Selecting o
Page 27 and 28: 4.1.3 Search IMPORTANT: The object
Page 29 and 30: Multiple Select / Single Select: Lo
Page 31 and 32: Object Search: Located on the left
Page 33 and 34: 5 5Roles and Tasks Selecting the Ro
Page 35 and 36: Figure 5-3 iManager’s Advanced Se
Page 37 and 38: Ignore: Is used not to update any c
Page 39 and 40: 3 Select Create an Alias in Place o
Page 41 and 42: 5.3.5 Move Group This link redirect
Page 43 and 44: 5.5.3 Moving a Partition Moving a p
Page 45 and 46: 5.6.2 Modifying Trustee Rights A tr
Page 47 and 48: 5.7.3 Viewing Class Information The
Page 49 and 50: 5.8 Users Managing users and their
Page 51: 6 6Configuring and Customizing iMan
Page 55 and 56: After the RBS collection is deleted
Page 57 and 58: NOTE: To select a role, select the
Page 59 and 60: A message appears: This operation w
Page 61 and 62: Defining/Modifying a Preferred Obje
Page 63 and 64: • “Exporting Custom Tasks” on
Page 65 and 66: 3 Specify a role and role scope to
Page 67 and 68: Printing Reports You can easily pri
Page 69 and 70: Plain Text: RBS Report Query Settin
Page 71 and 72: IMPORTANT: If you have installed iM
Page 73 and 74: 6.4.7 RBS Redirection After Logout:
Page 75 and 76: By default, the cipher level is set
Page 77 and 78: 6.6.2 Installed Novell Plug-in Modu
Page 79 and 80: 6.7.3 Customizing the Plug-In Downl
Page 81 and 82: 6.8.2 Task Event Notification Plug
Page 83 and 84: 7 7Preferences The Preferences view
Page 85 and 86: To avoid problems, in your Web brow
Page 87 and 88: 8 8Troubleshooting This section pro
Page 89 and 90: 8.1.2 HTTP 500 Errors If you receiv
Page 91 and 92: 8.3 Deleting and Re-creating User A
Page 93 and 94: Edit the configiman.properties file
Page 95 and 96: Table 8-1 Stopping and Starting Tom
Page 97 and 98: For iManager Standalone: 1 Log out
Page 99 and 100: 8.22 iManager and LDAP Use Differen
Page 101 and 102: 9 9Auditing iManager Events Use Nov
Page 103 and 104:
18 Click Configure > iManager Serve
Page 105 and 106:
10 10Best Practices and Common Ques
Page 107 and 108:
10.4.2 Linux To view or capture the
Page 109 and 110:
10.7.2 Role Assignments If you have
Page 111 and 112:
A AiManager Security Issues This se
Page 113 and 114:
A.3 iManager Authorized Users and G
Page 115 and 116:
B BNovell Plug-in Modules iManager
show all

Novell iManager 2.7.5 Administration Guide - NetIQ

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?