CentraSite 10.7 | CentraSite User’s Guide | User Management | Introduction to Users
 
Introduction to Users
Users are individuals that are known to CentraSite. To interact with a CentraSite registry, you must create a user account for that user in the registry. A user account specifies basic attributes such as the name, email address, and phone number for an individual and any other attributes you add.
User Authentication
Although CentraSite maintains its own database of user accounts, it authenticates users externally. By default, CentraSite authenticates users against the local operating system. However, this configuration is not suitable for an enterprise-wide implementation of CentraSite. When you deploy CentraSite for actual use within your enterprise, you need to configure it to authenticate users against a production-quality authentication system such as Active Directory or an LDAP server. You must complete this configuration step before you begin creating organizations and setting up users, groups, and roles.
CentraSite allows you to define multiple user repositories for authentication, but only one is the default at any given time. Users whose user names reside in the default authentication system can log on to CentraSite with their user names. Users whose user names are not in the default authentication system must log on to CentraSite with their user names prefixed by the Domain ID that was defined for the respective authentication system.
If you are working in a distributed environment, where one or more Application Server Tiers and a separate registry or repository are involved, you must configure CentraSite to use an external authentication system. If you are working in a mixed Windows and UNIX environment, CentraSite can use Active Directory or LDAP as the user repository for both. If the CentraSite registry or repository is installed on a UNIX or Linux system, you can only use Active Directory as the user repository if it is configured using the LDAP interface.
When you configure CentraSite to use Active Directory or LDAP for user authentication, you map the user metadata (for example, name, phone number, email address) from the authentication system to the User object in CentraSite. CentraSite imports this metadata from the external directory when you create an account for a user in CentraSite.
Note:
After the information is imported, CentraSite does not attempt to keep it synchronized with the authentication system. Any change of the external user management is not synchronized with CentraSite. If a user is removed from the external user management (for instance, on the operating system level) the corresponding CentraSite user is not automatically deactivated. The CentraSite user associated with a deleted external user must be deactivated manually in CentraSite.
Predefined Users
CentraSite comes with the two predefined user accounts.
*The DefaultUser is an internal user that owns all predefined objects installed with CentraSite . The default user exists for CentraSite's internal use. You cannot edit or delete this account. You cannot use the default user account to log on to CentraSite.
*The bootstrap user is the user who installed CentraSite. This user belongs to the Default Organization and becomes the initial Organization Administrator and Primary Contact for that organization. This user is also given the CentraSite Administrator role, which gives the user super admin privileges. You can assign these roles to other users later in the deployment process. Generally, the bootstrap user creates the initial set of organizations, but other users can perform this task if the bootstrap user adds those users to CentraSite and gives them the CentraSite Administrator role.
In an organization, you must at minimum identify the users below.
*Organization Administrators who perform administrative tasks for the organization, such as:
*Adding users to the organization.
*Defining groups and roles in the organization.
*Defining custom lifecycle models for the organization.
*Creating child organizations.
*Editing and deleting assets, policies, or lifecycle models that belong to the organization or its child organizations.
An organization must have at least one user in the Organization Administrator role. The same user can serve as Organization Administrator for multiple organizations.
*The Primary Contact for the organization. An organization has just one primary contact.
CentraSite also comes with a predefined user called the Guest user. Users with the Guest role can access the registry anonymously without a user account. By default, guests can only browse the asset catalog from CentraSite.
Login Users
Login users are defined in the user repositories that CentraSite uses for user authentication. Login users can log in to CentraSite's graphical UIs.
To create and manage users in an organization, you must belong to a role that has the Manage Users organization-specific permission. The Manage Users permission enables you to manage (create, view, edit, and delete) all users (including the groups and roles) within an organization.
Note:
Users that belong to a role that includes the Manage Organizations permission have the Manage User permission by implication.
Each user that you add within the context of a specific organization has permissions to access information within that organization, but does not have permission to access information belonging to any other organization.
Activating or Deactivating Users
An administrator can activate or deactivate a user account. Both active and inactive users exist in the registry, but only active users can log on to CentraSite, and only active users can be granted permissions and ownership of assets.
You generally deactivate users who leave the company or cease to be valid users of the registry. Inactive users retain ownership of assets they owned when they were active. They cannot be assigned to groups, and cannot be a part of the approval group. You can also create inactive users who are actors within your SOA environment but are not actual users of the registry. For example, you might model certain line-of-business managers as users in the CentraSite registry so that you can express associations between these individuals and various assets in the registry. Such users might never log on to CentraSite themselves, and do not require an account that is active and linked to the external authentication system. However, the registry will know of these users, so assets can be associated with them. Points-of-contact for external parties such as suppliers and distributors are additional individuals that you might want to model as inactive users.