Command Central 10.11 | Getting Started with Command Central | Additional Configuration for Command Central in a Production Environment | Control User Access to Command Central
 
Control User Access to Command Central
Restrict access to the Command Central host machine to Command Central users. This is especially important if you are using Command Central to manage production environments.
Command Central uses users, groups, and roles to authenticate users and determine the actions they can perform. Command Central supports read, write, execute, and password read permissions.
You can define users and groups in Command Central's internal user repository, or you can use users and groups from Lightweight Directory Access Protocol (LDAP) or Microsoft Active Directory (AD) acting as an LDAP server, or both. Command Central can work with multiple LDAP or AD user stores.
The permissions you set up for a Command Central apply across the entire landscape managed by that Command Central, which means that a user or group has the same permissions for all environments managed by that Command Central. If you want a user or group to have different permissions for different environments, install a Command Central to manage each environment.
Software AG recommends defining and implementing your authorization model and then not changing it. In production, the only change that should occur is assigning users to groups, which is normally done when LDAP or AD is implemented.
Note:
You do not need to define users, groups, and roles for Platform Manager unless you are using third-party monitoring software that communicates directly with Platform Manager. In this case, add an internal user and assign a role that has canread permissions to that user. Use the instructions below, but forPlatform Manager instead of Command Central.
1. To add users, go to Environments > All > Instances > CCE > Configuration > Internal Users, click the plus icon, and provide the requested values.
2. To add groups, go to Environments > All > Instances > CCE > Command Central Server > Configuration > Internal Groups and click Edit.
3. If you want to connect to LDAP, go to Environments > All > Instances > CCE > Configuration > LDAP, click the plus icon, and provide the requested values.
4. To add roles, and then assign them to groups and users, go to Environments > All > Instances > CCE > Command Central Server > Configuration > Security Roles and click Edit.