Control User Access to Command Central
Command Central uses users, groups, and roles to authenticate users and determine the actions they can perform.
You can define users and groups in Command Central's internal user repository, or you can use users and groups from Lightweight Directory Access Protocol (LDAP) or Microsoft Active Directory (AD) acting as an LDAP server, or both. Command Central can work with multiple LDAP or AD user stores.
The permissions you set up for a Command Central apply across the entire landscape managed by that Command Central.
Software AG recommends defining and implementing your authorization model and then not changing it. In production, the only change that should occur is assigning users to groups, which is normally done when LDAP or AD is implemented.
Note: | You do not need to define users, groups, and roles for Platform Manager unless you are using third-party monitoring software that communicates directly with Platform Manager. In this case, add an internal user and assign a role that has canread permissions to that user. Use the instructions below, but forPlatform Manager instead of Command Central. |
1. Go to Environments > All.
2. On the Instances tab, click Command Central (CCE).
3. To add users:
a. Click the Configuration tab and then click Internal Users in the list of configuration types.
b. Click and provide the requested values. 4. To add groups:
a. Click Command Central Server on the left.
b. On the Configuration tab, click Internal Groups in the list of configuration types, and then click Edit.
5. To connect to LDAP:
a. Click Command Central (CCE) on the left.
b. On the Configuration tab, click LDAP in the list of configuration types.
c. Click and provide the requested values. 6. To add roles, and then assign them to groups and users:
a. Click Command Central Server on the left.
b. On the Configuration tab, click Security Roles in the list of configuration types, and then click Edit.