Use these instructions to create repository users.
Before you create users, determine what type of authentication the server uses. If the server authenticates users against the operating system, each user must have an account on the server host.
If the server uses an LDAP directory server for user authentication, the users do not need to have operating system accounts.
If the repository is the governing member of a federation, a new user can be a global user. Global users are managed through the governing repository in a federation, and have the same property values in each member repositories within the federation. If you add a global user to the governing repository, that user is added to all the member repositories by a federation job that synchronizes the repositories.
You must have sysadmin or superuser privileges to create users. Superusers and sysadmins cannot modify their own extended privileges.
If a user is authenticated by an LDAP server, only a Superuser can modify the user’s LDAP-mapped properties.
When you create users who will be managed by an LDAP server:
In 5.2.5x repositories, the user_name, user_os_name, and user_address properties of the dm_user object must have non-null values.
In 5.2.5x repositories, the user_name and user_os_name properties of the dm_user object must have unique values.
In 5.3 and later repositories, the user_name, user_login_name, and user_address properties of the dm_user object must have non-null values.
In 5.3 and later repositories, the user_name and user_login_name properties of the dm_user object must have unique values.
For information about each property, see User properties. For more information about users, refer to “Users and Groups” in the Content Server Administrator’s Guide.
To create new users:
Connect to the repository where you want to create new users.
Click Administration.
Click User Management.
Click File>New>User.
Choose a state for the user.
Active
The user is a currently active repository user. Active users are able to connect to the repository.
Inactive
The user is not currently active in the repository. Inactive users are unable to connect to the repository. A user may be made inactive because of multiple authentication failures or through resetting the state manually. Repositories of version 5.3 and later may be configured so that a user is automatically activated after being inactivated. Refer to the chapter on users in the Content Server Administration Guide for information on how to configure this.
Locked
The user is unable to connect to the repository. A sysadmin or superuser must set a user to this state manually and must manually take a user out of this state.
Locked and inactive
The user is inactive and unable to connect to the repository. A sysadmin or superuser must set a user to this state.
If the user is a superuser, only another superuser can reset the user’s state.
In the Name field, type the user’s name.
The user name cannot be changed after it is assigned. To change a user’s name, you must create a new user with the new name, then assign the existing user’s objects to the new user. For instructions on reassigning objects to a different or new user, refer to Reassigning objects to another user.
If available, type the User Login Name. This is the login name used for authenticating a user. If the user is an operating system user, the user login name must match the user’s operating system name. If the user is an LDAP user, the user login name must match the LDAP authentication name.
If available, type the User Login Domain. This field identifies the domain in which the user is authenticated. It is typically a Windows domain or the name of the LDAP server used for authentication.
Select a User Authentication Source from the list. Depending on the operating system, some or all of the following choices are available:
None
LDAP: The user is authenticated by an LDAP server.
Password: The user must provide a password that is stored only in the repository. There is no external authentication.
UNIX only: Select this for the default UNIX user authentication.
Domain only: Select this if the repository has Windows domain authentication enabled and the user must be authenticated against a domain.
UNIX first: Select this if the repository has Windows domain authentication enabled and the user must be authenticated first against UNIX, then against a domain.
Domain first: Select this if the repository has Windows domain authentication enabled and the user must be authenticated first against a domain, then against UNIX.
Password: The user must provide a password that is stored only in the repository. There is no external authentication.
If Password was selected, type in the user’s password. The password is encrypted and stored in the repository. This must be provided manually for users added using an imported LDIF file.
Type the user’s email address. This is the address to which notifications are sent for workflow tasks and registered events.
In the User OS Name field, type the user’s operating system user name. This is the user’s repository user name and is required in 5.2.5 repositories.
In the Windows Domain field, type the user’s Windows domain.
If the repository is on a Windows host, type the domain.
If the repository is on a UNIX host and you have a domain map set up in order to use Windows domain authentication, browse to the correct domain.
Select a home repository for the user.
If the user is being created in the governing repository of a federation, check User is global if you want the user and the user’s properties to be propagated to all members of the federation.
To use an existing repository folder as the user’s default folder:
Click Choose existing folder.
Click Select Folder.
Locate the correct folder.
Select the folder.
Click OK.
To create a folder with the user’s name, click Choose/Create folder with user name.
To restrict the user’s repository access to particular folders or cabinets:
If no folders are chosen, the user has access to all folders and cabinets in the repository, subject to the permissions on those cabinets and folders and subject to folder security.
Click Select.
Locate the folders or cabinets to which the user will have access.
Select the folders or cabinets.
Click OK.
Perform the last two substeps on each page where there is a folder or cabinet to which the user will have access.
Click Select Group and select a default group for the user.
Click Select Permission Set and select a default permission set for the user.
To provide a DB Name, which is the username in the RDBMS, type the name in the DB Name field. The DB Name is required only if the user will be a repository owner or a user who registers RDBMS tables.
Select the user’s privileges from the list. User privileges authorize certain users to perform activities that are required to administer and maintain the system. The privilege levels are:
None
Create Type
Create Cabinet
Create Cabinet and Type
Create Group
Create Group and Type
Create Group and Cabinet
Create Group, Cabinet, and Type
System Administrator
Superuser: If you grant superuser privileges to a user after installing or upgrading a repository or after manually running the toolset.ebs script, add that user manually to the group called admingroup. If you revoke a user’s superuser privileges, remove the user from the admingroup.
Select the user’s extended privileges from the list. Extended privileges determine whether the user can configure auditing, view audit trails, and purge audit trails. Superusers and sysadmins cannot modify their own extended privileges. Select one of the following:
None
The user cannot configure auditing, view audit trails, or purge audit trails.
Config audit
The user can configure auditing.
Purge audit
The user can purge existing audit trails.
Config and Purge Audit
The user can configure auditing and purge existing audit trails.
View Audit
The user can view audit trails.
Config and View Audit
The user can configure auditing and view existing audit trails.
View and Purge Audit
The user can view existing audit trails and purge them.
Config, View, and Purge Audit
The user can configure auditing and view and purge existing audit trails.
Select the user’s client capability. Select the user type:
Consumer
Contributor
Coordinator
System Administrator
Content Server does not recognize or enforce these settings. For information about client capability levels, see the documentation for each client product.
Click Select Alias Set and select a default alias set for the user.
To indicate that the user is not available to receive workflow tasks, check Workflow Disabled.
To allow the user more login attempts than the limit set in the repository config object, check Turn off authentication failure checking.
Click OK.
The new user is created.