Overview

You can create any number of users and user groups for UDMG and you can assign any user to any user group.

The permissions assigned to each user and group determine the level of access to UDMG functions.

You can assign any permission to any user or any user group. If you assign a user to a group, the user inherits all permissions assigned to that group.

Default Users and Groups

Default User

The default user is admin. It is granted all permissions and assigned to the default group.

Default Group

The default user group is Generic. It is assigned to the default Business Service and has no permission by default.

It is assigned to a user when no other user groups are explicitly assigned or when the last user group assignment is removed.

Adding a User

You must have Write User permissions to add users.

By default, a new user has no permissions. Until permissions are granted, users can log into the UDMG user interface and view options in the Menu but cannot perform any tasks.

User Details

The following User Details are for an existing user. See the field descriptions below for the fields displayed in the User Details.

User Details Field Descriptions

The following table describes the fields, buttons, and tabs displayed in the User Details.

Field Name	Description
Details	The section contains detailed information about the user.
Username	Log in ID for the user.
Password	Password of the user. Click the Change Password checkbox to update the password value.
Icons	The section identifies the icons displayed above and below the User Details that let you perform various actions.
Save ()	Saves the User record in the database.
New ()	Displays empty (except for default values) User Details for creating a new record.
Delete ()	Deletes the current record.
Refresh ()	Refreshes any dynamic data displayed in the User Details.
Tabs	The section identifies the tabs across the top of the User Details that provide access to additional information about the user.
User	Enter and display the username and password.
Permissions	Allows you to assign permissions to the user.
Member of Group	Allows you to assign the user to one or more groups.

Adding a User Group

You must have Write User permissions to add groups.

A group is a collection of users. You can assign privileges/permissions to groups or users.

Any user assigned to a group inherits permissions assigned to that group.

Group Details

The following Group Details are for an existing group. See the field descriptions below for the fields displayed in the Group Details.

Group Details Field Descriptions

The following table describes the fields, buttons, and tabs displayed in the Group Details.

Field Name	Description
Details	The section contains detailed information about the group.
Name	Name of the group.
Description	Description of the record. It can contain a maximum of 1,000 characters.
Business Service	The name of the Business Service that is linked to the user group. The permissions defined for the group apply only to the records assigned to the Business Service.
Icons	The section identifies the icons displayed above and below the Group Details that let you perform various actions.
Save ()	Saves the record in the database.
New ()	Displays empty (except for default values) Group Details for creating a new record.
Delete ()	Deletes the current record.
Refresh ()	Refreshes any dynamic data displayed in the Group Details.
Tabs	The section identifies the tabs across the top of the Group Details that provide access to additional information about the group.
Group	Enter and display the group name and description.
Permissions	Allows you to assign permissions to the group.
Group Members	Allows you to assign users to the group.

Assigning Users to Groups

You can assign users to groups from a User record and from a Group record.

Step 1	Open the User or Group record.
Step 2	Click the Group Members (or Member of Group) tab. For a user, a list of all groups to which the user is assigned displays: For a group, a list of all users assigned to the group displays:
Step 3	For a user: Click Pencil icon (Edit) to display an Edit Groups pop-up that allows you to assign the user to existing groups. For a group: Click Pencil icon (Edit) to display an Edit Members pop-up that allows you to assign existing users to the group.
Step 4	To assign a user to a group, move the user/group from the left window to the right window: To move a single entry, click it once and then click the > arrow. To move multiple entries, Ctrl-click them and then click the > arrow. To move all entries, click the >> arrow. To unassign the user to a group, move the user/group from the right window to the left window: To move a single entry, click it once and then click the < arrow. To move multiple entries, Ctrl-click them and then click the < arrow. To move all entries, click the << arrow.
Step 6	Click Save changes.

Assigning Permissions to Users or Groups

Permissions control user access to specific types of UDMG records, such as server or partner, and the functions that can be performed for those record types, such as Create or Delete.

You can further narrow down which permissions are applied to each record with the creation of a Business Service and/or User Group. The User Group grants permissions to the object in the Business Service.

The user permissions have the highest priority. For instance, if a user has Server Write permissions, then the user can always update any server without considering any Business Service or User Group permission.

This is to avoid a user lockout situation. If a user is locked out because of complex group permission records, the user can be unlocked by granting the relevant user permission.

To add permissions to a user or group:

Step 1

Open a User or Group record.

Step 2

Click the Permissions tab. A list of permissions assigned to the user / group displays.

For example, for a User record:

For example, for a Group record:

Step 3

Select permissions for the selected user or group using the toggles.

The permissions available differ depending on the Type of permission that you select.
Available permissions are Read, Write, and Delete.

For Transfers record types, Delete is not available.

Types of Permissions

This section identifies the different types of permissions that can be added to a user or group.

Permission Type	Description
servers	Handling of local Server records.
sharedAccounts	Handling of Shared Accounts records.
partners	Handling of Partner records.
rules	Handling of Transfer Rule records.
transfers	Handling of Transfers: Read: retrieve status of current or past transfer. Write: Initiate, pause, resume, cancel, or retry a transfer.
users	Management of users and access rights. The permission applies for handling User, Group, and Business Service records.
pgp	Handling of PGP Key records.
administration	System Administration.
audit	Handling of audit records.