Page tree

Skip to end of metadata
Go to start of metadata

In this section:

About User Administration

Users with administrator privileges can access User Administration, which is an interface for performing the following tasks:

  • Adding or removing users from the database
  • Defining user groups
  • Granting and managing user and user group permissions
  • Connecting to your organization's user directories (see Configuring LDAP)

Choose User Administration from the settings drop-down menu to open the User Administration page:

There are two basic steps for managing users in DTP: 

  1. Adding users to the database. You can add users manually or sync DTP with your LDAP system, which imports users from your company directory into the database.  
  2. Configuring permission and groups. You can specify custom permissions for each user or add them to groups, which enables you to define a set of permissions once and add users accordingly.  

Default Admin User

The user appointed to manage your Parasoft infrastructure should have administrative permissions assigned at the beginning of the security configuration. Those permissions include the following:

  • Basic permissions (pstsec_basicAccess:true): If defined and set, it provides authorized access to the security module. This permission setting allows the administrator to edit defined users and permission groups.
  • Administration permissions (pstsec_administration:true): If defined and set, it enables the administrator editing privileges to modify Users section.

The administrative (admin) user already exists in the database. For security reasons, we recommend assigning administrative permissions to the selected user with a unique password.

Terminology

This section describes user-related terminology:

Permission

Permissions refer to the type of access a user has to a specific functionality. The permission format includes the applicable tool, name of the permission type, and permission value (tool:name:value). 

For example, the Report Center module in DTP is referred to as "grs", so the following permission grants access to Report Center data for a project called "Core":

grs:project:Core 

You can also user regular expressions to grant access based on project name patterns. For example, you could granting access to previous or future project versions:

grs:project:Core \d\.\d 

The permission in the example above grants access to projects "Core 1.0", "Core 1.1", and so on.

Permission applies to both Permission group and User.

Native Permissions

Permissions that have been explicitly granted to a permission group by an administrator.

Inherited Permissions

Permissions that are inherited from a parent permission group.

Permission Group

A permission group represents a set of permissions. Permission groups can contain multiple native permissions and can be children of multiple parent permission groups. You can enable/disable both native and inherited permissions in a group.

User

"User" refers to a regular system user. Each user can have multiple of permissions (native permissions) and can be a member of multiple permission groups.

Inherited user permissions are grouped and reflect the permission group hierarchies. Any permission can be disabled/enabled based on specific needs. Permissions inherited by a user from different permission groups are separated but linked with the individual permissions.

Permissions

Administrators can assign the following permissions. 

PST Permissions

PST permissions (Parasoft permissions) provide basic access to the core system.  

basicAccess

Required to login, but additional permissions are necessary to specify which features the user can access.

Values:

  • true 
  • false 

administration

Grants access to the DTP Control Center so that the user can deploy and manage DTP applications.

Values:

  • true 
  • false 

PSTSEC Permissions

PSTSEC permissions(Parasoft security) provide access to User Administration functionality. 

basicAccess

Required to log into User Administration. Provides ability to modify one's own personal data, but no one else’s.

Values:

  • true 
  • false 

administration

Grants right to edit and modify user and permission groups data.

Values:

  • true 
  • false 


GRS Permissions

GRS permissions (group reporting system) provide access to Report Center data, dashboards, source code, etc.  

basicAccess

Required to login to Report Center, but additional permissions are necessary to specify which features the user can access.

Values:

  • true 
  • false 

administration

Grants access to Report Center administration pages

Values:

  • true 
  • false 

editGlobalTestConfig

Setting to false to prevents users from editing global test configurations. If the permission is not set, project leaders will be able to edit global test configurations, but users with basic permissions will not be able to edit global test configurations.

Values:

  • true 
  • false 

project

Grants access to the data associated with a specific project. You can use a regular expression to grant access to related projects. For example, if grs:project:Core provides access to a project called Core, you can use the regular expression grs:project:Core \d\.\d to provide access to Core 1.0, Core 1.1, etc. projects.

Values:

  • <project name> 
  • <regex pattern> 

prioritizeAll

Enables the user to set the priority of violations associated with the project. Team default permission: Leader (leader inherits permissions from member).

Values:

  • <project name> 
  • <regex pattern> 

prioritizeOwner

Enables the user to set the priority of violations assigned to the user.

Values:

  • <project name> 
  • <regex pattern> 

viewSourceCode

Enables the ability to view source code associated with the project. Team default permission: Member.

Values:

  • <project name> 
  • <regex pattern> 

License Server Permissions

License Server permissions provide access to License Server functionality (see License Server). License Server is available as an integrated feature in DTP or as a standalone application.

basicAccess - Deprecated

This permission has been deprecated and will be removed in a future version of DTP.

administration

Grants access to License Server administration pages to perform license management functions, such as adding, removing, and reserving licenses.

Values:

  • true 
  • false

TCM Permissions

TCM permissions (team center manager) provides access to Team Server functionality (see Configuring Team Server).

basicAccess

Grants access to view Team Server configurations.

Values:

  • true 
  • false 

administration

Grants access to Team Server administration pages to manage stored data, such as grant/limit access to Team Server data, created sandboxes, and load test configuration.

Values:

  • true 
  • false


EM Permissions

EM permissions (Environment Manager) provides access to Continuous Testing Platform and/or Environment Manager (legacy). Permissions for EM are role-based. Choose Role from the Name menu and assign one of the following roles:

administration

Grants access to all Environment Manager activities: testing privileges, provisioning environments, defining systems and environments, controlling access permissions, and test data management. See the Environment Manager User Guide for additional information.

system

Grants the ability to provision environments and to create and execute test jobs in Environment Manager. Appropriate permissions to the resources is required for both actions. This role also grants the ability to execute all repository actions on test data. See the Environment Manager User Guide for additional information.

provision

Grants the ability to provision environments for sources the user has access to in Environment Manager. This role also grants read-only access to test data. See the Environment Manager User Guide for additional information.

Built-in User Groups

To ease user and group configuration,DTP provides a set of built-in groups that contain common permissions. We recommend using the built-in groups as parents when you create your own groups. 

Built-in groups cannot be edited

You can create and manage custom groups (see Creating and Managing Groups), but the built-in groups cannot be changed.

PST Basic Access

This group defines basic permissions. Each newly-created user is automatically assigned as a member of this group. The membership of this group allows users to login to Report Center, but it does not allow access to the administration controls within these modules. Additional permissions are required to perform any actions.

PST Administration

This group defines administration permissions. Members of this group are granted administration permissions for applications within DTP (Report Center, Team Server, License Server, and User Administration) and can manage data available through administration pages.

GRS Basic Permissions

This group defines basic permissions for Report Center. Members of this group can view specific legacy Report Center reports associated with the projects he or she is assigned to.

GRS Extended Permissions

This group defines extended permissions for Report Center. Members of this group can view specific legacy Report Center reports associated with the projects he or she is assigned to.

GRS Administrators

This group defines administration permission for Report Center. Members of this group can access administration pages for edits, modifications, and management.

  • No labels