In this section:

About User Administration

Users with administrator privileges can access the user administration page, which is an interface for performing the following tasks:

  • Adding or removing users from the database
  • Defining user groups
  • Granting and managing user and user group permissions
  • Connecting to your organization's user directories (see Configuring LDAP)

Choose User Administration from the settings drop-down menu to open the User Administration page:

There are two basic steps for managing users in DTP: 

  1. Adding users to the database. You can add users manually or sync DTP with your LDAP system, which imports users from your company directory into the database.  
  2. Configuring permission and groups. You can specify custom permissions for each user or add them to groups, which enables you to define a set of permissions once and add users accordingly.  

Default Admin User

The user appointed to manage your Parasoft infrastructure should have administrative permissions assigned at the beginning of the security configuration. Those permissions include the following:

  • Basic permissions (pstsec_basicAccess:true): If defined and set, it provides authorized access to the security module. This permission setting allows the administrator to edit defined users and permission groups.
  • Administration permissions (pstsec_administration:true): If defined and set, it enables the administrator editing privileges to modify Users section.

The administrative (admin) user already exists in the database. For security reasons, we recommend assigning administrative permissions to the selected user with a unique password.

Terminology

The following table defines user-related terminology:

Permission

Permissions refer to the type of access a user has to a specific functionality. The permission format includes the applicable tool, name of the permission type, and permission value (tool:name:value).

For example, the following permission grants access to Report Center data for a project called ’Core’:

grs:project:Core

You can also user regular expressions to grant access based on project name patterns. For example, you could granting access to previous or future project versions:

grs:project:Core \d\.\d

The permission in the example above grants access to projects ’Core 1.0’, ’Core 1.1’, and so on.

Permission applies to both Permission group and User.

Native PermissionsPermissions granted to a permission group.
Inherited PermissionsPermissions inherited from a parent permission group.
Permission Group

Set of permissions. Permission groups can have multiple native permissions. Additionally, each permission group can have multiple parent permission groups.

It is possible to enable/disable both Native and Inherited Permission in permission groups, which is useful when you build an extended hierarchy but only need specific permissions from inherited ones.

User

Regular system user. Each user can have multiple of permissions (Native Permissions) and can be a member of multiple permission groups.

The Inherited Permissions for a user are grouped and reflect the permission groups hierarchies. Any permission can be disabled/enabled based on specific needs. Permissions inherited by a user from different permission groups are separated but linked with the individual ones.

Permissions

Administrators can assign the following permissions. 

PST Permissions

PST permissions (Parasoft permissions) provide basic access to the core system.  

Permission NameValueDescription
basicAccess

true

false

Required to login, but additional permissions are necessary to specify which features the user can access.
administration

true

false

Grants access to the DTP Control Center so that the user can deploy and manage DTP applications.

PSTSEC Permissions

PSTSEC permissions (Parasoft security) provide access to user and user group management functionality. 

Permission NamePossible ValuesDescription
basicAccess

true

false

Required to login to the DTP Security application (User Administration component). Provides ability to modify one's own personal data, but no one else’s.
administration

true

false

Grants right to edit and modify user and permission groups data.

GRS Permissions

GRS permissions (group reporting system) provide access to Report Center data, dashboards, source code, etc.   

Permission NamePossible ValuesDescription
basicAccess

true

false

Required to login to Report Center, but additional permissions are necessary to specify which features the user can access.
administration

true

false

Grants access to Report Center administration pages
editGlobalTestConfig

true

false

Set to false to prevent users from editing global test configurations.

If not set, project leaders will be able to edit global test configurations, but users with basic permissions will not be able to edit global test configurations.

project

[project name]

regex pattern

Grants access to the data associated with a specific project. You can use a regular expression to grant access to related projects. For example, if grs:project:Core provides access to a project called Core, you can use the regular expression grs:project:Core \d\.\d to provide access to Core 1.0, Core 1.1, etc. projects.
prioritizeAll

[project name]

regex pattern

Enables the user to set the priority of violations associated with the project. Team default permission: Leader (leader inherits permissions from member)

prioritizeOwner

[project name]

regex pattern

Enables the user to set the priority of violations assigned to the user.
viewSourceCode

[project name]

regex pattern

Enables the ability to view source code associated with the project. Team default permission: Member.

License Server Permissions

License Server permissions provide access to License Server functionality (see License Server). License Server is available as an integrated feature in DTP or as a standalone application.

Permission NamePossible ValuesDescription
basicAccess

true

false

Grants access to view License Server configuration pages.
administration

true

false

Grants access to License Server administration pages to manage licenses (add, remove, reserved, and so on).

TCM Permissions

TCM permissions (team center manager) provides access to Team Server functionality (see Configuring Team Server).

Permission NamePossible ValuesDescription
basicAccess

true

false

Grants access to view Team Server configurations.
administration

true

false

Grants access to Team Server administration pages to manage stored data, such as grant/limit access to Team Server data, created sandboxes, and load test configuration.

EM Permissions

EM permissions (Environment Manager) provides access to Continuous Testing Platform and/or Environment Manager (legacy). 

Permission NamePossible ValuesDescription
role

administration

Grants access to all Environment Manager activities: testing privileges, provisioning environments, defining systems and environments, controlling access permissions, and test data management. See the Environment Manager User Guide for additional information.
rolesystemGrants the ability to provision environments and to create and execute test jobs in Environment Manager. Appropriate permissions to the resources is required for both actions. This role also grants the ability to execute all repository actions on test data. See the Environment Manager User Guide for additional information.
roleprovisionGrants the ability to provision environments for sources the user has access to in Environment Manager. This role also grants read-only access to test data. See the Environment Manager User Guide for additional information.

Built-in User Groups

To ease user and group configuration, DTP provides a set of built-in groups that contain common permissions. We recommend using them as parents when you create your own groups. 

Built-in groups cannot be edited

You can create and manage custom groups (see Creating and Managing Groups), but the built-in groups cannot be changed.

PST Basic Access

This group defines basic permissions. Each newly-created user is automatically assigned as a member of this group. The membership of this group allows users to login to Report Center, but it does not allow access to the administration controls within these modules. Additional permissions are required to perform any actions.

PST Administration

This group defines administration permissions. Members of this group are granted administration permissions for applications within DTP (Report Center, Team Server, License Server, and User Administration) and can manage data available through administration pages.

GRS Basic Permissions

This group defines basic permissions for Report Center. Members of this group can view specific legacy Report Center reports associated with the projects he or she is assigned to.

GRS Extended Permissions

This group defines extended permissions for Report Center. Members of this group can view specific legacy Report Center reports associated with the projects he or she is assigned to.

GRS Administrators

This group defines administration permission for Report Center. Members of this group can access administration pages for edits, modifications, and management.

  • No labels