In this section:
About User Administration
Users with administrator privileges can access User Administration, which is an interface for performing the following tasks:
- Adding or removing users from the database
- Defining user groups
- Granting and managing user and user group permissions
- Connecting to your organization's user directories (see Configuring LDAP)
Choose User Administration from the settings menu to open the User Administration page:
There are two basic steps for managing users in DTP:
- Adding users to the database. You can add users manually or sync DTP with your LDAP system, which imports users from your company directory into the database.
- Configuring permission and groups. You can specify custom permissions for each user or add them to groups, which enables you to define a set of permissions once and add users accordingly.
Default Admin User
The user appointed to manage your Parasoft infrastructure should have administrative permissions assigned at the beginning of the security configuration. Those permissions include the following:
- Basic permissions (
pstsec:basicAccess:true
): If defined and set, it provides authorized access to the security module. This permission setting allows the administrator to edit defined users and permission groups. - Administration permissions (
pstsec:administration:true
): If defined and set, it enables the administrator editing privileges to modify Users section.
The administrative (admin) user already exists in the database. For security reasons, we recommend assigning administrative permissions to the selected user with a unique password.
Terminology
This section describes user-related terminology:
Permission
Permissions refer to the type of access a user has to a specific functionality. The permission format includes the applicable tool, name of the permission type, and permission value (tool:name:value
).
For example, the Report Center module in DTP is referred to as "grs", so the following permission grants access to Report Center data for a project called "Core":
grs:project:Core
You can also user regular expressions to grant access based on project name patterns. For example, you could granting access to previous or future project versions:
grs:project:Core \d\.\d
The permission in the example above grants access to projects "Core 1.0", "Core 1.1", and so on.
Permission applies to both Permission group and User.
Native Permissions
Permissions that have been explicitly granted to a permission group by an administrator.
Inherited Permissions
Permissions that are inherited from a parent permission group.
Permission Group
A permission group represents a set of permissions. Permission groups can contain multiple native permissions and can be children of multiple parent permission groups. You can enable/disable both native and inherited permissions in a group.
User
"User" refers to a regular system user. Each user can have multiple of permissions (native permissions) and can be a member of multiple permission groups.
Inherited user permissions are grouped and reflect the permission group hierarchies. Any permission can be disabled/enabled based on specific needs. Permissions inherited by a user from different permission groups are separated but linked with the individual permissions.