In this section:

About User Administration

Users with administrator privileges can access User Administration (pstsec), which is an interface for performing the following tasks:

  • Adding or removing users from the database
  • Defining user groups
  • Granting and managing user and user group permissions
  • Connecting to your organization's user directories (see Configuring LDAP)

Accessing the User Administration Module

Open one of the following addresses in your browser to access the User Administration module:

  • http://<host>:8080/pstsec for HTTP
  • https://<host>:8843/pstsec for HTTPS

By default, User Administration is configured to run on localhost. The User Administration module will automatically display the Users panel. Log in with user who has administrative access (or is member of EM Administrator group). Only administrators can access the instance of User Administration shipped with License Server. 

See Remote Authentication if you want to configure License Server to authenticate against an instance of User Administration deployed to a different machine

Do not modify the settings in the Groups or User Directories panels.

If you deployed the User Administration module shipped with CTP, you can access User Administration from the Security Configuration page:

  1. Choose Security Configuration from the administration menu (gear icon).
  2. Click the Browse User Administration on <host> link.

Default Admin User

The user appointed to manage your Parasoft infrastructure should have administrative permissions assigned at the beginning of the security configuration. Those permissions include the following:

  • Basic permissions (pstsec_basicAccess:true): If defined and set, it provides authorized access to the security module. This permission setting allows the administrator to edit defined users and permission groups.
  • Administration permissions (pstsec_administration:true): If defined and set, it enables the administrator editing privileges to modify Users section.

The administrative (admin) user already exists in the database. For security reasons, we recommend assigning administrative permissions to the selected user with a unique password.

Terminology

This section describes user-related terminology:

Permission

Permissions refer to the type of access a user has to a specific functionality. The permission format includes the applicable tool, name of the permission type, and permission value (tool:name:value). 

The following example gives a user provision access in CTP:

em:role:provision  

Permission applies to both Permission group and User.

Native Permissions

Permissions that have been explicitly granted to a permission group by an administrator.

Inherited Permissions

Permissions that are inherited from a parent permission group.

Permission Group

A permission group represents a set of permissions. Permission groups can contain multiple native permissions and can be children of multiple parent permission groups. You can enable/disable both native and inherited permissions in a group.

User

"User" refers to a regular system user. Each user can have multiple of permissions (native permissions) and can be a member of multiple permission groups.

Inherited user permissions are grouped and reflect the permission group hierarchies. Any permission can be disabled/enabled based on specific needs. Permissions inherited by a user from different permission groups are separated but linked with the individual permissions.

Permissions

Administrators can assign the following permissions. 

PSTSEC Permissions

PSTSEC permissions provide access to User Administration functionality. 

basicAccess

Required to log into User Administration. Provides ability to modify one's own personal data, but no one else’s.

Values:

  • true 
  • false 

administration

Grants right to edit and modify user and permission groups data.

Values:

  • true 
  • false 


EM Permissions

EM permissions (Environment Manager) provides access to Continuous Testing Platform and/or Environment Manager (legacy). Permissions for EM are role-based. Choose Role from the Name menu and assign one of the following roles:

administration

Grants access to all Environment Manager activities: testing privileges, provisioning environments, defining systems and environments, controlling access permissions, and test data management. See the Environment Manager User Guide for additional information.

system

Grants the ability to provision environments and to create and execute test jobs in Environment Manager. Appropriate permissions to the resources is required for both actions. This role also grants the ability to execute all repository actions on test data. See the Environment Manager User Guide for additional information.

provision

Grants the ability to provision environments for sources the user has access to in Environment Manager. This role also grants read-only access to test data. See the Environment Manager User Guide for additional information.

Built-in User Groups

To ease user and group configuration,User Administration includes an EM Administration and an EM Basic group. We recommend using the built-in groups as parents when you create your own groups. 

Built-in groups cannot be edited

You can create and manage custom groups (see Creating and Managing Groups), but the built-in groups cannot be changed.

  • No labels

Need assistance? Visit our support page