Administrator's Guide



Chapter 6   Setting Up Users and Groups

This chapter describes how to add users and groups for SilverStream Security.

It contains sections on:

NOTE   This chapter covers defining Silver Security users and groups, that is, users and groups known only to SilverStream. SilverStream also provides access to external security providers, including Windows NT, LDAP, NIS+, and certificate issuers. For information about setting up access to users and groups from these providers, see Accessing security provider systems.

About Silver Security users and groups   Top of page

You can define Silver Security users and groups. These users and groups are known only by SilverStream. For example, you might want to define groups based on your site's organization--such as Accounting, Sales, and so on--and assign users to those groups. The groups can contain Silver Security users as well as users defined in external security realms. Users can belong to multiple groups.

After you define Silver Security users and groups, you can define access to any directories or objects in the system based on the Silver Server users and groups. For example, you might want to set certain permissions for members of the Accounting group and other permissions for members of the Developers group.

    For more information about using users and groups to set data permissions, see Setting up access control.

Predefined user and groups

SilverStream provides two predefined groups and one predefined user:

Group

Predefined user in group

Administrators

Administrator, with the password admin.

By default, the Administrator has the Locksmith privilege, which includes the ability to add new users and groups. See Using the Locksmith privilege.

Developers

Administrator

These groups have no special status; you can delete them.

Case sensitivity

User names within SilverStream are case-insensitive if the SilverMaster database is case-insensitive. If this is the situation, administrator and Administrator are considered the same name. If SilverMaster is case-sensitive, so are user names.

Passwords are always case-sensitive, so admin and Admin are considered different passwords.

NOTE   For security purposes, you should change the administrator's password.

Managing Silver Security users and groups   Top of page

You can use the SMC to add Silver Security users, edit user properties, and add Silver Security groups.

NOTE   You can also perform these tasks using SilverCmd. For more information, see SetUserGroupInfo in the SilverCmd chapter of the online Tools Guide.

Adding Silver Security users   Top of page

To add a user:

  1. Invoke the SMC.

  2. Select Security options.

  3. Select the Users & Groups panel.

  4. Expand Silver Security and select Users.

  5. Choose the New User icon at the bottom of the right pane.

    You are asked whether you want to define a SilverStream user or a certificate user.

  6. Select SilverStream user and click Next.

        For information on defining certificate users, see Manually installing client certificates.

    The New User form appears.

  7. Type in the appropriate information in each field.

    The Name field specifies the short name for the user. This is the name the user types in the Login box.

  8. After completing the form, click Finish.

Editing user properties   Top of page

You can use the SMC to change user properties (for users defined in external security providers, the only editable property is the Locksmith privilege; for more information, see Using the Locksmith privilege).

Not allowing users to modify their properties

By default, users can change their own user properties. You can turn off this privilege. For more information about this privilege, see Enabling authentication.

To edit user properties:

  1. Invoke the SMC.

  2. Select Security options.

  3. Select the Users & Groups panel.

  4. Expand the Silver Security list of users.

  5. Highlight a user name and choose the Property Inspector .

    The following dialog appears.

  6. Modify any of the four editable fields.

    The "Fully qualified name" field corresponds to the Name field used to create the user. This field is not editable.

  7. If you have Locksmith privileges, you can also change whether the user you are modifying has Locksmith privileges.

        For more information, see Using the Locksmith privilege.

  8. Click OK.

Adding Silver Security groups   Top of page

Creating groups helps streamline security administration by allowing you to categorize users within a larger context, such as a business organizational unit or a work role. A user can belong to one or more user groups within a SilverStream database, and can be granted access to objects by group or individual status.

To create a group:

  1. Invoke the SMC.

  2. Select Security options.

  3. Select the Users & Groups panel.

  4. Expand Silver Security and select Groups.

  5. Choose the New Group icon. The following dialog appears.

  6. Enter a name and a description for the group.

  7. Click OK.

To add users to a group:

  1. Invoke the SMC.

  2. Select Security options.

  3. Select the Users & Groups panel.

  4. Expand Silver Security and expand Groups.

  5. Select the SilverStream group to which you want to add users.

  6. Choose the Add Users to Group icon.

    The following dialog displays.

    NOTE   Your dialog might look different depending on which external security providers you have configured and the operating system used by the SilverStream Server. For more information, see Accessing security provider systems.

  7. To add a user to the group, select the user in the left panel, then choose Add.

    You can add users defined by external security providers, such as NT domains, to Silver Security groups.

  8. To remove a selected user choose Clear.

  9. To remove all users in the group choose Clear All.

  10. When finished, click Close.

Using the Locksmith privilege   Top of page

The SilverStream-defined user Administrator has the Locksmith privilege by default. The Locksmith privilege allows users to do the following:

NOTE   Since the Locksmith privilege provides powerful access to server functions and properties, you should limit it to yourself and other trusted users.

Be careful not to delete all users with the Locksmith privilege: A user must have Locksmith privilege to grant it to someone else. So if no one has that privilege, it cannot be granted. If you find yourself in that situation, you can run SilverMasterInit with the -l command-line option to define a Locksmith account.

    For more information, see Using the SilverMasterInit program.






Copyright © 2000, SilverStream Software, Inc. All rights reserved.