Users may be mapped to admin roles. Mapped admin-level users will have the same
privileges as Spectrum admin-level users, but they will display as non-admin users with
basic user role privileges.
You can edit the user privileges on the Security page in Management Console to
display true privileges. Default admin share and user roles do not automatically apply
under Spectrum SSO implementation. To apply and display user role permissions, you must
set properties for any user that is mapped to the domain user group.
To establish system-wide access profiles, including that of Administrator
("Admin"):
-
Go to spectrum-config-sso-sts.properties, located in
SpectrumDirectory\..\server\conf\spring\security.
-
Within spectrum-config-sso-sts.properties file, set the dynamic property
to apply admin group permissions at Spectrum server startup:
spectrum.security.authentication.idpserver.admin.role=rolename,
where rolename is the group name for users who will inherit
system-level admin permissions.
-
Log in to the JMX console, and search for this property:
com.pb.spectrum.platform.common.security.role:mappings=RoleMappings.
This property manages the mapping of roles to all user groups.
-
Define these parameters:
- In the addMapping section, in the
value field, enter the SSO role
value that you want to map to a Spectrum™ Technology Platform
role.
- In the roleName field, enter the
Spectrum™ Technology Platform role that you want to map to the LDAP
attribute value.
- Click Invoke. Users who have the SSO
role will now be granted the role you specified after they log in to
Spectrum™ Technology Platform at least one time.
- To remove a mapping, enter the LDAP attribute you want to unmap in the
value field in the removeMapping section.