Users may be mapped to admin roles. Mapped admin-level users will have the same
privileges as Spectrum admin-level users, but they will display as non-admin users with
basic user role privileges.
You can edit the user privileges on the Security page in Spectrum Management Console to
display true privileges. Default admin share and user roles do not automatically apply
under Spectrum SSO implementation. To apply and display user role permissions, you must
set properties for any user that is mapped to the domain user group.
To establish system-wide access profiles, including that of Administrator
("Admin"):
-
Open the following file in a code editor:
SpectrumDirectory\server\conf\spring\security\spectrum-config-sso-sts.properties
-
Set the dynamic property to apply admin group permissions at Spectrum server startup:
spectrum.security.authentication.idpserver.admin.role=rolename
where rolename is the group name for users who will inherit system-level admin permissions.
-
Log in to the Spectrum JMX console, and search for this property:
com.pb.spectrum.platform.common.security.role:mappings=RoleMappings
This property manages the mapping of roles to all user groups.
-
Define the following:
| Parameter | Description |
|---|
addMapping |
In the value field, enter the SSO role value that you want to map to a Spectrum Technology Platform role. |
roleName |
Enter the Spectrum Technology Platform role that you want to map to the LDAP
attribute value. |
-
Click Invoke.
Users who have the SSO role will now be granted the role you specified after they log in to Spectrum Technology Platform at least one time.
-
To remove a mapping, enter the LDAP attribute you want to unmap in the
value field in the
removeMapping section.