Set up the Admin role

Users may be mapped to admin roles. Mapped admin-level users will have the same privileges as Spectrum admin-level users, but they will display as non-admin users with basic user role privileges.

You can edit the user privileges on the Security page in Spectrum Management Console to display true privileges. Default admin share and user roles do not automatically apply under Spectrum SSO implementation. To apply and display user role permissions, you must set properties for any user that is mapped to the domain user group.
To establish system-wide access profiles, including that of Administrator ("Admin"):
  1. Open the following file in a code editor:
    SpectrumDirectory\server\conf\spring\security\spectrum-config-sso-sts.properties
  2. Set the dynamic property to apply admin group permissions at Spectrum server startup:
    spectrum.security.authentication.idpserver.admin.role=rolename

    where rolename is the group name for users who will inherit system-level admin permissions.

  3. Log in to the Spectrum JMX console, and search for this property:
    com.pb.spectrum.platform.common.security.role:mappings=RoleMappings
    This property manages the mapping of roles to all user groups.
  4. Define the following:
    ParameterDescription
    addMapping In the value field, enter the SSO role value that you want to map to a Spectrum Technology Platform role.
    roleName Enter the Spectrum Technology Platform role that you want to map to the LDAP attribute value.
  5. Click Invoke.
    Users who have the SSO role will now be granted the role you specified after they log in to Spectrum Technology Platform at least one time.
  6. To remove a mapping, enter the LDAP attribute you want to unmap in the value field in the removeMapping section.