Users and user groups are mapped to their respective roles by IDs.
These IDs consist of a three-part string in the form:
Type:Domain\Name
Where:
Type—Specifies the type of security authority that is used to authenticate the user or group. Possible types are:
L—Indicates a user or group that LDAP authenticates. In this case, Domain specifies the domain controller on the LDAP server. For example:
L:danube.com\Finance
Indicates that user group Finance logged in through the domain controller danube.com
C—Indicates a user or group that the Unisphere server authenticates. For example:
C:Boston\Legal
Indicates that user group Legal logged in through Unisphere server Boston
H—Indicates a user or group that is authenticated by logging in to a local account on a Windows host. In this case, Domain specifies the hostname. For example:
H:jupiter\mason
Indicates that user mason logged in on host jupiter
D—Indicates a user or group that is authenticated by a Windows domain. In this case, Domain specifies the domain or realm name. For example:
D:sales\putman
Indicates that user
putman has logged in through a Windows domain sales.
Name—specifies the username relative to that authority. It cannot be longer than 32 characters, and spaces are allowed if delimited with quotes. Usernames can be for individual users or user groups.
Within role definitions, IDs can be either fully qualified (as shown above), partially qualified, or unqualified. When the Domain portion of the ID string is an asterisk (*), the asterisk is treated as a wildcard, meaning any host or domain.
The Domain portion of the ID must be fully qualified when configuring group access.
For example:
D:ENG\jones—Fully qualified path with a domain and username (for individual domain users)
D:ENG.xyz.com\ExampleGroup—Fully qualified domain name and group name (for domain groups)
D:*\jones—Partially qualified that matches username
jones with any domain
H:HOST\jones—Fully qualified path with a hostname and username
H:*\jones—Partially qualified that matches username
jones within any host
jones—Unqualified username that matches any
jones in any domain on any host
If a user is matched by more than one mapping, the user authorization mechanism uses the more specific mapping. If an exact match (for example,
D:sales\putman) is found, that is used. If a partial match (for example,
D:*\putman) is found, that is used. If an unqualified match (for example,
putman) is found, that is used. Otherwise, the user is assigned a role of None.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\