| Oracle® Calendar Administrator's Guide 10g Release 1 (10.1.2) Part Number B25485-05 |
|
|
View PDF |
| Oracle® Calendar Administrator's Guide 10g Release 1 (10.1.2) Part Number B25485-05 |
|
|
View PDF |
This chapter describes the different tasks involved in managing user accounts within a calendar server node. Whether user information is stored internally or in an LDAP directory, the administrative procedures required are similar.
This chapter contains the following sections:
Administrators of installations using LDAP directories must be familiar with user creation and management on their directory server, or should refer to the appropriate online Help. In an external directory context, users are generally added to calendar server nodes from the directory server, but it is also possible to migrate existing information from a calendar node to a directory server.
When Oracle Calendar server is deployed with Oracle Collaboration Suite, different provisioning models are available to help manage user account creation on the Calendar server. The provisioning models offer the flexibility of choosing either Oracle on-demand account creation, bulk account creation or notification-based account creation.
On-Demand Provisioning
In this on-demand provisioning model, the Oracle Calendar server creates a Calendar account when the user accesses the Oracle Calendar server for the first time. When the user logs in through Single Sign-On, and selects Calendar, the account is automatically created. To control whether on-demand provisioning is enabled, consult the [ENG] ondemandprov_enable parameter. For more information about this parameter, see "Calendar Server Parameters" in Chapter 3 of Oracle Calendar Reference Manual.
Bulk Provisioning
This bulk provisioning model is widely used in an environment where Calendar is being deployed with a populated Oracle Internet Directory. Bulk provisioning is a manual policy, initiated by the person administering the Calendar server. To initiate this type of provisioning use either the Oracle Calendar administrator, or the uniuser utility. For more information about provisioning multiple users to the Oracle Calendar server at once from a populated Directory Server, consult the Adding Users from a Populated Directory Server section of this chapter.
Notification-Based Provisioning
This notification-based provisioning model can be viewed as a push provisioning model. The Oracle Calendar server receives an asynchronous notification from Oracle Internet Directory that includes modifications that have occurred since the last notification. These modifications can include user additions, modifications, or deletions. Once the notification is received from Oracle Internet Directory, the Oracle Calendar server processes the modifications. To control whether notification-based provisioning is enabled, use the [CWS] dirprovenable parameter. For more information on this parameter, see "Calendar Server Parameters" in Chapter 3 of Oracle Calendar Reference Manual.
When the Oracle Calendar server is deployed with Oracle Collaboration Suite, policies can be defined in the $ORACLE_HOME/ocal/misc/unison.ini file that help manage where user accounts are created based on defined criteria. These policies apply only when on-demand or notification-based provisioning models are in use.
Weighted Provisioning Policies
Weighted provisioning policies determine the Calendar node on which to create a new user. Multiple weighted policies can exist, where the lowest weight assigned takes priority. To define these policies, configure the [PROVISIONING] policy.<weight> parameters in the $ORACLE_HOME/ocal/misc/unison.ini file. For more information about the parameters in the [PROVISIONING] section, see "Calendar Server Parameters" in Chapter 3 of Oracle Calendar Reference Manual.
The Default Provisioning Policy
The default provisioning policy determines the calendar node on which to create a new user if the user does not meet the criteria of any weighted provisioning policy. Only one default policy can be defined on the Calendar server. For more information about configuring the [PROVISIONING] policy.default parameter, see "Calendar Server Parameters" in Chapter 3 of Oracle Calendar Reference Manual.
Example
University X wants to provide Calendar accounts to all of its staff members. It has selected three of its departments for initial deployment of Calendar accounts: Law, Business, and Engineering. The administrator has created three nodes on a single Calendar host: 100, 300, and 500. These nodes serving Law, Business, and Engineering respectively.
The University has extended the directory schema on Oracle Internet Directory to introduce objectclasses "universityXPerson" and "universityXPersonRole". Attribute "universityXPersonRole" will be assigned values of either "staff" or "student" to indicate whether the person is a staff member or student.
Existing staff members and students have been added to the Oracle Calendar server manually, using bulk provisioning; however, all new users will be added to the Oracle Calendar server using on-demand provisioning.
To accomplish the on-demand user provisioning previously mentioned, the administrator has configured the following parameters in the $ORACLE_HOME/ocal/misc/unison.ini file:
[ENG] ondemandprov_enable = TRUE [PROVISIONING] enable = TRUE policy.1 = "100:(&(universityXPersonRole=staff)(ou=law))" policy.2 = "300:(&(universityXPersonRole=staff)(ou=business))" policy.3 = "500:(&(universityXPersonRole=staff)(ou=engineering))" #policy.default = "100:(objectclass=*)"
|
Note: The[PROVISIONING]policy.default parameter has been marked out with a pound sign (#) to make it a comment. This means that only users meeting the criteria set out in the weighted policies will be provisioned to Calendar. If there is no default provisioning policy, then user accounts that do not conform to the defined policies will not be provisioned to Calendar. |
Once users have been provisioned to Oracle Calendar, they can also be deprovisioned. Deprovisioning is not the same concept as disabling or deleting a user account. When a user is deprovisioned from Oracle Calendar the data remains in the Calendar server. The following list illustrates various characteristics of a deprovisioned user:
The deprovisioned user cannot log in to Oracle Calendar.
Provisioned users will not be able to see deprovisioned users when performing a lookup.
A deprovisioned user will still appear in events that occurred in the past.
The deprovisioned user's data remains on the Calendar server.
The deprovisioned user can still own calendar data.
Administrators will be able to see deprovisioned users when performing a lookup.
A uniuser -ls output of a deprovisioned user will display the DEPROVISION-TIME attribute, and the UID attribute will be scrambled.
A deprovisioned user can be re-provisioned to Calendar.
Deprovisioning a Calendar User Account
In order to deprovision a Calendar user, use the uniuser utility with the -deprovision option. For example:
% uniuser -user -deprovision "UID=jsmith" -n 1 Enter a password: Deprovision "S=smith/G=john/UID=jsmith/ID=304/NODE-ID=1" [y/n]: y uniuser: "S=smith/G=john/UID=jsmith/ID=304/NODE-ID=1" has been deprovisioned
Now that user John Smith has been deprovisioned, the uniuser -ls output will return the following information and attributes for the user:
. S=smith/G=john/ID=304/EMAIL=john.smith@visioncorp.com/ + UID=FA37BCFB44B93C64E0340003BA19065D/AUTOREFRESH=1/ + DEPROVISION-TIME=2005-06-23 00:00/EMAIL-REMINDERDELIVERYRULE=ALTERNATE/ + ENABLE=TRUE/LANG=en/NODE-ID=1/REFRESHFREQUENCY=60
Notice that the DEPROVISION-TIME attribute appears in the output, and the UID attribute is scrambled.
Re-Provisioning a Deprovisioned Calendar User Account
Find the deprovisioned user's full DID by using the unidssearch utility. For example:
% unidssearch DID=cn=john.smith,cn=users,dc=us,dc=visioncorp,dc=com
Take note of the full DID
Re-provision the deprovisioned Calendar user account by using the uniuser utility with the -user -add and -attach options:
% uniuser -user -add "DID=cn=john.smith,cn=users,dc=us,dc=visioncorp,dc=com" -attach "S=smith" -n 1 Enter a password: uniuser: "S=smith/G=john/UID=jsmith/ID=304/NODE-ID=1" has been added
Controlling Delete Notifications from Oracle Internet Directory
When a user is deleted from Oracle Internet Directory, a delete notification is sent to the Oracle Calendar server. Calendar administrators can control the Oracle Calendar server's subsequent action to an Oracle Internet Directory delete notification using the [PROVISIONING] cascade_deletion parameter in the $ORACLE_HOME/ocal/misc/unison.ini file. Depending on the setting of this parameter, when receiving a delete notification from Oracle Internet Directory, the Oracle Calendar server will either delete the user, or set the user account as deprovisioned.
|
See Also: For more information about the cascade_deletion parameter, see "Calendar Server Parameters" in Chapter 3 of the Oracle Calendar Reference Manual. |
Each person who plans to use calendar services must have an account on the Calendar server. Once a user's profile has been created and added to a node, that person can then use any calendar client to connect to the server and manage their personal agenda.
Before you can create calendar accounts for users, they must already exist in the directory server. Adding Calendar services implies using the existing directory data to create calendar profiles on the calendar server node. When Oracle Calendar server is deployed in standalone mode, with no external directory server, an account does not have to exist on an external directory before account creation.
You can add users using the Oracle Calendar administrator web GUI, or by using a command line utility.
Oracle Calendar Administrator
Creating calendar accounts for existing directory users can be done through the Oracle Calendar administrator.
Sign in to the node on which you want to create the account.
Click Users in the main screen.
Click Provision Calendar Service to User on the Users page.
The Directory Users page will appear where you can list users in the directory who do not have a calendar account. Search for the user or users to whom you wish to provision calendar services.
Click Go to list all users, or select a filter and enter a value in the Search edit box to limit the search.
When the user is listed, click the Provision Calendar Service icon in the Actions column for that user. To provision services for more than one user at a time, select them in the Select column and then click the Provision Calendar Service to User button at the top right of the list.
Command Line
Adding calendar users from an existing directory server using the utilities is a two-step process. The first step is to identify all directory server users who are not calendar users. The unidssearch utility to search the directory server DNs and return all entries without the attribute ctCalXItemId. All or a selection of these users can then be added to a calendar server node using the uniuser utility. For more information about how to use uniuser, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
Determine which users on the directory server have not yet been added to a calendar server node: Use unidssearch to search the directory server. For more information about how to use unidssearch, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
% unidssearch -c 10 A DID=cn=Lan Nguyen,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=James Alexander,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Chris Robbins,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Thomas Addison,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Claire Roslyn,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Denis Tremblay,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Maija Laine,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Elizabeth McKinley,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Walter Chen,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Oliver Maxwell,cn=Users,dc=us,dc=visioncorp,dc=com
|
Note: If you are using a Sun ONE Directory Server, the attributecn (common name) might be replaced by the attribute uid (user ID or login). |
Use uniuser -add -user to add users one at a time. For more information about how to use uniuser, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
% uniuser -user -add "DID=cn=James Alexander, ou=Research, o=Acme, c=US" -n 134 Enter SysOp password: uniuser: G=James/S=Alexander/ID=256/NODE-ID=134 has been added
To add several users:
Create a file of all users in the directory server who are not calendar users. The number of non-calendar users returned by a search may be limited by maximum search result settings on the directory server. You can also limit the scope of the search, as in the following example where five users are selected from the directory server. The greater-than symbol (>) redirects the output of unidssearch to a file named userslist.
% unidssearch -c 5 > userslist
The file created may then be modified, filtered, or added to as required and according to a set format and syntax. Additions are made in X.400 format. For a complete description of the X.400 keys, fields, and syntax used with the uniuser utility, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
A DID=cn=Chris Robbins,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Thomas Addison,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Claire Roslyn,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Denis Tremblay,cn=Users,dc=us,dc=visioncorp,dc=com A DID=cn=Maija Laine,cn=Users,dc=us,dc=visioncorp,dc=com
Attach all users in the userlist file to the specified node.
% uniuser -ex userslist -n 134 Enter SysOp password: uniuser: added "cn=Chris Robbins,cn=Users,dc=us,dc=visioncorp,dc=com/G=Chris" uniuser: added "cn=Thomas Addison,cn=Users,dc=us,dc=visioncorp,dc=com/G=Thomas" uniuser: added "cn=Claire Roslyn,cn=Users,dc=us,dc=visioncorp,dc=com/G=Claire" uniuser: added "cn=Denis Tremblay,cn=Users,dc=us,dc=visioncorp,dc=com/G=Denis" uniuser: added "cn=Maija Laine,cn=Users,dc=us,dc=visioncorp,dc=com/G=Maija"
In a standalone installation of the Calendar server, where no LDAP directory server is used, user profiles are added to the internal calendar directory. A user password must be supplied. You can add users using the Oracle Calendar administrator web GUI, or by using a command line utility
Oracle Calendar Administrator
Use the Oracle Calendar administrator to add users to a node.
Click the Calendar Management tab.
Click on the Users secondary tab.
To add a new user click Create Calendar Account on the far right.
Enter the user information and click Apply.
Command Line
Use the uniuser utility with the -add and -user options to add users to the calendar server's internal directory. For more information about how to use uniuser, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
Example
uniuser -user -add "S=Addison/G=Thomas/PSW=test1/I=W/O=acme" -n 786 Enter SysOp password: uniuser: added "Addison,Thomas,W"
Instead of adding users from the directory server to the calendar server, the administrator may want to take one or more existing calendar databases and export the user and resource data in an LDIF format that is then used to populate the directory server.
Contact Oracle Support for assistance and utilities to handle the migration of all calendar users to the directory server.
Administrators can modify user attributes using the uniuser utility or using the Oracle Calendar administrator. Attributes include user information such as the user name, e-mail address, telephone number, and other personal information. It also includes access rights (designate, viewing rights, and so on), administrative rights (manage holidays, users, server, and so on.) and alert attributes (notifications).
A user's calendar account can be disabled. When an account is disabled, the owner cannot sign in and does not have access to his agenda. The calendar data of disabled accounts is not deleted and will be accessible again once the user account is reenabled.
You can modify users using the Oracle Calendar administrator web GUI, or by using a command line utility.
Oracle Calendar Administrator
Use the Oracle Calendar administrator to view and modify a user's calendar attributes.
To modify an existing user, click the Calendar Management tab.
Click on the Users secondary tab.
Using the search box, search for the user you want to modify. Select a filter from the drop down list, and enter a value in the Search edit box to limit the search then click Go. Alternatively, simply omit a filter, and click Go to list all users.
Find the user in the list and click the Pencil icon in the Actions column.
If you wish to modify a calendar-specific attribute, make the necessary modifications and click Apply.
To modify attributes that are not calendar-specific, use Oracle Internet Directory administration tools or third-party directory servers.
Command Line
You may view and modify a user's calendar attributes using the uniuser utility with the -mod option or -s option. To modify attributes that are not calendar-specific, use your Oracle Internet Directory administration tools.
To disable a calendar account, use uniuser with the -mod option. For example:
% uniuser -user -mod "S=Smith/G=John" -m "ENABLE=FALSE" -n 23
To grant access rights from one user to another use the uniaccessrights utility. See Granting access rights later in this chapter. To change a user password, the unipasswd utility can be used. User passwords can also be modified using the Oracle Internet Directory administration tools.
For full information about the use and syntax these utilities, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
When a user is deleted from a node, the user's Calendar account and records are removed from the local node. This means that all data owned by the user, including any meetings or groups, will be deleted. The user will no longer appear in other users' agendas, nor will any meetings or other calendar entries owned by this user remain. Any replicated copies of calendar data owned by the user will also be removed.
To preserve meetings and other calendar entries owned by the user, you should transfer ownership of these meetings to another user before the deletion.
You can delete users using the Oracle Calendar administrator web GUI, or by using a command line utility.
Oracle Calendar Administrator
Use the Oracle Calendar administrator to transfer calendar data from one user to another and then to delete the user from the server.
Click the Calendar Management tab.
Click on the Users secondary tab.
Search for the user you want to transfer or delete using the Search box. Click Go to list all users, or select a filter and enter a value in the Search edit box to limit the search, and then click Go.
To transfer data from this user to another, first click the Pencil icon in the Actions column for this user.
Click Transfer Calendar at the bottom of the menu on the left.
In the Recipient for Calendar page, click Go to list all users, or select a filter and enter a value in the Search edit box to limit the search, then click Go.
Find the target user, and click on the Transfer icon in the Actions column for that user.
From the Calendar Data to Transfer page, select the types of calendar entries you want to transfer and click Apply.
Once the data has been transferred you can proceed with the deletion. Click the Users tab on the top left.
To find the user to delete, use the Search filter and edit box. To delete one or more users, select the user by clicking on the corresponding check box in the Select column, and then click Delete at the top right.
Command Line
Remove one or more users from the calendar server node using the uniuser -user -del (single deletion) or uniuser -ex (multiple deletions) commands. For full information about use and syntax of these utilities, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
If the user is the owner of calendar entries (meetings, day events, and so on) that you do not want to delete, you may want to transfer these entries to another user before deleting the user. Use uniuser with the -transfer option to transfer ownership of selected entries in the user's agenda to another user.
For example, if a manager who controlled group scheduling leaves the company, you might transfer all non-personal entries from his agenda to the person replacing him. Use the -event, -task, -group, and -folder options of uniuser to define which type of calendar data to transfer.
To preserve a copy of the user's complete agenda in a file prior to deletion from the node, use the unicpoutu or uniical utilities. For more information about uncpoutu and uniical, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
Due to a variety of potential circumstances — organizational changes, employee relocation, or the need to redistribute node capacity — you may need to move one or more users from one node to another.
Command Line
Use the unimvuser utility. It is advisable to run unimvuser during off-peak hours for the calendar server. Always use the most recent version of unimvuser in your node network. For full information about use and syntax, including a number of crucial warnings and considerations, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
To set client display preferences, administrative rights, default viewing privileges, or other parameters for a group of users, define a default user profile before adding users to the node. This default user profile may also be applied to existing users.
Defining a default user profile:
All configuration parameters for the user profile are stored in the $ORACLE_HOME/ocal/misc/user.ini file. Edit this file using a text editor supplied with your operating system.
Values can be set and changed according to the information and limits defined in the user.ini file configuration file. For more information on these parameters, see "Calendar User and Resource Parameters" in Chapter 1 of Oracle Calendar Reference Manual.
To make changes, delete the old value and insert a new value.
The default value is assumed if the parameter is not included in the $ORACLE_HOME/ocal/misc/user.ini file.
Applying a default user profile:
The profile is applied during user creation (using the uniuser utility, or the Oracle Calendar administrator).
The default user profile is outlined under the section heading [GEN] in the $ORACLE_HOME/ocal/misc/user.ini file. Multiple profiles can be created from this template and appended to the file under different section heading names. These profiles can then be specified during user creation or modification using the uniuser utility with the -s option. For more information about the use and syntax of the uniuser utility, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
The e-mail addresses let users notify each other of created, modified, or deleted calendar entries and are used for sending e-mail reminders.
When adding users with uniuser, on a standalone Calendar server with an internal directory, you can specify their e-mail addresses by using the EMAIL key/value pair. For example:
% uniuser -add "S=Kafka/G=Franz/EMAIL=fkafka@mail.org/PSW=userpassword" -n 23 Enter SysOp password: uniuser: added "S=Kafka/G=Franz/ID=262/NODE-ID=23" has been added
For more information about the use and syntax of uniuser, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
An administrator can grant a user the right to access the agenda of another user, resource, or event calendar. These rights include event viewing rights, task viewing rights, scheduling rights, and designate rights. A designate is a user assigned the right to modify the agenda of another user or resource. Granting scheduling rights to a user means giving that user the right to invite you to events.
Users can customize their own access rights from various Calendar clients including Oracle Calendar Desktop Client, Oracle Connector for Outlook and Oracle Calendar Web Client. Administrators can also set access rights using the Oracle Calendar administrator or the uniaccessrights utility.
You can grant access rights between users using the Oracle Calendar administrator web GUI, or by using a command line utility.
Oracle Calendar Administrator
Use the Oracle Calendar administrator to grant access rights from one user (grantor) to another (grantee).
Click the Calendar Management tab.
Click on the Users secondary tab.
Search for the user who will be the grantor. Click Go to list all users, or select a filter and enter a value in the Search edit box to limit the search, then click Go.
Find the user in the list and click the Pencil icon in the Actions column to open the profile for this calendar user.
Click Access Rights on the left.
On the Access Rights page, any user to whom you already have granted rights can be displayed. Click Go to list them all.
To grant rights to a user for the first time, click Grant Rights on the right.
Search for the user who will be the grantee and click the Grant Rights icon in the Actions column to change the rights granted to this user.
In the Access Rights to Calendar page, change the rights and click Apply.
Command Line
Use the uniaccessrights utility with the -mod option to grant access rights from one user to another or from one user to many users. For example:
% uniaccessrights -mod -grantee "S=OBrian" -grantor "S=Martin/G=Don" -host gravel -eventview "PERSONAL=ALL" -taskview "all=true"
For more information about the use and syntax of uniaccessrights, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
You can configure whether a user has a global and published agenda.
Global and Published Calendars
Calendar users can share their agenda with other users through the Oracle Calendar Web client. Calendar sharing is determined using the Global Read Access attribute.
Users with the Global Read Access attribute turned ON can share their agendas with any other Internet user by mailing them a URL defined by the Oracle Calendar Web Client. The default value for Global Read Access is OFF.
Set the Global Read Access attribute using the Oracle Calendar administrator or the uniuser utility. For more information about this feature, see your Oracle Calendar Web client online Help.
|
Note: A legacy attribute, Published Type is also available in Oracle Calendar. Created for ISPs with large numbers of users who needed to be able to do searches for each others' Calendars, this attribute is not necessary for current implementations of Oracle Calendar. |
Most of the administrative operations for Oracle Calendar can be performed by regular calendar users. The administrator (calendar system operator) must first grant the users administration rights. Different sets of rights can be granted to different users based on what they should manage: users, resources, event calendars, groups, node network, or calendar server. Once administrative rights have been granted, the user can then perform administrative operations by logging in to the Oracle Calendar administrator as themselves or by using certain command-line utilities with the -uid option.
These administrative rights limit the operations any given user can perform using the Oracle Calendar administrator and command-line calendar utilities.
For example, it may be useful to give designated employees in Human Resources administrative rights for holidays. Those employees could then add, modify, and delete holidays in the Oracle Calendar administrator by signing in with their own user name and password.
For a complete list of the individual rights that can be assigned in Oracle calendar using the uniadmrights utility, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
Each user's profile of administrative rights also has a scope that defines which nodes the user's rights apply to. The Node scope limits all administrative rights to the node on which the user's own calendar account exists. The Network scope extends the user's administrative rights to all nodes that are in the network which includes that user's node.
For example, in a scenario where nodes 30 and 40 are in a node network together, a user on node 30 with a Node scope may only modify users and resources on node 30. A user on node 40 with Network scope may modify users and resources on both nodes.
You can assign administrative rights to a user through the Oracle Calendar administrator or the command-line uniadmrights utility.
Note that the ability to manage other users' administrative rights is itself covered by an administrative right. In addition, you may only assign rights that you possess, and you may only assign Network scope if you possess Network scope. For example, in order to assign resource creation administrative rights to a user, you must possess both resource creation administration rights and the right to manage users' administrative rights.
|
Note: If your Calendar server is a standalone installation with a supported third-party directory server, additional configuration steps are necessary in order to use this feature. See the Administrative Rights: Third-Party Directory Server Considerations later in this chapter. |
You can assign administrative rights to users using the Oracle Calendar administrator web GUI, or by using a command line utility.
Oracle Calendar Administrator
Use the Oracle Calendar administrator to grant administrative rights to users.
Click the Calendar Management tab.
Click on the Users secondary tab.
Search for the user you want to grant administrative rights to and then click the Pencil icon in the Actions column.
Click Administrative Rights in the menu on the left.
Use the check boxes to select the administrative rights you wish to grant to the user, then click the Apply button.
Command Line
Use the uniadmrights utility. For example:
% uniadmrights -u "S=Heller/G=Joseph" -n 22 -user "create=true/modify=true" -resource "all=true" -csm "all=false"
The preceding command line grants Joseph Heller on node 22 the ability to create and modify users (but not to delete, set access rights or passwords); all rights for resources (including the rights to create, modify, delete, set passwords, and set access, viewing and designate rights). Lastly, it also removes all access rights to the Calendar Server Manager, denying this user the ability to start and stop nodes and servers.
For more details on the uniadmrights utility, including syntax, accepted key-value pairs and a complete list of all available access rights, see "Calendar Server Utilities" in Chapter 6 of Oracle Calendar Reference Manual.
When assigning administrative rights to other Calendar users with a supported third-party directory server some additional configuration steps are required. These steps are not required when Calendar is deployed with Oracle Collaboration Suite, or in standalone installations with an internal directory. Failure to configure the Calendar server with the modifications listed below will result in the inability of users to administer the Calendar server.
Open the $ORACLE_HOME/ocal/misc/unison.ini configuration file with a text editor.
Add the following parameter to the [DAS] section of the unison.ini file:
dir_usewritednforadmin=TRUE
Add the following parameters with the appropriate values to the [LDAP] section of the unison.ini file:
writedn=<writedn> writednpassword=<encryptedwritednpassword>
|
See Also: For more information on thewritedn and writednpassword parameters, see "Calendar Server Parameters" in Chapter 3 of Oracle Calendar Reference Manual. |
Save the file
