A user is an individual (or application program) identity that is defined in Enterprise Server. A user who has been authenticated is sometimes called a principal.
As the administrator, you are responsible for integrating users into the Enterprise Server environment so that their credentials are securely established and they are provided with access to the applications and services that they are entitled to use.
The following tasks are used to manage users:
The remote create-file-user command enables you to create a new user by adding a new entry to the keyfile. The entry includes the user name, password, and any groups for the user. Multiple groups can be specified by separating the groups with colons (:).
Creating a new file realm user is a dynamic event and does not require server restart.
Ensure that the server is running.
Remote commands require a running server.
If the user will belong to a particular group, list the current file groups:
asadmin list-file-groups –user admin –passwordfile passwords.txt
Create a file user by using the create-file-user(1) command.
The following example command create user Jennifer on the default realm file (no groups are specified):
asadmin create-file-user --user admin --passwordfile=c:\tmp\asadminpassword.txt Jennifer |
Information similar to the following is displayed:
Command create-file-user executed successfully. |
To see the full syntax and options of the command, type asadmin create-file-user --help at the command line.
The remote list-file-users command enables you to list the users that are in the keyfile.
Ensure that the server is running.
Remote commands require a running server.
List users by using the list-file-users(1) command.
The following example command lists file users on the default file realm file:
asadmin list-file-users |
Information similar to the following is displayed:
Jennifer Command list-file-users executed successfully. |
To see the full syntax and options of the command, type asadmin list-file-users --help at the command line.
A group is a category of users classified by common traits, such as job title or customer profile. For example, users of an e-commerce application might belong to the customer group, and the big spenders might also belong to the preferred group. Categorizing users into groups makes it easier to control the access of large numbers of users. A group is defined for an entire server and realm. A user can be associated with multiple groups of users.
A group is different from a role in that a role defines a function in an application, while a group is a set of users who are related in some way. For example, in the personnel application there might be groups such as full-time, part-time, and on-leave. Users in these groups are all employees (the employee role). In addition, each user has its own designation that defines an additional level of employment.
The remote list-file-groups command lists groups for a file user, or all file groups if the --name option is not specified.
Ensure that the server is running.
Remote commands require a running server.
List file groups by using the list-file-groups(1)command.
The following example command lists the groups for user joesmith:
asadmin list-file-groups --name joesmith |
Information similar to the following is displayed:
staff manager Command list-file-groups executed successfully |
The remote update-file-user command enables you to modify the information in the keyfile for a specified user.
Ensure that the server is running.
Remote commands require a running server.
Update the user information by using the update-file-user(1) command.
To apply your changes, restart Enterprise Server.
Stop Enterprise Server.
For instructions, see To Stop a Domain (or Server).
Start Enterprise Server.
For instructions, see To Start a Domain (or Server).
The following command updates the groups for user Jennifer:
asadmin update-file-user --passwordfile c:\tmp\asadminpassword.txt --groups staff:manager:engineer Jennifer |
Information similar to the following is displayed:
Command update-file-user executed successfully. |
To see the full syntax and options of the command, type asadmin update-file-user --help at the command line.
The remote delete-file-user command enables you to remove a user entry from the keyfile by specifying the user name.
Ensure that the server is running.
Remote commands require a running server.
Obtain the exact name of the file user that you are deleting.
To list the existing file users:
asadmin list-file-users |
Delete the user by using the delete-file-user(1) command.
The following example command deletes user Jennifer from the default file realm:
asadmin delete-file-user Jennifer |
Information similar to the following is displayed:
Command delete-file-user executed successfully. |
To see the full syntax and options of the command, type asadmin delete-file-user --help at the command line.