There are three types of uses that can be created and used in UIM
1. Real Nimbus Users
2. Account Contact Users
3. LDAP Users
All these users can run in same security context though they are created and managed in different ways.
There are essentially two types of users: Real Nimbus Users and Account Contact users. LDAP users fall into one these two categories but are a little more fluid.
1. Real Nimbus Users are created in Infrastructure Manager, (IM), through Security->User Administration. These users are written to security.dta file in the hub folder and the NimsoftSLM database never sees these users, (so UMP cannot see them).
2. Account Contact Users are created in IM through Security->Account Administration, and also in UMP through the AccountAdmin portlet. These users are written to the NimsoftSLM database and IM can read ACLs written this way. When a user logs into UMP for the first time, their user account is copied to the separate Liferay tables. Also, Account Contact users cannot assign alarms to Real Nimbus users.
3. LDAP Users can be treated as Real Nimbus Users or Account Contact Users - it depends on which ACL they are given. If the ACL is Linked to an Account, then the LDAP user will be treated as an Account Contact (even if they're not a member of that account.) If the ACL they are given is not linked to any account, the LDAP user gets treated as a Real Nimbus User.
- User information can be stored in four different places:
- Nimsoft\hub\security.dta for real nimbus users.
- NimsoftSLM > Account_, Group_ and User_ tables for account contact users.
- NimsoftSLM Liferay tables for users who have successfully authenticated in UMP.
- The completely separate Active Directory tables for LDAP users.
- Users who want to access UMP's SLM portlet or Dashboard Designer must be Real Nimbus Users, created in IM under Security->User Administration and have the 'SLM Admin' or 'Dashboard Designer' permission on their ACL.
This is by design and is intended to prevent one customer from one account from being able to view data that belongs to a different account. Again, these users are created exclusively in IM through "User Administration".
- All usernames should be unique. Creating LDAP users, Real Nimbus Users, and/or Account Contact users with identical usernames will create confusion about which credentials are being used to authenticate in UMP.
- Something to note about the Liferay Accounts - if a User is deleted in UMP, they don't really get deleted. Their record in the Account_, Group_, and User_ tables gets updated with a "deleted = 1" flag. In order to truly delete these accounts the the rows in the database must be manually deleted. However, in most circumstances it's not necessary to do this, as the user's account will be updated with the latest information upon successful authentication