Users must be defined in CA Harvest SCM before they can log in to the product. When CA Harvest SCM is installed, an initial user is automatically created. This user must add other users who need access to CA Harvest SCM.
Note: The record in the HARUSER table whose USROBJID field has a value of 1 identifies the initial user created during the installation. This user is always a CA Harvest SCM administrator and always exists in CA Harvest SCM, even if this user does not exist in the external authentication server. However, when you use external authentication, this user (like all other CA Harvest SCM users) must exist in the external authentication server to log in to CA Harvest SCM.
Creating users and user groups are closely related tasks. If you create users first, you can add them to the groups when you define the groups. If you create groups first, you can add the users to them when you define the users.
Users and user groups exist at the CA Harvest SCM level. This level means that they are available to all projects defined in a CA Harvest SCM installation. A user can belong to any number of user groups, and the groups imply no hierarchy. For example, a user in the Development Manager group does not implicitly belong to the Developer group.
Note: For more information about the CA Harvest SCM initial user, see the Implementation Guide.
The User Properties dialog lets you define CA Harvest SCM users.
If your site uses internal authentication (CA Harvest SCM authentication), you can edit all the fields on the User Properties dialog.
If your site uses external authentication such as Microsoft Active Directory, in the personal information area of the User Properties dialog, you can edit only the Name and Note fields. You cannot edit any other fields (Password, Real Name, Phone #, Ext, Fax# and E-mail). In the Security area, you can enable the options including Disabled and Single Work Station Login while the other options Locked and Change Password on Next Login remain disabled.
For both internal and external authentication, during login, create user, and update user operations:
The following considerations apply when you create a user:
The following considerations apply when you update a user's name definition:
The User Properties dialog lets you define CA Harvest SCM users.
If your site uses internal authentication (CA Harvest SCM authentication), you can edit all the fields on the User Properties dialog.
If your site uses external authentication such as Microsoft Active Directory, in the personal information area in the User Properties dialog, you can edit only the Name and Note fields. You cannot edit any other fields (Password, Real Name, Phone #, Ext, Fax# and E-mail). In the Security area, you can enable the options including Disabled and Single Work Station Login while the other options Locked and Change Password on Next Login remain disabled.
Follow these steps:
The User Properties dialog appears.
Note: The notify process uses this email address when this user is designated to receive notifications.
Disables the user account.
Restricts the user from having multiple active sessions with the same broker from multiple workstations. However, all users (including single-workstation-login restricted users) can have multiple active sessions with the same broker from the same workstation and can also have multiple active sessions with different brokers from any combination of workstations.
Specifies whether the user account uses internal or external authentication.
Unlocks an internally authenticated account which has been locked because it has reached the maximum consecutive failed login attempts or the password has expired and the user is not permitted to change the password.
Forces the user to change the password upon the next login. This option is disabled for external authentication. For mixed mode authentication, it is enabled for internal users and disabled for external users.
If a user already belongs to one or more user groups, those groups are displayed in the User Groups list. New users are automatically added to the Public group.
Note: The Administrator group is visible in this list only if the current user has Administrator rights. This security measure helps ensure that only an Administrator can grant Administrator rights to another user.
The user is created and appears in the Users folder.
The User Manager (husrmgr) utility is a toolkit for the CA Harvest SCM administrator who maintains user profiles in CA Harvest SCM. You execute the User Manager utility from the command line. The utility provides user maintenance functions: import user, delete user, rename user, and update user.
Note: For information about the User Manager utility, see the Command Line Reference Guide.
Command line utilities, hppolget and hppolset, provide a configuration file-based interface to CA Harvest SCM Password Policy. Use hppolget to generate a configuration file containing the current policy. To change policy, edit the configuration file and then run hppolset.
The utility, hchu, provides a command-line interface for changing a password. Other command-line utilities do not prompt for a new password when the user's password has expired.
Note: For details about the command-line utilities, see the Command Line Reference Guide.
A user with a disabled account cannot access CA Harvest SCM; any login attempt using a disabled account always fails. Unlike locking a user account (which is automatically triggered by reaching the maximum failed login attempts), enabling or disabling a user account is a manual procedure.
CA Harvest SCM Administrators or users with Admin User Access can enable or disable user accounts by using the User Properties Account Disabled check box. This user property is not synchronized with the external authentication server. To log in to CA Harvest SCM, in addition to the conditions implemented by external authentication, the user account must not be disabled in CA Harvest SCM.
Unlock methods unlock an internally authenticated user account that has been locked because it has reached the maximum consecutive failed login attempts or the password has expired and the user is not permitted to change the password.
The following methods are available to unlock user accounts:
Note: For details about the husrunlk command-line utility, see the Command Line Reference Guide.
Oracle:
HUsrUnlk.sql—This script accepts two arguments: CA Harvest SCM user name (case sensitive) and output log file name.
SQL Server:
HUsrUnlk_sqlserver.sql—This script cannot pass arguments. Edit the following identical two lines in the script before running it:
AND u.username = 'harvest')
Manually replace harvest with the username that you want to unlock.
If the user's failure count has exceeded the maximum failed login attempts before lockout value, executing the script resets the user's failure count to 0. This action lets the user attempt to log in again; otherwise, the user receives the override, Change Password at Next Login.
HUsrUnlk.sql and HUsrUnlk_sqlserver.sql are located in the directory Database under CA_SCM_HOME. To run the scripts successfully, you must have access to update the database using the relational database management system (RDBMS). To run the script, use the following syntax:
Oracle:
sqlplus Harvest owner/password @HUsrUnlk.sql username log_file
SQL Server:
osql -d HarvestDBname -i HUsrUnlk_sqlserver.sql -U owner -P password -e -b -o HUsrUnlk_sqlserver.log
The User Properties dialog lets you modify the properties of a CA Harvest SCM user.
Follow these steps:
The User Properties dialog appears.
The user properties are modified.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|