One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Group properties

The group properties display when you select a group name from the Groups tab of a host's properties and either click the Properties toolbar button or right-click the group name and choose Properties from the context menu, or double-click the group name.

The group properties has two tabs:

  • General
  • Members
General Tab

Use the General tab to review or modify the general properties for the group:

Table 25: General tab
Option Description
Group Name The name assigned to the group.
GID The group identification number assigned to the group.
Members tab

Use the Members tab to review or define the users as members of the selected group.

When logged on with the supervisor account, the mangement console does not list any of the Active Directory users that are members of the selected group.

Use the toolbar buttons to add users to (or remove users from) the selected group, search for users, and filter the contents of this view.

Table 26: Members tab: toolbar
Option Description
Add | Local User Open the Add menu and choose Local User to open the Select Local User dialog which allows you to add one or more local users to the group.
Add | AD User

Open the Add menu and choose AD User to open the Select AD User dialog which allows you to add one or more Unix-Enabled Active Directory users to the group.

NOTE: This option is only available if the mangement console is configured for Active Directory, you are logged on as an Active Directory account in the Manage Hosts role, and the selected host is joined to an Active Directory domain.

Click Remove Users to remove the selected users from the group.

Use the search box to filter the users displayed on the Members tab based on user names. As you enter characters into the search box, the mangement console displays the users that match (contain) the criteria entered. Click to remove the filtering and re-display the original user list.

Open the user type drop-down menu and choose the type of users you want to list:

  • All users
  • All non-system users
  • System user
  • Users requiring AD logon (requires Authentication Services 4.x)
  • Users not requiring AD logon (requires Authentication Services 4.x)

The Members tab displays the following information about each user that is a member of the selected group:

Table 27: Members tab
Option Description

The first column contains a selection check box which allows you to select or deselect a user.

To select a user, click a user entry or the selection check box. To select all of the users in the list, select the check box in the heading.

To deselect a user, click on the selection check box. To deselect all selected users in the list, clear the check box in the heading.

The icons displayed in this column indicate the type of user:

  • User does not require AD logon (requires Authentication Services 4.x)
  • User requires AD logon (requires Authentication Services 4.x)
  • System user

In addition, when a user is ready to be added to or removed from the group, the current user icon contains either a green plus sign or red minus sign, as illustrated below:

  • user is ready to add as a member of the group
  • user is ready to remove from the group
Name Displays the name assigned to the user account.
UID Displays the user identifier assigned to the user.

If multiple pages are available, use the controls at the bottom of the dialog to scroll through the pages.

Adding users to a local group

Add local or Active Directory users to a local group from a local group's properties.

To add users to a local group

  1. From the Groups tab on the host's properties, right-click a group name and choose Properties.

    You can also double-click the group name to open its properties.

  2. Select the Members tab, open the Add menu and choose Local user.

    Note: The AD user option is only available when you are logged in as an Active Directory user for a host that is joined to Active Directory. See Adding AD user to a local group for details.

  3. On the Select Local User dialog, search for and select a local user from the list and click OK.

    Note: To find a particular user you can filter the list of users. Enter one or more characters in the Search for users box. The mangement console automatically displays the users whose name contains the characters you enter. To redisplay the original list, click the button on the Search for users box.

    You can also select one of the following options from the user type drop-down menu:

    • All users
    • All non-system users
    • System users
    • Users requiring AD logon (requires Authentication Services 4.x)
    • Users not requiring AD logon (requires Authentication Services 4.x)
  4. Click OK on the Members tab to save your selections.

    The mangement console adds the users with an icon to the list on the Members tab.

  5. On the Log on to Host dialog, enter the user credentials and click OK.

    Note: This task requires elevated credentials.

Select Local User Dialog

The Select Local User dialog displays when you select Add | Local user from the Members tab of a local group's properties. From this dialog, select one or more local users to be members of the selected group.

Use the controls at the top of the Select Local User dialog to filter the contents of the user's data grid:

Table 28: Select Local User dialog
Option Description
Use the search box to filter the users displayed based on user names. As you enter characters into the search box, the mangement console lists the users that match (contain) the criteria entered. Click to remove the filtering and re-display the original user list.

Removing user from local group

Remove local or Active Directory users from a group from the Groups tab of a host's properties.

To remove a user from a local group

  1. Right-click a group name and choose Properties.

    You can also double-click a group from the list to open its properties.

  2. From the Members tab, select one or more users and click Remove User.

    The mangement console adds a icon to the user names to indicate they are ready to remove from the list.

  3. Click OK on the Members tab to save your selections.
  4. On the Log on to Host dialog, enter the user credentials and click OK.

    Note: This task requires elevated credentials.

Related Documents