Associating an LDAP group
You can associate LDAP users or groups, that have been defined in an existing Active Directory or LDAP directory, to console operators or roles.
To add such a group, perform the following steps:
- Ensure that the needed Active Directory or LDAP directory is added to the BigFix environment.
- Create a role to accept your new group by selecting Tools > Create Role
or right click in the work area and then select Create Role.
Enter a name for your group and click OK. - The Role panel appears.
Click the LDAP Groups tab. - Select the LDAP group that you want to assign to this role and click Assign LDAP Group.
- To save the changes click Save Changes.
When you assign an LDAP group to a role, any user from that group can then log in to the console. Only those users who actually log in will be provisioned with accounts and thus end up in the list of operators. This avoids the creation of unnecessary accounts. Operators are granted the highest privileges resulting from the sum of all their roles and permissions. For instance, if a user has access to computer set A and sites X from role 1, and computer set B and sites Y from role 2, they will have permissions for Sites X and Y across both computer sets A and B.