Managing users

HCL® Quality Server has multiple choices associated with its security model. Depending on the security option selected during installation of the HCL® Quality Server, different options are available based on the user accounts.

Security model

The features available within HCL® Quality Server depend on the security model option chosen during installation but the applications security settings can be changed at any time after installation.

In addition, 8.5.1.1 or later supports domain-level security, which is role based.
Note: By default, domain-level security is not enabled.

User types

The following user types are supported:
  • System administrators
  • Users
System administrators can accomplish the following tasks:
  • Change the server login passwords of other users and assign administrative privileges to other users if the built-in security functionality of the server is being used.
    Note: If the Active Directory or LDAP security models are being used, user administrator tasks are managed by Active Directory or LDAP (whichever is applicable).
  • Create, rename, and delete domains.
  • Delete published stubs.
  • View the activity and audit logs of the server.
Users can accomplish the following tasks:
  • Change their own server login passwords within HCL® Quality Server if the built-in security functionality of the server is being used.
    Note: If the Active Directory or LDAP security models are being used, users can change the server login passwords within Active Directory or LDAP (whichever is applicable).
  • View the Environment and start and stop stubs.
  • View agents.
  • View and modify scheduled tests.

User privileges

The following table outlines how access rights are determined by the security model option used.

If this HCL® Quality Server security model option is being used...

Who can access HCL® Quality Server as a user?

Who can be a HCL® Quality Server system administrator?

None

Anyone who knows the server applications URL.

Anyone who knows the server applications URL.

Note: This means that users cannot be created within the server application.

HCL® Quality Server Built-in

Anyone who has been assigned a user name and password by a administrator.

When creating or modifying users, a system administrator can specify that a particular user is a system administrator.

Active Directory/Lightweight Directory Access Protocol (LDAP)

Any user with an Active Directory/LDAP user account that is a member of an Active Directory/LDAP user group that is selected during a fresh installation of the server or when you modify an existing installation.

A system administrator must have an Active Directory/LDAP user account that is a member of an Active Directory/LDAP administrators group that was selected during (or after) installation of the server.

User roles

If you are using 8.5.1.1 or later and domain-level security is enabled, the Users page on the Domains and environments tab of the Administration page can be used to assign the following roles to system administrators and users:
  • Domain administrator
  • (Domain) user
  • (Domain) API user
If domain-level security is enabled:
  • System administrators can accomplish the following tasks:
    • Create new domains.
    • Add and remove other users to and from domains.
    • Assign and remove domain user, domain API user, or domain administrator roles to those users.
    • View the activity and audit logs of the server.
  • Domain administrators can accomplish the following domain-level tasks in the domain(s) in which they have that role:
    • Add and remove other users to and from domains.
    • Assign and remove domain user, domain API user, or domain administrator roles to those users.
    • Delete projects published by other users.
    • Delete scenarios created by other users.
    • Delete Recording Studio recordings of other users.
    Note: To accomplish all of these domain-level tasks, system administrators must assign themselves or be assigned to the domain administrator role.
  • Domain users can accomplish the following domain-level tasks in the domain(s) in which they have that role:
    • View Recording Studio recordings of other users.
    • View the Environments landscape.
    • View agents.
    • View and modify scheduled tests.
    • Publish stubs.
    • Start and stop stubs.
  • domain API users can access server command-line functions and REST API for the domain(s) in which they have that role, including starting and stopping stubs, but cannot log into and access the user interface. It is recommended that you create one (or more) user accounts with the API user role and have your remote processes (such as the HCL OneTest API Agent or automated scripts that call the REST API) operate as these users by providing them security tokens generated for one of these API users. This prevents the tokens that are stored with the unattended processes from being used to access the user interface. For more information about creating security tokens, see Creating and assigning security tokens.