How do I create new global groups for use with Security Manager? (NETIQKB48288)

  • 7748288
  • 02-Feb-2007
  • 16-Nov-2007

Resolution

goal
How do I create new global groups for use with Security Manager?

goal
Can I add global groups after installation of Security Manager?

goal
How do I add global groups after I install?

fact
Security Manager 5.X

fix

If you have Security Manager version 5.5, complete the following steps to add global groups to OnePointOp groups and database roles:

  1. Create global groups to map to the following local groups. You can create global groups with the Active Directory Users and Computers administrative tool.
    • OnePointOp Users
    • OnePointOp Operators
    • OnePointOp ConfgAdms
    • OnePointOp Reporting
  2. Add the global groups with the Access Configuration utility on each central computer. For more information, see the User Guide.


fix

If you have Security Manager version 5.0 or 5.1, complete the following steps to add global groups to OnePointOp groups and database roles:

  1. Create global groups to map to the following local groups. You can create global groups with the Active Directory Users and Computers administrative tool.  
    • OnePointOp Users
    • OnePointOp Operators
    • OnePointOp ConfgAdms
    • OnePointOp Reporting
  2. Add the global groups to the corresponding local groups on each central computer with the Active Directory Users and Computers administrative tool.
  3. On the database server, create SQL Server logins for each global group by completing the following steps:
    a. Start Enterprise Manager in the Microsoft SQL Server program folder.
    b. In the left pane, expand the SQL group folders and subfolders containing the database server until you expand the Security folder.
    c. Click Logins.
    d. On the Action menu, click New Login.
    e. In the Name field on the General tab, specify the global group name. You can click ? to browse to the global group.
    f. Select Grant Access.
    g. Select the Database Access tab.
    h. Select master, and then select the public role.
    i. Select OnePoint, and then select public and EeaDASLocator roles.
    j. If you added the global group to the OnePointOp Reporting local group, grant the following additional role access:
    • Select OnePoint, and then select public, EeaReportViewer, and EeaDASLocator roles.
    • Select LogManagerConfiguration, and then select public and VigilEntUserAccess roles.
    • Select LogManagerSummary, and then select public and EeaReportViewer roles.
    k. Click OK to save the changes.
    l.  Repeat Steps d - j for each global group.
  4. Restart the NetIQ Security Manager service (OnePoint service in version 5.0) on each central computer.


note
To give users access to Security Manager, add them into the appropriate global group. The user must log off and log in for the group change to take effect.

Additional Information

Formerly known as NETIQKB48288

Feedback service temporarily unavailable. For content questions or problems, please contact Support.