Whether it’s for access to the UCS portal, printers, or files, users’ authorizations in UCS are defined by their group memberships. This process facilitates the administration of authorizations in large environments in particular as there is no need to assign individual authorizations to each user separately. The group administration reduces the administrative efforts required when mounting new services to the central IDM especially if these services can be made available to defined groups in one go. Another considerable advantage is the fact that groups are saved in UCS’ LDAP and are thus identical across all UCS systems. In this way, you can not only tend to user accounts in groups, but also manage the authorizations of computer accounts.
The “Groups” Module
Groups are administrated in the “Groups” module, which can be found in the “Users” section of the UMC. The module allows you to create new groups, add users, and adjust settings.
When you open the module, you are shown an overview of the system’s current groups. As you can see in the following image, UCS comes with a number of preconfigured standard groups.
Standard Groups in UCS
The authorizations and memberships are already preconfigured in the standard groups. For example, all of the domain users are members of the “Domain Users” group in the default setting. Members of the “Domain Admins” group have administrative access to the UCS servers.
There are also standard groups for servers in which authorizations are preconfigured, for example the “Domain Controller Backup” group. Each domain controller backup requires access to the SSL certificates on the domain controller master. In the standard setting, this access is controlled by making the DC backups members of the “DC Backup” group and granting this group access. This shows how groups can be employed to establish a trust relationship between the servers in a domain. The UCS Domain Join is another example of how standard groups can work together. In this case, an administrator must be a member of the “Domain Admins” and “Backup Join” groups.
If Samba 4 is installed, UCS also includes the standard groups required by Active Directory.