Managing users
HCL Quality Server has multiple choices associated with its security model. Depending on the security option selected during installation of the HCL Quality Server, different options are available based on the user accounts.
Security model
The features available within HCL Quality Server depend on the security model option chosen during installation but the applications security settings can be changed at any time after installation.
User types
- System administrators
- Users
- Change the server login passwords of other users and assign administrative privileges to other
users if the built-in security functionality of the server is being used.Note: If the Active Directory or LDAP security models are being used, user administrator tasks are managed by Active Directory or LDAP (whichever is applicable).
- Create, rename, and delete domains.
- Delete published stubs.
- View the activity and audit logs of the server.
- Change their own server login passwords within HCL Quality Server if the
built-in security functionality of the server is being used.Note: If the Active Directory or LDAP security models are being used, users can change the server login passwords within Active Directory or LDAP (whichever is applicable).
- View the Environment and start and stop stubs.
- View agents.
- View and modify scheduled tests.
User privileges
The following table outlines how access rights are determined by the security model option used.
If this HCL Quality Server security model option is being used... |
Who can access HCL Quality Server as a user? |
Who can be a HCL Quality Server system administrator? |
---|---|---|
None |
Anyone who knows the server applications URL. |
Anyone who knows the server applications URL. Note: This means that users cannot be created within the server application.
|
HCL Quality Server Built-in |
Anyone who has been assigned a user name and password by a administrator. |
When creating or modifying users, a system administrator can specify that a particular user is a system administrator. |
Active Directory/Lightweight Directory Access Protocol (LDAP) |
Any user with an Active Directory/LDAP user account that is a member of an Active Directory/LDAP user group that is selected during a fresh installation of the server or when you modify an existing installation. |
A system administrator must have an Active Directory/LDAP user account that is a member of an Active Directory/LDAP administrators group that was selected during (or after) installation of the server. |
User roles
- Domain administrator
- (Domain) user
- (Domain) API user
- System administrators can accomplish the following tasks:
- Create new domains.
- Add and remove other users to and from domains.
- Assign and remove domain user, domain API user, or domain administrator roles to those users.
- View the activity and audit logs of the server.
- Domain administrators can accomplish the following domain-level tasks in the domain(s) in which
they have that role:
- Add and remove other users to and from domains.
- Assign and remove domain user, domain API user, or domain administrator roles to those users.
- Delete projects published by other users.
- Delete scenarios created by other users.
- Delete Recording Studio recordings of other users.
Note: To accomplish all of these domain-level tasks, system administrators must assign themselves or be assigned to the domain administrator role. - Domain users can accomplish the following domain-level tasks in the domain(s) in which they have
that role:
- View Recording Studio recordings of other users.
- View the Environments landscape.
- View agents.
- View and modify scheduled tests.
- Publish stubs.
- Start and stop stubs.
- domain API users can access server command-line functions and REST API for the domain(s) in which they have that role, including starting and stopping stubs, but cannot log into and access the user interface. It is recommended that you create one (or more) user accounts with the API user role and have your remote processes (such as the HCL OneTest™ API Agent or automated scripts that call the REST API) operate as these users by providing them security tokens generated for one of these API users. This prevents the tokens that are stored with the unattended processes from being used to access the user interface. For more information about creating security tokens, see Creating and assigning security tokens.