8.6.1 Settings for Tenant Management and Account Management

This section explains how to change the settings for the tenant management and the account management.

Display setting for user list
This section explains the procedure for changing the setting for whether or not tenant users are to be displayed, when an infrastructure administrators has used the tenant management to display the user list.
Setting for registration format of tenant users
This section explains the procedure for changing the setting for whether a provisional account of a tenant user is to be registered or whether the tenant user is to be registered directly, when a tenant administrator registers a tenant user.
Setting for execution authority of the tenant management
This section explains the procedure for changing the setting for whether or not a tenant administrator can perform the following tenant management:
- Add users
- Delete users
- Delegate user privileges
- Set user password
Password change notification email settings
This section explains the procedure for modifying the settings when determining whether or not to include a new password within the body of the password change notification email that is sent once password settings are complete, in the event that a tenant administrator sets the user's password.
Setting for execution authority of the account management
This section explains the procedure for changing the setting for whether or not a tenant administrator or tenant user can perform the following account management:
- Changing the user's own information
- Changing the user's own password
Directory service operation setting
This section explains the procedure for changing the setting for whether or not registration to directory service can be performed and for whether or not password modification is to be allowed, when an infrastructure administrators or a tenant administrator registers a user.

Point

Setting for registration format of tenant users and Setting for execution authority of the tenant management can be set by "Setup Wizard" on the ROR Console. See the table below for the settings items can be set by "Setup Wizard" on the ROR Console.

For details of "Setup Wizard", refer to "3.1 Setup Wizard" in the "User's Guide for Infrastructure Administrators CE".

Stopping the manager

Stop the manager.
Refer to "2.1 Starting and Stopping the Manager" for information on how to stop the manager.

Tenant Management Settings

The procedure for changing the setting of the tenant management is as follows.

Open the following file.

[Windows Manager]

Installation_folder\RCXCTMG\SecurityManagement\conf\portal.properties

[Linux Manager]

/etc/opt/FJSVctsec/conf/portal.properties

The following information must be modified:

Setting item	Settings
visible.tenantuser	Setting for infrastructure administrators operation	Specify "on" if both tenant administrators and tenant users are to be displayed in the user list for the tenant management, and specify "off" if only tenant administrators are to be displayed. The initial value is "on". If "off" has been specified, the tenant users will not be displayed in the User List window of the tenant management.
provisional.acount (*)	Setting for tenant administrator operation	Specify "on" if a provisional account of a tenant user is to be created when the tenant management is to be used to register the tenant user, and specify "off" if the tenant user is to be registered directly. The initial value is "on". If "off" has been specified, the window for directly registering a tenant user will be displayed when registering a tenant user.
allowUpdate (*)		Specify "on" if the tenant management is to be performed, and specify "off" if it is not to be performed. The initial value is "off". If "off" has been specified, the Tenant tab will not be displayed on the ROR Console.
setPassword.tenantadmin.mailwithpasswd		When setting the user's password in tenant management, configure the settings to "on" to include the new password in the body of the password change notification email, or to "off" when not including the password in the email. The default value is set to "on". A new password will be included in the body of the password change notification email in the event that this value is omitted and/or the key is undefined.
leftMenu.modifyUser.admin.visible		Specify "on" if changing user account is to be performed using the account management, and specify "off" if it is not to be performed. The initial value is "on". If "off" has been specified, the Change user account button will not be displayed in the Account window of the account management.
leftMenu.changePassword.admin.visible		Specify "on" if changing user password is to be performed using the account management, and specify "off" if it is not to be performed. The initial value is "on". If "off" has been specified, the Change user password button will not be displayed in the Account window of the account management.
leftMenu.modifyUser.user.visible	Setting for tenant user operation	Specify "on" if changing user account is to be performed using the account management, and specify "off" if it is not to be performed. The initial value is "on". If "off" has been specified, the Change user account button will not be displayed in the Account window of the account management.
leftMenu.changePassword.user.visible	Setting for tenant user operation	Specify "on" if changing user password is to be performed using the account management, and specify "off" if it is not to be performed. The initial value is "on". If "off" has been specified, the Change user password button will not be displayed in the Account window of the account management.

* note : this can be set by "Setup Wizard" on the ROR Console.

A setting example is shown below.
If the line in red font below is missing, please add it.

    ... omitted
allowUpdate = on
setPassword.tenantadmin.mailwithpasswd=off
    ... omitted
leftMenu.modifyUser.admin.visible=on
leftMenu.changePassword.admin.visible=on
leftMenu.modifyUser.user.visible=on
leftMenu.changePassword.user.visible=on

visible.tenantuser=on
provisional.acount=on

Open the following directory service operation definition file.

[Windows Manager]

Installation_folder\ROR\SVROR\Manager\etc\customize_data\ldap_attr.rcxprop

[Linux Manager]

/etc/opt/FJSVrcvmr/customize_data/ldap_attr.rcxprop

The following information must be modified:

Setting item	Settings
directory_service (*)	Setting for infrastructure administrators, tenant administrator, and tenant user operation	Specify "true" if user registration to directory service can be performed and password modification is to be allowed when the tenant management is to be used to register a user, and specify "false" if no user registration to directory service is to be performed and no password modification is to be allowed. The initial value is "true". If "false" has been specified, the Set password button will not be displayed in the User List window of the tenant management. In addition, the Change user password button will not be displayed in the Account window of the account management. Note that, if "false" is specified, users must already be registered in the directory service. Perform user registration according to the directory service to be used.

* note : this can be set by "Setup Wizard" on the ROR Console.

Edit only the "directory_service" line in the definition file.

A setting example is shown below.

directory_service=true

Starting the manager

Start the manager.
Refer to "2.1 Starting and Stopping the Manager" for information on how to start the manager.