The Sonatype CLM Server requires a username and password before any policies or policy elements can be created, viewed, and edited. When a user is created specific to Sonatype CLM, we consider this user to be part of the Sonatype Realm. This is also considered independent of other connected realms such as LDAP.
While Sonatype does suggest using a security protocol such as LDAP for managing users and permissions, the Sonatype Realm is still available for those who would like a lighter setup, where all users, groups and rights are stored directly in the Sonatype CLM server.. The function of user management in the Sonatype Realm focuses on managing all the elements of a user account. In this section we will cover:
Creating, Editing and Deleting Users
Any user that wants to access Sonatype CLM will need a username and a password. To perform the functions described throughout this section, you will need to use a user account that has been assigned to the System Administrator role.
By default the Sonatype CLM server has a preconfigured Admin account that has been assigned to all Administrator roles. Once you log in with this account for the first time, be sure to change the admin password.
To logout, click on the Log Out link located in the upper right corner.
![[Note]](images/icons/note.png){kind=icon}
|
|
|
The server will timeout after 30 minutes of inactivity. |
Notifications provide a way for Sonatype to distribute important information about Sonatype CLM.
Unread notifications are indicated by a count, in blue, displayed over the
notification icon 
.
This icon is located in the Sonatype CLM header, next to the display of the
logged-in user.
To view notifications, click on the notifications icon. This will open the Notification Panel, allowing you to click on any available notifications.
Sonatype CLM ships with a default admin account with a username
admin and a password admin123. If you do nothing else related to
security in Sonatype CLM, be sure to change this password. We’ll cover
this in Section 6.1.5, “Editing and Deleting User Information” section below in more details, while we
detail the process to change this default password now.
Admin Builtin.
admin123 for the default admin user),
the new password, and then confirm the new password.
|
|
|
|
Any user, including an admin, can change their password following the instructions above. However, only an admin can reset a user’s password (discussed later in this chapter) without knowledge of the current password. |
To create a new user in the Sonatype realm, follow the instructions below.
located in the top right of the header.
The Add New User form will now be displayed. Enter the following information:
Editing user information is only available to an admin. The information that can be edited includes the first name, last name, email address, and password. To edit an existing user, follow these steps:
located in the top right of the CLM header.
At least one user - the initial admin account - will be
displayed. If you hover your pointer over the user record you will
notice that there are three icons on the right.
![[Tip]](images/icons/tip.png){kind=icon}
|
|
|
With regard to changing a user’s password, a user can always change their own password. However, this requires knowledge of the existing password. If you encounter a user that has forgotten their password, you can reset it for them. |
