Logo Sonatype CLM Sonatype CLM Server - Security Administration
Documentation Index
Sonatype CLM Downloads
Release Notes
Document Descriptions and PDFs
Upgrade Instructions
Requirements

Sonatype CLM Server
Installation and Configuration
Security Administration
Policy Management
Dashboard
Application Composition Report
REST APIs

Sonatype CLM for...
Bamboo
CLI
Hudson and Jenkins
IDE
Maven
Nexus
SonarQube

The CLM Book (All Guides)
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Security Administration

4.3. Mapping Users to Roles

Mapping a user (or group if you have configured LDAP) to a role simply means finding a user, and assigning them to the desired role. Doing so grants the user the level of permissions for the role. These permissions were described above, with possible scenarios for using each one. Below, we’ve described the typical process for mapping a user to a role.

  1. From the security tab of an application or organization, click the Edit icon (it resembles a pencil).

    [Tip]

    Remember mapping a user to a role at the organization level will grant that user the same role and permissions to any associated applications.

  2. A search widget will be displayed. In the search field, enter the user’s name exactly as it is entered in your LDAP server. For example if you are looking for Isaac Asimov, you would enter that complete name. In cases where you don’t know a user’s complete name, leading or trailing wildcards (*) can be added. Using the example above, if I only knew the first name of the user, I could simply enter Isaac A*.

    [Warning]

    Use of leading wildcards can greatly impact user search times.
    [Note]

    Wildcards are only applicable for users of Sonatype CLM including, and beyond, version Sonatype CLM 1.11.1. All prior versions of Sonatype CLM do not support wildcard usage when mapping users to roles, as this is automatically appended/prepended to the search text (i.e. searching for smith is equivalent to *smith* in 1.11.1 and later).
    [Tip]

    You may notice that below each user, there is additional information. Most often this is the email. However, to the right of the email you will see the Realm (e.g. CLM). Use this to ensure you add the appropriate account (e.g. when working with CLM the local realm, and LDAP).

  3. Once you see the user you wish to add in the Available column, click the Plus icon to move them to the Applied column. Click the Save button to save your changes.

    [Tip]

    To remove users from a role, follow the same process above, just click the Minus icon to move the user from the Applied column to the Available column.
figs/web/role-management-assigning-standard-roles.png

Figure 4.3. Mapping Users to Roles


[Note]

Global roles are managed via system preferences figs/web/clm-server-system-preferences-icon.png. They are also unique in that they only have one role type, Administrator. Because of this, it can’t be stressed enough, that caution should be used when mapping users to this role.
Special Instructions When Groups Are Excluded From Search Results

Mapping a group to a role utilizes elements that are configured via the LDAP System Preferences area. If you go with the default options, groups will be included with the search results. That is, when you enter something into the Find User field, both groups and single users will be returned.

However, because the size of LDAP implementation can vary, you may want to consider not including groups with your search results. This option can be adjusted when using Dynamic Groups settings.

Making this change will then allow you to manually enter group names. However, when entering groups this way, no search or validation will be performed.

figs/web/mapping-groups-search-excluded.png

Figure 4.4. Mapping Groups When Not Included With Search