ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

UIM / DX Unified Infrastructure Management Users Explained

book

Article ID: 34589

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

There are three types of uses that can be created and used in UIM



1. Real Nimbus Users

2. Account Contact Users

3. LDAP Users



All these users can run in the same security context though they are created and managed in different ways.

Environment

Release: UIM 20.x

Resolution

There are essentially two types of users: Real Nimbus Users and Account Contact users.  LDAP users fall into one these two categories but are a little more fluid.

1. Real Nimbus Users are created in Infrastructure Manager, (IM), through Security->User Administration.  These users are written to security.dta file in the hub folder and the NimsoftSLM database never sees these users, (so UMP cannot see them).

2. Account Contact Users are created in IM through Security->Account Administration, and also in OC through the AccountAdmin webapp.  These users are written to the NimsoftSLM database and  IM can read ACLs written this way.  When a user logs into OC for the first time, their user account is copied to the separate DB tables (CM_USER).  Also, Account Contact users cannot assign alarms to Real Nimbus users.

3. LDAP Users can be treated as Real Nimbus Users or Account Contact Users - it depends on which ACL they are given. If the ACL is Linked to an Account, then the LDAP user will be treated as an Account Contact (even if they're not a member of that account.) If the ACL they are given is not linked to any account, the LDAP user gets treated as a Real Nimbus User.

Some notes: 

- User information can be stored in four different places: 
    - Nimsoft\hub\security.dta for real nimbus users.
    - NimsoftSLM > Account_, Group_ and CM_USERS tables for account contact users.
    - NimsoftSLM CM_USERS table for users who have successfully authenticated in UMP.
    - The completely separate Active Directory tables for LDAP users.

- Users who want to access OC SLM portlet or Dashboard Designer must be Real Nimbus Users, created in IM under Security->User Administration and have the 'SLM Admin' or 'Dashboard Designer' permission on their ACL.
This is by design and is intended to prevent one customer from one account from being able to view data that belongs to a different account. Again, these users are created exclusively in IM through "User Administration".

- All usernames should be unique.  Creating LDAP users, Real Nimbus Users, and/or Account Contact users with identical usernames will create confusion about which credentials are being used to authenticate in OC.
 

Additional Information

Please check the UIM document:  
Types of Users

Related KBs:

Some ACLs from IM are not visible in Account Admin in OC (broadcom.com)