Symantec Management Platform 7.1 has its own user accounts. Previous versions of Symantec Management Platform used Windows users and groups for user security. Windows users are still used, but they are no longer the only security mechanism.
User accounts, which are sometimes referred to as users, are not the same as user resources in Symantec Management Platform. A user resource is an entity that is used to associate managed devices with the owner of the device. The existing user resources and the user accounts that can log on to the Symantec Management Console or run a workflow are separate entities.
A Symantec Management Platform user account is linked to the Windows credentials that the user requires to access the Symantec Management Console. The user account may also be linked to internal credentials that it can use to access other Symantec Management Platform services, such as workflows. The user account can be added to the appropriate security roles: an account has the union of all the privileges and permissions that are granted by the roles to which it belongs.
A credential is something that a user account provides to prove its identity. In Symantec Management Platform, a credential may be a user name and password or a Windows account. The user account associates one or more credentials with a particular user and lets the user access the Symantec Management Console or Symantec Management Platform services.
Symantec Management Platform uses two types of credentials:
Lets a user access the appropriate Symantec Management Platform services using a user name and password that is stored in the CMDB. For security reasons, only the hash value of the password is stored.
A user account cannot use internal credentials to access the Symantec Management Console. The internal credentials are currently used only for workflow integration.
Lets a user access the Symantec Management Console and Symantec Management Platform services using a Windows user name and password. To use Windows credentials, Notification Server must be in the user's domain, or the user's domain must be trusted by the Notification Server domain.
You should configure Windows credentials if your organization uses Windows accounts internally. Using Windows credentials lets you enforce password complexity requirements, periodically change passwords, keep password history, and perform other password management tasks in Windows.
Imported Document ID: HOWTO63087
Subscribing will provide email updates when this Article is updated. Login is required.