Mapping Sybase Control Center Roles to LDAP or OS Groups

To grant Sybase Control Center privileges to users authenticated through LDAP or the operating system, associate roles used in Sybase Control Center with groups in the operating system.

You can configure Sybase Control Center to enable users to authenticate through their local operating system or through an LDAP server. To make this type of authentication work, Sybase Control Center roles must be mapped to groups that exist in the system providing authentication (LDAP or the operating system) or in the login module. By default, Sybase Control Center maps the 'sybase' group to Sybase Control Center roles to provide basic privileges. The table lists additional default mappings of OS groups to Sybase Control Center roles.

Login module OS or LDAP group Sybase Control Center roles
UNIX Proxy root uaAnonymous, uaAgentAdmin, uaOSAdmin
sybase uaAnonymous, uaPluginAdmin, sccUserRole
user uaAnonymous, uaUser
guest uaAnonymous, uaGuest
NT Proxy Administrators uaAnonymous, uaAgentAdmin, uaOSAdmin
sybase uaAnonymous, uaPluginAdmin, sccUserRole
Users uaAnonymous, uaUser
Guests uaAnonymous, uaGuest
LDAP* sybase uaAnonymous, uaPluginAdmin, sccUserRole

*See Setting Up Roles and Passwords for instructions on adding an LDAP login module.

There are two ways to accomplish the mapping:
  • (Recommended) Add a sybase group to the operating system or LDAP server Sybase Control Center is using to authenticate users, and add all users who need to access Sybase Control Center to the sybase group.

    If you are configuring authentication through LDAP, you must also perform the steps in Setting Up Roles and Passwords.

  • Configure Sybase Control Center to use an existing group in LDAP or the operating system by editing the roles-map.xml file. This option is described here.
  1. If Sybase Control Center is running, shut it down.
  2. In a text editor, open this file:

    Windows: %SYBASE_UA%\conf\roles-map.xml

    UNIX: $SYBASE_UA/conf/roles-map.xml

  3. Locate the appropriate login module (LDAP, Unix, or NT (for Windows)).
  4. Copy the line that maps the sybase group and paste it into the module just above the original sybase line.
  5. Change "sybase" to the name of the group in your operating system to which Sybase Control Center users belong.
    For example, if the group is SCCusers, the new line should look like this: 
    <role-mapping modRole="SCCusers" uafRole="uaAnonymous,uaPluginAdmin,sccUserRole" />
  6. Save the file and exit.
  7. Start Sybase Control Center.
Parent topic: Authorization
Related tasks
Adding a Login to the System
Removing a Login from the System
Assigning a Role to a Login or a Group
Removing a Role from a Login or a Group
Adding a Group
Removing a Group
Adding a Login to a Group
Removing a Login from a Group
Modifying a User Profile in the System
Configuring Authentication for Windows
Related reference
Logins, Roles, and Groups