Mapping Sybase Control Center Roles to LDAP or OS Groups

To grant Sybase Control Center privileges to users who are authenticated through LDAP or the operating system, associate roles used in Sybase Control Center with groups in LDAP or the operating system.

You can configure Sybase Control Center to enable users to authenticate through their local operating system or through an LDAP server. To make this type of authentication work, Sybase Control Center roles must be mapped to groups that exist in the system providing authentication (LDAP or the operating system) or in the login module.

By default, Sybase Control Center assumes there is a “sybase” group in the authenticating system and maps the LDAP or OS “sybase” group to Sybase Control Center roles to provide basic privileges. The table lists additional default mappings of LDAP and OS groups to Sybase Control Center roles.

Login module OS group Sybase Control Center roles
UNIX Proxy root uaAnonymous, uaAgentAdmin, uaOSAdmin
sybase uaAnonymous, uaPluginAdmin, sccUserRole
user uaAnonymous, uaUser
guest uaAnonymous, uaGuest
NT Proxy Administrators uaAnonymous, uaAgentAdmin, uaOSAdmin
sybase uaAnonymous, uaPluginAdmin, sccUserRole
Users uaAnonymous, uaUser
Guests uaAnonymous, uaGuest
LDAP sybase uaAnonymous, uaPluginAdmin, sccUserRole
There are two ways to accomplish the mapping:
  • (Recommended) Add a “sybase” group to the operating system or LDAP server Sybase Control Center is using to authenticate users, and add all users who need to access Sybase Control Center to the “sybase” group.
  • Configure Sybase Control Center to use an existing group in LDAP or the operating system by editing the roles-map.xml file. This option is described here.
  1. If Sybase Control Center is running, shut it down.
  2. In a text editor, open:

    <SCC-install-directory>/conf/roles-map.xml

  3. Locate the appropriate login module (UNIX or NT (for Windows)).
  4. Copy the line that maps the “sybase” group and paste it into the module just above the original sybase line.
  5. Change “sybase” to the name of the group in your operating system to which Sybase Control Center users belong. For example, if the group is SCCusers, the new line should look like this: 
    <role-mapping modRole="SCCusers" uafRole="uaAnonymous,uaPluginAdmin,sccUserRole" />
  6. Save the file and exit.
  7. Start Sybase Control Center.
Parent topic: Setting Up Security
Previous topic: Configuring an LDAP Authentication Module
Next topic: Configuring the E-mail Server
Related concepts
User Authorization
Related tasks
Assigning a Role to a Login or a Group

Created February 25, 2010. Send feedback on this help topic to Sybase Technical Publications: pubs@sybase.com