User Administration and Security - Client Owner Security

Table of Contents

Adding a Client Owner to a Client

  1. From the CommCell Browser, expand Client Computers.
  2. Right-click the client and click Properties.

    The Client Computer Properties dialog box appears.

  3. Click the Security tab.
  4. In the Client Owners section do the following:
    • To add a user as the client owner, click in the Users box and enter the user name.

      To add a domain user, enter the user name as domain_name\user_name.

    • To add a CommCell or external user group as the client owner, click in the User Groups box and enter the user group name.
  5. Click OK.

Defining Capabilities for Client Owners

As a security method to control CommCell operations, you can assign specific capabilities to a client owner. This is useful for laptop clients, where each client has more than one owner, as some of these owners may not require certain capabilities to manage their data from the Web Console.

You can assign capabilities for all client owners in the CommCell or for only the client owners of a particular client as explained in the following sections:

At the CommCell Level

Assigning capabilities at the CommCell level results in the capabilities assigned universally to all client owners. When clients are installed to this CommCell, they automatically inherit the capabilities set at this level.

Use the following steps to assign capabilities for all client owners in the CommCell:

  1. From the CommCell Console ribbon, click the Home tab, and then click Control Panel.
  2. In the System section of Control Panel, click System Owner Capabilities.
  3. From the Available Capabilities list, select the capabilities that you want to assign as security rights.
  4. Click Include > to move the selected capabilities to the Assigned Capabilities list.
  5. Click OK.

At the Client Group Level

Assigning capabilities at Client Group level results in the capabilities assigned universally to all client owners residing in that particular client group. When clients are installed pointing to this specific client group, they automatically inherit the capabilities defined at this level. Capabilities defined at the CommCell level appear grayed out and cannot be removed at the client group level.

Use the following steps to assign more capabilities for clients at client group level.

  1. From the CommCell Browser, navigate to Client Computers Groups.
  2. Right-click the <Client Group> and then click Properties.
  3. From the Client Group dialog box, click the Security tab.
  4. Click Owner Capabilities.
  5. From the Client Owner Capabilities dialog box, select the capabilities that you want to assign from the Available Capabilities list.
  6. Click Include > to move the selected capabilities to the Assigned Capabilities list.
  7. Click OK.

At the Client Level

You can define capabilities at a more granular level for client owners of a specific client computer. This is useful if you have assigned only a few basic capabilities (such as Browse and View) at the CommCell level and you want to assign more client owner capabilities to specific clients. Capabilities defined at the CommCell and Client Group level appear grayed out and cannot be removed at the client level.

Use the following steps to assign more capabilities for client owners of a specific client.

  1. From the CommCell Browser, navigate to Client Computers.
  2. Right-click the <Client> and then click Properties.
  3. From the Client Computer Properties dialog box, click the Security tab.
  4. Under the Client Owners area, click Client Owner Capabilities.
  5. From the Client Owner Capabilities dialog box, select the capabilities that you want to assign from the Available Capabilities list.
  6. Click Include > to move the selected capabilities to the Assigned Capabilities list.
  7. Click OK.

Enabling Privacy

Use the Privacy feature to prevent users and administrators who are not client owners from seeing the data on the client.

Using the Privacy feature for a client causes the following behavior:

  • Only a client owner may lock and unlock the client.
  • Only a client owner may access data protected on the client, for example, perform Browse and Restore, Find, and Reference Copy operations.
  • Only a client owner may add or remove other client owners.
  • Only a client owner may change his or her own user properties.
  • Locked clients have a padlock icon displayed in the CommCell Console.

Enabling Privacy at the CommCell Level

Before client owners can use the Privacy feature on their clients, the Prevent admin access to user data check box must be selected.

If the Prevent admin access to user data check box is cleared, locked clients remain locked but no new clients can be locked.

  1. From the CommCell Console ribbon, click the Home tab, and then click Control Panel.
  2. Under the Configure section, click System.
  3. In the System dialog box, click the Security tab.
  4. Select the Prevent admin access to user data check box.
  5. Click OK.

Using Privacy on Clients

The user selecting the Prevent administrators from viewing or downloading your data check box on the client must:

The Prevent administrators from viewing or downloading your data check box cannot be selected if there are user groups listed as client owners in the Security tab of the Client Computer Properties dialog box.

Use the following steps to enable privacy:

  1. From the CommCell Browser, navigate to Client Computers.
  2. Right-click the <client computer> and then click Properties.
  3. In the Security tab of the Client Computer Properties dialog box, select the Prevent administrators from viewing or downloading your data check box.
  4. In the Privacy Settings dialog box, enter your logon password in the Password box and click OK.
  5. Click OK.

Listing All Private Clients

Use the following command to list all clients where the Prevent administrators from viewing or downloading your data check box is selected:

qoperation execscript -sn GetAllLockedClientsAndOwners

The client name and the user names and email addresses of the associated client owners are displayed.

For more information on using QScripts on the command line, see Using QScripts on the Command Line.