The Central Security Server (CSS) provides a single point of access for user management and security for DC RUM, Enterprise Synthetic, BSM and the Dynatrace Enterprise Portal.
System administrator account
A system administrator's account is created during CSS installation. You should use caution not to delete this account, but the system will prevent you from deleting the last available administrator account. There is no bootstrap administrator account available. You can assign system administrator privileges to any users added to the system.
Overview: adding users to a new implementation
The following high-level procedure provides an overview on how to set up product security and add users.
Assumption: An administrator has installed a new version of DC RUM and configured it to use CSS.
Select a user authentication method. By default ("local" authentication), a system administrator will manually add user accounts. For more information, see Setting up local authentication and password policies.
You can also use LDAP authentication, where authentication takes place when users log into the system with their network ID and password. We recommend that you use LDAP authentication, if this is a viable option for your organization and you have many potential users. It is more secure than local authentication, as information about users and groups do not have to be replicated in a second location (CSS will not store user passwords if you use LDAP). You may need to consult with your network administrators to properly configure this security feature. For more information, see Setting up LDAP authentication.
Add or import users. If you use "local" authentication, you create user accounts on the Users screen in the CSS console. For more information, see Adding a user.
If you configured LDAP authentication, you have two options: import individual users or import LDAP group(s). If you are going to use LDAP authentication and have a relatively large number of users, we recommend that you import LDAP groups, if possible, to simplify user management. An LDAP group is the equivalent of a corporate network group. A user's membership in that corporate group determines if they can access the system. When a user from the group logs in for the first time, a user account is created automatically in the CSS database. For more information, see Importing LDAP users and Importing LDAP groups.
All new users — whether they are added locally, imported individually from LDAP or as part of an LDAP group — will be assigned a role of Guest. Guests can only view reports in the CAS to which they have been assigned. They cannot configure monitoring components. New users are also assigned to the Everyone user group, which also has view-access to assigned reports.
Extend access to users or user groups.
A user's role assignment determines whether they can configure product features or create reports and dashboards. If added or imported users only need view-access to CAS reports they have been assigned, you do not have to assign a new role — their default Guest role assignment gives them the needed view access. You can assign one of four other roles (like the higher-access System Administrator or Report Administrator roles) to individual users, a locally created user group, or an imported LDAP group. You must be a System Administrator to access the RUM Console. A System Administrator user or group can view and edit all CAS reports.
For simplified user management, we recommend assigning roles at the group level, if possible, rather than to individual users. You may have to use a combination of individual and group role assignments to meet your access needs. For more information, see Roles overview and Creating user groups.