Creating Cadenza Administrators

To create user groups in Cadenza to which the users of your user management system can be mapped, and to assign privileges to them, at least one Cadenza administrator is needed.

Cadenza Administrators and Cadenza Super Administrators

Apart from regular Cadenza administrators, there optionally can be super administrators: A super administrator automatically has every system privilege and also all authorizations for all repositories and their items (except the „write data“ privilege on objecttypes).

Creating Cadenza Administrators (Overview)

The first Cadenza administrator must be defined via configuration; he then can create regular administrators:

  1. A system administrator configures one temporary administrator in a non-productive system, using XML user management.

  2. In the Management Center, this Cadenza administrator creates one or more regular administrator users.

  3. After that, it is strongly recommended that a system administrator removes the XML user management (as it should not be active in a productive environment).

Everything else can be done by the regular administrators and they can also lifecycle the environment or switch it to production.

Creating an Administrator via XML User Management

Information on XML user management

If one or more of the future regular administrators are to be appointed as super administrators, the temporary administrator must already be marked as super administrator by setting the tag <superAdmin> to „true“, as in the following example:

<?xml version="1.0" encoding="UTF-8"?>
<embedded>
<users>
<user>
<loginName>superadmin</loginName>
<password>super</password>
<superAdmin>true</superAdmin>
<user>
</users>
</embedded>

Creating Regular Administrators

In the Management Center, the temporary administrator needs to do the following:

  1. Create a user role with the system privileges that future administrators should have. If one or more of the regular administrators are to be appointed as super administrators, create a second role for super administrators, this time activating the system privilege „Manage all“.

  2. Create an administrator group whose ID is referenced in the group mapping configuration (e.g. for LDAP or for SSO), so the designated administrators can be mapped to the Cadenza administrator group. If applicable, create a second group for super administrators.

  3. Assign the user role(s) to the (corresponding) user group(s).

Removing the XML User Management

Since in a productive environment no XML user management should be active, it is strongly recommended that a system administrator removes it as soon as there are regular Cadenza administrators. This includes:

  • deactivating the plug-in

  • deleting the configuration file with the temporary administrator

  • removing references to "Embedded" in the accessmanager-config.xml file