Manage Users and Groups

Once the User Manager service is running, click Manage users to open the User Manager interface. The interface shows all the users and groups that are stored in the User Manager database.

To create, remove, or edit users and groups, see Create, Edit, or Remove Users and Groups.
To import users from an LDIF file, see Import Users from LDIF File.
To filter users and groups, see Sort Users and Groups in User Manager Interface.

You might be required to log into the interface. Use the login credentials of one of the users that you specified in the Administrator sign-in IDs field. Only these users can open the User Manager interface and manage users.

User Manager interface

Create, Edit, or Remove Users and Groups

To create, edit, or remove custom users and groups and to view information about LDAP users and groups, such as group memberships, use the User Manager interface. When you connect the User Manager to an LDAP server, the User Manager copies to its database the user and group entries returned by the LDAP server based on your LDAP filters. The User Manager does not make any changes to the entries on the LDAP server.

This table describes the different operations that you can perform on users and groups (identities), depending on whether the identities are custom entries in the User Manager database or whether the identities are from an LDAP server.

Operation	Custom Identity	LDAP Identity
Create User Manager Administrator	If the User Manager is not connected to an LDAP server, the custom users that you specify in the Administrator sign-in IDs field are automatically created in the User Manager database and the users are assigned the password that you specified in the Initial administrator password field. If the User Manager is connected to an LDAP server, log into the User Manager interface with valid administrator credentials and create the custom users that you specified in the Administrator sign-in IDs field. You see an ADMIN label next to the administrator ID in the interface.	The LDAP users that you specify in the Administrator sign-in IDs field are automatically copied to the User Manager database. You see an ADMIN label next to the administrator ID in the interface.
Remove User Manager administrator	To remove a User Manager administrator, remove the username from the Administrator sign-in IDs field, save your changes, then restart the apps. The ADMIN label no longer appears next to the user ID in the User Manager interface. To remove the user completely from the database, after the restart, an administrator must log into the User Manager interface to delete that user. If the administrator is a custom user that overrides a duplicate LDAP user, click the icon in the Actions column and select Delete. The custom identity is removed from the database and the administrator role is transferred to the LDAP user.	To remove a User Manager administrator, remove the username from the Administrator sign-in IDs field, save your changes, then restart the apps. The ADMIN label no longer appears next to the user ID in the User Manager interface. To remove the user completely from the database, contact your LDAP administrator.
Create user	To create a custom user, click Create > User and then specify a user ID, for instance `jsmith`, and a password. For Polyspace^® as You Code users, this custom user ID must match the username of the machine where Polyspace as You Code runs. Optionally, you can specify a display name, for instance `John Smith`, and assign the user to groups. To assign the user to a group, click inside the Member Of field and select a group or start typing a group name. You cannot assign a custom user to an LDAP group. If you specify a display name, the custom user is listed by this display name in the Polyspace Access interface. Otherwise, the user is listed by the ID (username). You cannot create duplicate identities (identities with the same ID). If you import users from an LDAP server and one of the LDAP identities is a duplicate of a custom identity in the User Manager database, the custom identity overrides the LDAP identity. Polyspace Access accepts the login credentials and shows information (such as group memberships) for only this identity. After you create a custom user: Add the user sign-in ID to the `MLM.opts` file to grant that user right-to-use privileges for Polyspace Access. See Manage Named Users for Polyspace Access. Add the user to Polyspace Access. See Update List of Polyspace Access Users and Groups.	To create LDAP users, contact your LDAP administrator. You cannot create LDAP users from the User Manager interface. The User Manager copies all the users that are returned by the LDAP server to the User Manager database. If you add a user in your LDAP directory: Add the users to the `MLM.opts` file to grant those users right-to-use privileges for Polyspace Access. See Manage Named Users for Polyspace Access. The User Manager database syncs automatically with the LDAP server based on the interval you specify in the Synchronization interval (seconds) setting. To update the list of LDAP identities manually, click Sync With LDAP. Add the user to Polyspace Access. See Update List of Polyspace Access Users and Groups.
Create group	To create a custom group, click Create > Group and then specify a group ID, for instance `myGroup`. Optionally, you can specify a display name, for instance `My Team Members`, and assign the group to other groups. To assign the group to another group, click inside the Member Of field and select a group or start typing a group name. You cannot assign a custom group to an LDAP group. You can also assign other users and groups as members of this group. To assign other users and groups as member of this group, click inside the Members field or start typing a user or group name. You can assign LDAP users and groups as members of custom groups. If you specify a display name, the custom group is listed by this display name in the Polyspace Access interface. Otherwise, the group is listed by the ID (username). After you create a group, add it to Polyspace Access. See Update List of Polyspace Access Users and Groups.	To create LDAP groups, contact your LDAP administrator. You cannot create LDAP groups from the User Manager interface. The User Manager copies all the groups that are returned by the LDAP server to the User Manager database. If you add a group in your LDAP directory: The User Manager database syncs automatically with the LDAP server based on the interval you specify in the Synchronization interval (seconds) setting. To update the list of LDAP identities manually, click Sync With LDAP. Add the group to Polyspace Access. See Update List of Polyspace Access Users and Groups.
Edit or delete users and groups	To edit custom identities, click the icon in the Actions column and select View Details. In the window that opens, click Edit. For all identities, you can modify the display name and the list of groups that the identity belongs to. For groups, you can also modify the list identities that belong to this group. You can add LDAP identities as group members. You cannot edit a custom identity if that identity overrides a duplicate LDAP identity. To remove an identity, click the icon in the Actions column and select Delete. This operation cannot be undone. To remove an administrator, see "Remove User Manager administrator" in this table. If you remove a custom identity that overrides a duplicate LDAP identity, the project permissions and review information associated with that custom identity in Polyspace Access are transferred to the LDAP identity.	To edit or remove LDAP identities, contact your LDAP administrator. You cannot edit or remove LDAP identities from the User Manager interface. You can also remove LDAP identities by adjusting the LDAP filters in the User Manager settings or by disconnecting your LDAP server from the User Manager. See Connect Your Organization LDAP Server to the User Manager.
Update user password	Click the icon in the Actions column and select Change Password	To change the password of an LDAP user, contact your LDAP administrator. After the LDAP administrator makes the changes, click Synch With LDAP to update the User Manager database. You cannot change the password of an LDAP user from the User Manager interface.

Import Users from LDIF File

To add users from an LDAP server to the User Manager database without connecting to that LDAP server, export the user to an LDAP Data Interchange Format (LDIF) file and import the users from that file. An LDIF file is a text file that stores user accounts and other LDAP directory data. To import the users:

From the User Manager interface, click Import > LDIF.

Fill out the fields in the LDIF Import form. Contact your LDAP administrator to obtain the relevant values for the Object Class field and the fields in the Source attributes section from the LDIF file.

Field	Description
File	Select the LDIF file from which you want to import users. When you click Choose File, you can browse files on the machine where you opened the User Manager interface. This might be different machine from the machine where you installed Polyspace Access™.
Object class	Specify the object class attribute for the entries that you want to import, for instance, `organizationalPerson`. Typically, you use this attribute to determine which other attributes are associated with an LDAP entry. Polyspace does not use the Object class attribute to check the validity of other attributes.
Ignore duplicates	When you select this option, Polyspace does not import a user from the LDIF file if a user with the same ID (username) already exists in the User Manager database. When you deselect this option, the import fails if duplicate entries exist.
Ignore invalid entries	When you select this option, Polyspace ignores invalid entries. Entries are invalid if they have missing attributes, use an unsupported password hash, or are duplicates of existing entries. When you select this option, the Ignore duplicates option is also selected. When you deselect this option, the import fails if there are invalid entries.
ID attribute	Specify the username attribute for the entries that you want to import, for instance, `uid`. Typically, the username is a unique identifier.
Display name attribute	Specify the display name attribute for the entries that you want to import, for instance, `cn`. Typically, the display name is the first and last name of the user. The display name might not be unique within an organization.
Email attribute	Specify the email attribute for the entries that you want to import, for instance, `mail`.
Password attribute	Specify the password attribute for the entries that you want to import, for instance, `userpassword`. The User Manager LDIF import supports only plain text passwords.
Image URI attribute	Specify the image attribute for the entries that you want to import, for instance, `jpegPhoto`. This attribute is optional.

For example, to import users from this LDIF file:

LDIF file

Fill out these entries.

Entry	Value
Object class	`inetOrgPerson`
ID attribute	`uid`
Display name attribute	`cn`
Email attribute	`mail`
Password attribute	`userPassword`

Sort Users and Groups in User Manager Interface

To manage large sets of users and groups, sort the identities by using the Filter button and the text filter.

Click Filter and clear a filter to hide the corresponding users and groups. For example, if you clear Group, you do not see any group in the list of identities.
You can filter users by:
- Type — Show or hide only users or groups.
- Source — Show or hide only custom identities (internal) or identities imported from the LDAP server.
- Uniqueness — Show or hide only identities that are unique or identities that override a duplicate LDAP identity.
  An identity overrides a duplicate identity when you import identities from LDAP, and one of the LDAP identities has the same ID as a custom identity in the User Manager database. The custom identity overrides the LDAP identity and you see the OVERRIDES label in the Source column.
Use the text field to filter identities by ID or by display name.
When you use the text filter, the text must match the ID or display name from the start of the string. For instance, if you type Smith in the search filter, this entry matches user Smith Johnson, but does not match user John Smith.

Update List of Polyspace Access Users and Groups

When the Polyspace Access Web Server service starts, Polyspace Access populates its list of users and groups from the User Manager database. You can select from only this list when you assign analysis findings to users or when you set user and group roles while managing permissions for a project or folder.

After you start the Polyspace Access Web Server service, if you add or remove a user or group from the User Manager database, Polyspace Access updates the list of users and groups whenever you log into the Polyspace Access web interface. If you are already logged in, Polyspace Access updates the list of users and groups when you refresh your web browser.

If you remove a user or group from the User Manager database and that user or group has an assigned Polyspace Access role, Polyspace does not remove that user or group from its list of users and groups when you log into or refresh the web interface, even if you restart the Polyspace Access Web Server service.

To remove users or groups that have assigned roles from Polyspace Access:

Click Restart Apps in the Cluster Dashboard.
In a web browser, enter the URL that you use to open the Polyspace Access web interface and append /identities/list/removed to the URL, for example, https://access-machine.company.com:9443/identities/list/removed. See Open the Polyspace Access Web Interface.
You must be logged in as a user who has Administrator privileges. To set a user as Administrator, see General User Manager Settings.
Select the usernames that you want to remove from Polyspace Access and click Confirm clean-up. To select multiple users, press the CTRL key. To return to the Polyspace Access interface, click the back button in your web browser.