Chat now with support
Chat with Support

Welcome, erwin customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

Toad Intelligence Central 5.1 - Deployment Guide

Welcome to Toad Intelligence Central Install Toad Intelligence Central License Toad Intelligence Central Connect to Toad Intelligence Central Add New Users and Groups Manage Users and Groups Email Notifications Misc Administrator Activities Manage Objects Manage Folders Object/Folder Manager Privileges Reports Health Check Dashboard Support Bundle Server Maintenance Upgrade Toad Intelligence Central Uninstall Toad Intelligence Central About Us

User Roles

There are three user roles available in Toad Intelligence Central: Standard user, Power user, and Administrator. During installation of the Toad Intelligence Central server, the Toad Intelligence Central Administrator (root) user account is created. This account has access to all administrative privileges.

The root Administrator account (or any account with the Administrator role) can grant/edit the role for another user account. This can be done when creating a new account or when editing an existing account. See Users and Groups and Manage Users and Groups for more information.

Review the following role descriptions.

  • Administrator—Users with an Administrator role are granted all privileges in the administration of users, groups and objects. They are also granted some server and licensing privileges. The role of the Administrator (root user) cannot be changed.
  • Power User—Power users have all the privileges of the Standard user. In addition, Power users can force consumers to take a shared object that is published or managed by the Power user.
  • Standard User—All new users are granted the Standard role, by default.

Privileges by Role

Review the following privileges for each role. In particular, all actions performed through the Administration | Server section of the Web Console are available only to users with the Administrator role.

User Management Privileges

The following table lists the user management privileges that are provided by each role. See Manage Users and Groups for more information.

Privilege/Action Administrator Power user Standard user
Add users. This privilege is configuration dependent. See Configure New User Registration. Y configuration dependent configuration dependent
Add groups. This privilege is configuration dependent. See Misc Administrator Activities. Y configuration dependent configuration dependent
View users and groups Y Y Y
Change a user's role to Administrator, Power user, or Standard user. See Manage Users and Groups. Y N N
Change a user's email subscriptions. See Specify User Email Subscriptions. Y user's profile only user's profile only
Disable/enable a user Y N N
Remove a user Y N N
Edit Intelligence Central users any user user's profile only user's profile only
Reset the password of Intelligence Central users any Intelligence Central user user's password only user's password only
Create Intelligence Central groups Y Y Y
Edit/remove Intelligence Central group any group groups owned by user groups owned by user
Remove an Active Directory group Y N N
Synchronize Active Directory Y N N

Object Management Privileges

The following table lists the object management privileges that are provided by each role.

Privilege/Action Administrator Power user Standard user
Publish objects (non-secured folder) Y Y Y
Publish objects to a secured folder Y folders for which user has publish privilege folders for which user has publish privilege
View objects on Home page and view object details all objects objects shared with the user objects shared with the user
View a secured folder and its contents Y folders shared with the user folders shared with the user
(View or snapshot) Display the text for the underlying query Y objects managed by the user objects managed by the user
(Automation script) Display the detailed execution logs Y objects managed by the user objects managed by the user
Edit an object, grant/revoke access rights to the object, lock the object, delete the object, rename the object all objects objects managed by the user objects managed by the user
Move an object all objects objects managed by the user objects managed by the user
Move a non-secured folder and its contents Y folders in which all objects are owned by or managed by the user folders in which all objects are owned by or managed by the user
Move a secured folder and its contents Y folders managed by the user folders managed by the user
Create a secured folder. This privilege is configuration dependent. See Configure Server for Folder Security. configuration dependent configuration dependent configuration dependent
Delete a folder Y folders in which all objects are managed by the user folders in which all objects are managed by the user
Modify authentication key for an object Y objects managed by the user objects managed by the user
(View or Automation script) Edit the default value for a variable Y objects managed by the user objects managed by the user
(Automation script) Change script run account Y objects managed by the user objects managed by the user
Force consumers to take a shared object published or managed by the user Y Y N

Privileges Based on User-Object Relationship

In addition to granting object manage privileges by user role, manage privileges to an object are also granted based on the user's relationship to the object, for example, the object's publisher. For more information about privileges based on object relationship, see Manager Privileges.

Misc Privileges

Only a user with the Administrator role can view and access the Server page (Administration | Server) in the Web Console. The Server page contains the following miscellaneous features:

Privilege/Action Administrator Power user Standard user

View/access Administration | Server

Y N N

Licensing Privileges

The following table lists the licensing privileges provided by each role. See License Toad Intelligence Central for more information.

Privilege/Action Administrator Power user Standard user
View licenses Y Y Y
Enter new licenses Y Y Y
Delete licenses Y N N

Configure New User Registration

The root Administrator account (or any account with the Administrator role) can place some restrictions on how new users are registered and how accounts are created in Intelligence Central.

Enable/Disable Add Users and Self-Registration

By default anyone can self-register and add users to Toad Intelligence Central. Any user with an Administrator role can disable self-registration.

To enable/disable add users and self-registration

  1. Use a web browser to log in to Intelligence Central as a user with the Administrator role.
  2. Select Administration | Server | Permissions.
  3. In the New User Registration section, select one of the following options.

    Only the Administrator can add users Select this option to allow only users with an Administrator role to add users to Intelligence Central.

    Anyone can self-register and add users

    Select this option to allow anyone to self-register and add users. A pre-existing account on Toad Intelligence Central will not be required when self-registering.

    • Allow browser self-registration—Select this option to allow self-registration through the Intelligence Central Web interface (browser).

      This option is enabled by default. Depending on your security requirements, you may choose to disable this ability.

For more information about Administrator privileges, see User Roles.

Specify Default User Role

You can specify a default user role for all new accounts. The default role is applied when a new user account is created. Only Administrators can specify a default user role. Administrators can then change the new account's role later.

To specify default user role

  1. Use a web browser to log in to Intelligence Central as a user with the Administrator role.
  2. Select Administration | Server | Permissions.
  3. In the Default user role field, select a role from the drop-down list.

Restrict Registration to Active Directory Users

You can require that new accounts use only Active Directory credentials.

To restrict new accounts to Active Directory users

  1. Use a web browser to log in to Intelligence Central as a user with the Administrator role.
  2. Select Administration | Server | Permissions.
  3. Select New users can register with Active Directory (Windows) credentials only. When selected, only Active Directory users can be added to Toad Intelligence Central. No new Intelligence Central users can be added.

Configure New Group Creation

By default anyone can create group, and any user with Administrator role can update this rule.

To specify default user role who can create group

  1. Use a web browser to log in to Intelligence Central as a user with the Administrator role
  2. Select Administration | Server | Permissions
  3. In the New Group Creation section, select a role from the drop-down list

Synchronize Active Directory

When a domain in the Active Directory® forest is synchronized with Intelligence Central, changes to users and groups in the domain are replicated on Intelligence Central. Any user with an Administrator role (User Roles) can manage synchronizing Toad Intelligence Central with Active Directory.

Synchronize status

From a web browser login to Intelligence Central as a user with an Administrator role. Click Administration | Server | Settings.

Table 1: Domains in the Active Directory forest synchronized with Toad Intelligence Central

Field / Action Description

Last synchronized

Show the time the domain was last synchronized with Toad Intelligence Central.

If the last attempt was unsuccessful then the error is reported in red.

Edit

Click to edit the schedule or to show/change the username and password used to connect to the domain. This username/password pair is used to synchronize Toad Intelligence Central with Active Directory. The credentials are saved on Toad Intelligence Central.

Remove

Click to remove the domain from this list. The users and groups added from this domain will remain on Toad Intelligence Central, but will not be synchronized again. The Active Directory credentials saved on Toad Intelligence Central are removed.

Synch Now

Click to synchronize Toad Intelligence Central with the domain now. Note that if a Synchronization operation is already in progress then Toad Intelligence Central must wait till that is finished before it can synchronize again.

Synchronize rules

Changes to users and groups in Active Directory are replicated on Intelligence Central according to the following rules.

Table 2: Synchronization rules

Active Directory Toad Intelligence Central
User details updated Update the user details from Active Directory (name and email address).
User disabled Disable the user in Intelligence Central

User deleted

Delete the user from Intelligence Central if the user is inactive. Inactive users have no published objects, no objects shared with them as an individual and are part of no other group.

Otherwise, disable the user in Intelligence Central. This is to ensure that if the user owns any objects that they will be kept.

User renamed Delete or disable the old user in Intelligence Central (as above). A new user account is not automatically created in Toad Intelligence Central.
User enabled Enable the user in Intelligence Central.
Group details updated Update the group details in Intelligence Central (name and description).
Group deleted Remove the group from Intelligence Central. Users in the group who are inactive on Toad Intelligence Central are automatically deleted. Inactive users are users who have no published objects, no objects shared with them and are part of no other group.
Group membership updated (User added to the group) Add the user to the group in Intelligence Central. Create a the new Intelligence Central user account if the user does not already have one.
Group membership updated (User removed from the group) Remove the user from the group in Intelligence Central. Delete the user if the user is inactive. Inactive users have no published objects, no objects shared with them as an individual and are part of no other group.

Email Notifications

Intelligence Central can send activity reports and error alerts to users for objects they own or manage. A user with the Administrator role can receive an additional report—the Daily or Weekly Digest—that summarizes activities relevant to the Administrator role.

How to Configure Notifications

Email notifications can be enabled or configured on three different levels.

  • Server Level—You can enable email service for the server and configure server email settings. Only users with the Administrator role can perform this configuration. See Server Email Notification Settings.
  • User Level—You can subscribe individual users to the email notification service. Only users with the Administrator role can perform this configuration. See Server Email Notification Settings.
  • Email Notification Level—You can select which email notifications each individual user receives. Users with the Administrator role can configure email notifications for other users. Each user can edit their own profile. See Specify User Email Subscriptions.

Types of Email Notifications

There are four types of email notifications.

  • Personal Digest—Provides a summary of activity for the objects a user owns or manages.
  • Error Alerts—Sent when an error occurs during script execution or snapshot refresh for objects a user owns or manages. Also available to Administrators.
  • Daily Admin Digest—Provides a daily summary of activities relevant to the Administrator role. Available to Administrators only.
  • Weekly Admin Digest—Provides a weekly summary of activities relevant to the Administrator role. Available to Administrators only.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating