Before a security policy decision can be made, VISA must know the identity of the user attempting the action in question. Identity is established through a process of authentication: typically using a username and password. A user's identity consists not only of a username and associated real-world details (first name, last name etc), but also of the roles that a user is a member of. A username and a role are both instances of a principal. All authenticated VISA users belong, at a minimum, to the User role (and can never be removed from that role), so the authenticated user has at least two principal objects associated with it: the username of the user, and the User role principal. Typically though, users will be in at least one additional role, such as SENIOR_DBA or MANAGER.

Internal vs. external authentication

A user can be configured to authenticate internally or externally. An internal user's password is stored in hashed form in the VISA datastore. An external user's password is stored in the LDAP directory that VISA is pointed to (see Viewpoint staging guide for configuration details).

User and Role management

The Administrator uses the User Manager portlet to create, edit and delete users, and the Role Manager portlet for roles. Programmatically, the primary user/role management interface is com.teradata.viewpoint.identity.IdentityManager. See the javadoc for more detail.

IdentityManager Examples
// does the user exist? boolean exists = identityManager.isExistingUser("kaisersoze");

// get information on a user UserInfo kaiser = identityManager.getUserInfo("kaisersoze");

// add a user UserInfo kubla = new UserBean("kublakhan", "Kubla", "Khan", "",
    false, TimeZone.getDefault(), Locale.getDefault());

// get the list of roles for the user List<String> roles = identityManager.getUserRoleMappings(kubla);