What is User Management?

What is user management
User management is an important task of the administrator. He or she sets up users and user IDs and assigns or revokes access authorizations for IT systems or applications. User administration can be performed directly locally in the system concerned or via an externally connected, centralized database solution.

What is user management?

User administration, often called user management, summarizes various activities and is usually done by an administrator. He or she assigns user IDs, grants access rights to systems, services, or applications, and revokes them if necessary. User administration should enable users to complete the work and tasks assigned to them. At the same time, access to data or systems that the user does not need or that are specially protected should be prevented.

The user is usually identified by a user name and an associated password. User management protects IT systems and data from unauthorized access. Users are often assigned to higher-level groups that have corresponding rights. For the administrator, user administration is a typical recurring activity.

READ:  What is NAT (Network Address Translation)?

The most important activities of user administration

User management involves various activities. The most important are the following:

  • Creating user accounts
  • Assigning user names and initial passwords
  • Resetting passwords
  • Assigning permissions and access rights to systems, data, applications, and services
  • Assigning user accounts to specific groups
  • Locking user accounts
  • Revoking permissions and access rights
  • Deleting user accounts

Internal (local) and external (LDAP-based) user management

Basically, a distinction can be made between internal (local) and external (LDAP-based) user administration. Internal administration takes place directly in the system concerned. For example, an application may have an integrated database for the various users and their authorizations. The user rights and identifiers created there are only valid for the individual application.

In the case of external user administration, an external directory server, such as an LDAP server, is connected to the various systems and applications. A user set up centrally there is given specific user authorizations in each of the connected systems. This reduces the effort required for user management.

User management and the task of groups

Users often receive their authorizations as part of user management based on their membership in a specific group. Administrators create different groups with different access rights and assign individual users to these groups. This has the advantage that the rights are not assigned to each user individually, but to the entire group.

READ:  What is Air Gap?

For example, administrative and non-administrative groups can be set up. Users who are members of an administrative group can make changes to the system. Members in non-administrative groups are normal users or guests who have no special rights to make changes.

Automation of user management through identity management systems

Identity management systems (IDM systems) can be used to automate user management to a certain extent. In an IDM system, the various users (identities) and IT systems or IT business processes are created. Based on a unique set of rules, users are granted rights to the various processes and systems.

The steps for granting the required authorizations are automated once the set of rules has been stored and the user has been set up once. If an identity is removed from the IDM system, all authorizations are automatically revoked.