Merge pull request #12581 from g-pan/H21867-admGp

HPCC-21867 HPCC Administrator Group

Reviewed-By: Russ Whitehead <william.whitehead@lexisnexis.com>
Reviewed-By: Jim DeFabia <james.defabia@lexisnexis.com> 
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>

docs/EN_US/ConfiguringHPCC/ConfiguringHPCC.xml

@@ -37,7 +37,7 @@
       similarity to actual persons, living or dead, is purely
       coincidental.</para>
 
-      <para />
+      <para></para>
     </legalnotice>
 
     <xi:include href="common/Version.xml"
@@ -1625,7 +1625,7 @@ sudo -u hpcc cp /etc/HPCCSystems/source/NewEnvironment.xml /etc/HPCCSystems/envi
 
           <para>Persistent HTTP connections can cause backwards compatibility
           issues with non-standard HTTP clients. You can disable this feature
-          by setting <emphasis>maxPersistentRequests</emphasis> to 0. </para>
+          by setting <emphasis>maxPersistentRequests</emphasis> to 0.</para>
         </sect3>
 
         <sect3 role="brk">
@@ -2058,6 +2058,38 @@ sudo -u hpcc cp /etc/HPCCSystems/source/NewEnvironment.xml /etc/HPCCSystems/envi
         </sect3>
 
         <sect3>
+          <title>The HPCC Administrator's account</title>
+
+          <para>You can set up an HPCC Administrator's account with limited
+          administrative rights. The HPCC Administrator does not have to be an
+          LDAP Administrator's account. This allows the HPCC Administrator to
+          be able to set up users, groups, and set permissions in HPCC without
+          having rights to perform other LDAP administrative functions. To use
+          this feature: <orderedlist>
+              <listitem>
+                <para>Create an LDAP group to contain all the HPCC
+                Administrator users. For example: "HPCCAdminGroup"</para>
+              </listitem>
+
+              <listitem>
+                <para>In the HPCC configuration manager navigate to this (LDAP
+                Server Process) page and enter the HPCC Administrator group
+                name as the value in the <emphasis
+                role="bold">adminGroupName</emphasis> field.</para>
+              </listitem>
+
+              <listitem>
+                <para>Add (HPCC Administrator) users to this new group.</para>
+              </listitem>
+
+              <listitem>
+                <para>Save and deploy the new configuration file, then restart
+                ESP to apply the new configuration.</para>
+              </listitem>
+            </orderedlist></para>
+        </sect3>
+
+        <sect3>
           <title>LDAP Server Process Notes</title>
 
           <para>This tab allows you to add any notes pertinent to the
@@ -2648,8 +2680,6 @@ sudo -u hpcc cp /etc/HPCCSystems/source/NewEnvironment.xml /etc/HPCCSystems/envi
 
           <para>
             <emphasis role="bold">Persistent Connections to Roxie</emphasis>
-
-            
           </para>
 
           <para>Persistent connections can cause backwards compatibility

docs/EN_US/Installing_and_RunningTheHPCCPlatform/Inst-Mods/UserSecurityMaint.xml

@@ -169,7 +169,7 @@
           </listitem>
 
           <listitem>
-            <para>You can change your password here, if desired. </para>
+            <para>You can change your password here, if desired.</para>
           </listitem>
 
           <listitem>
@@ -412,8 +412,11 @@
         <title>To promote a user to an Administrator</title>
 
         <para>To modify a users credentials you must have Administrator level
-        access. To promote a user to an HPCC Administrator, add the user to
-        the <emphasis role="bold">Administrators</emphasis> group.</para>
+        access. You can designate the HPCC Administrator account to have
+        limited permissions only relating to HPCC elements and not LDAP
+        administrator's rights. To promote a user to an HPCC Administrator,
+        add the user to the configured <emphasis
+        role="bold">Administrators</emphasis> group.</para>
 
         <para>Click on the<emphasis role="bold"> Operations</emphasis> icon,
         then click the <emphasis role="bold">Security</emphasis> link from the
@@ -464,10 +467,12 @@
                   <term>NOTE:</term>
 
                   <listitem>
-                    <para>The name of the default Administrator group could
-                    vary. For example, in Active Directory, it is
-                    "Administrators", in OpenLDAP it is "Directory
-                    Administrators".</para>
+                    <para>The name of the default Administrators group could
+                    vary. It is a configurable value defined as the value of
+                    <emphasis role="bold">adminGroupName</emphasis> in the
+                    configuration. For example, if you set the adminGroupName
+                    to "HPCCAdministrators", in the environment then
+                    HPCCAdministrators would display in the list.</para>
                   </listitem>
                 </varlistentry>
               </variablelist></para>