IBM Performance Management

Roles and Permissions

A role is a group of permissions that control the actions you can perform in Performance Management.

Use the Role Based Access Control page to manage users and roles or alternatively use the Authorization API to complete Role Based Access Control tasks from the command line. For more information, see Exploring the APIs.

There are four default roles available in Performance Management:
Role Administrator
This role is intended for users whose primary job function is to create access control policies for Performance Management. This role has all permissions. If you change the default user, the new default user is automatically a member of the Role Administrator role. This role cannot be edited. Role Administrators are prevented from removing themselves from the Role Administrator role. This restriction removes the risk of accidentally removing all users from the Role Administrator role.
Monitoring Administrator
This role is intended for users whose primary job function is to use Performance Management to monitor systems. Monitoring Administrators perform tasks such as adding monitoring applications, creating thresholds, adding groups of resources, and distributing the thresholds to these resource groups. This role can be edited.
System Administrator
This role is intended for users whose primary job function is to perform administration tasks for the Performance Management system. System Administrators perform tasks such as configuring the Event Manager, or configuring the Hybrid Gateway. This role can be edited.
Monitoring User
This role is intended for users whose primary job function is to configure and maintain the health and state of systems that are monitored by Performance Management. This role can be edited.
The following table describes the permissions that you can assign to roles, and the four available default roles and associated permissions:
Table 1. Roles and permissions
  Role Administrator Monitoring Administrator System Administrator Monitoring User
View Modify View Modify View Modify View Modify
System configuration permissions
Advanced Configuration Yes N/A No N/A Yes N/A No N/A
Agent Configuration Yes N/A Yes N/A No N/A No N/A
Informational Pages Yes N/A Yes N/A Yes N/A Yes N/A
Search Provider Yes N/A Yes N/A No N/A No N/A
Usage Statistics Yes N/A Yes N/A No N/A No N/A
Resource permissions
Application Performance Dashboard Yes Yes Yes Yes Yes No Yes No
Applications Yes Yes Yes Yes No No Yes No
Individual Application Application and resource group permissions.
Diagnostics Dashboard Yes N/A Yes N/A No N/A Yes N/A
Resource Group Manager Yes N/A Yes N/A No N/A No N/A
Individual Resource group Application and resource group permissions.
Resource Groups Yes Yes Yes Yes No No No No
Synthetic Script Manager Yes N/A Yes N/A Yes N/A No N/A
Threshold Manager Yes N/A Yes N/A No N/A No N/A
Where
Yes indicates that members of this role have this permission
No indicates that members of this role do not have this permission
N/A indicates that this permission does not exist
The following table describes the actions that are associated with each permission:
Table 2. Permissions
Permission Description
Advanced Configuration If you have view permission, you can perform the following tasks:
  • View System Configuration>Advanced Configuration in the menu bar.
  • Make and save changes in the Advanced Configuration window.
Agent Configuration If you have view permission, you can perform the following tasks:
  • View System Configuration>Agent Configuration in the menu bar.
  • Make and save changes in the Agent Configuration window.
Informational Pages If you have view permission, you can perform the following task:
  • View the Getting Started Getting Started and HelpHelp icon icons in the menu bar.
Note: When the Getting Started page opens, if you clear Show this page at startup, for subsequent logins, you see a permission denied error. However, you are still able to navigate to the Getting Started page and any other areas that you have permission to.
Search Provider If you have view permission, you can perform the following tasks:
  • View System Configuration>Configure Search Providers in the menu bar.
  • Make and save changes in the Configure Search Providers page.
Usage Statistics If you have view permission, you can perform the following task:
  • View Report icon>Usage Statistics in the menu bar.
Application Performance Dashboard If you have view permission, you can perform the following tasks:
  • View the Application Performance Dashboard icon on the menu bar.
  • View the Application Performance Dashboard.
  • Create custom views in Attribute Viewer and save them for your own use.
If you have modify permission, you can perform the following tasks:
  • View the Application Performance Dashboard icon on the menu bar.
  • View the Application Performance Dashboard.
  • Create custom views in Attribute Viewer and share them with others.
  • View the Actions>Edit option in component pages, this option enables you to edit the threshold values and other settings of the group widgets that display in the Components dashboard.
Applications If you have view permission, you can perform the following tasks:
  • View applications in the Application Dashboard.
If you have modify permission, you can perform the following tasks:
  • View applications in the Application Dashboard
  • Create, modify, and delete applications, the new, modify, delete icons appear in the Application Dashboard.
Individual Application See Application and resource group permissions.
Resource Group Manager If you have view permission, you can perform the following task:
  • View System Configuration>Resource Group Manager in the menu bar.
Resource Groups If you have view permissions, you can perform the following task:
  • View resource groups and the systems in them in Resource Group Manager. To assign thresholds, you also need to be a member of a role that has view permission for Threshold Manager.
If you have modify permission, you can perform the following tasks:
  • View resource groups and their contents in the Resource Group Manager.
  • Create, modify, and delete resource groups, the new, modify, delete icons are visible in the Resource Group Manager.
Note: Resource Group Manager is used to organize monitored systems into groups, so that eventing thresholds can be assigned to these groups. If you do not have view permission to Threshold Manager, you are not able to see the eventing thresholds that are assigned to Resource Groups. If you assign the modify Resource Groups permission to a role, you also need to assign the view Threshold Manager permission to the role.
Individual Resource Group See Application and resource group permissions.
Threshold Manager If you have view permission, you can perform the following tasks:
  • View System Configuration>Threshold Manager in the menu bar.
  • View the eventing thresholds that are assigned to resource groups in Resource Group Manager and edit them if you have appropriate permission for this particular group.
Synthetic Script Manager If you have view permission, you can perform the following tasks:
  • Create, modify, and delete synthetic transactions in the Synthetic Transaction Manager.
Note: To work with synthetic transactions in Synthetic Transaction Manager, you also need to be a member of a role that has view permission for Agent Configuration.
Diagnostics Dashboard If you have view permission, the Diagnose button is enabled on the diagnostic dashboards for the WebSphere® Applications agent, Node.js agent, Ruby agent, and Microsoft .NET agent. Click the Diagnose button to drill-down to deep dive dashboards.