Roles and Permissions
A role is a group of permissions that control the actions you can perform in Performance Management.
Use the Role Based Access Control page to manage users and roles or alternatively use the Authorization API to complete Role Based Access Control tasks from the command line. For more information, see Exploring the APIs.
There are four default roles available in Performance Management:
- Role Administrator
- This role is intended for users whose primary job function is to create access control policies for Performance Management. This role has all permissions. If you change the default user, the new default user is automatically a member of the Role Administrator role. This role cannot be edited. Role Administrators are prevented from removing themselves from the Role Administrator role. This restriction removes the risk of accidentally removing all users from the Role Administrator role.
- Monitoring Administrator
- This role is intended for users whose primary job function is to use Performance Management to monitor systems. Monitoring Administrators perform tasks such as adding monitoring applications, creating thresholds, adding groups of resources, and distributing the thresholds to these resource groups. This role can be edited.
- System Administrator
- This role is intended for users whose primary job function is to perform administration tasks for the Performance Management system. System Administrators perform tasks such as configuring the Event Manager, or configuring the Hybrid Gateway. This role can be edited.
- Monitoring User
- This role is intended for users whose primary job function is to configure and maintain the health and state of systems that are monitored by Performance Management. This role can be edited.
The
following table describes the permissions that you can assign to roles,
and the four available default roles and associated permissions:
Role Administrator | Monitoring Administrator | System Administrator | Monitoring User | |||||
---|---|---|---|---|---|---|---|---|
View | Modify | View | Modify | View | Modify | View | Modify | |
System configuration permissions | ||||||||
Advanced Configuration | N/A | N/A | N/A | N/A | ||||
Agent Configuration | N/A | N/A | N/A | N/A | ||||
Informational Pages | N/A | N/A | N/A | N/A | ||||
Search Provider | N/A | N/A | N/A | N/A | ||||
Usage Statistics | N/A | N/A | N/A | N/A | ||||
Resource permissions | ||||||||
Application Performance Dashboard | ||||||||
Applications | ||||||||
Individual Application | Application and resource group permissions. | |||||||
Diagnostics Dashboard | N/A | N/A | N/A | N/A | ||||
Resource Group Manager | N/A | N/A | N/A | N/A | ||||
Individual Resource group | Application and resource group permissions. | |||||||
Resource Groups | ||||||||
Synthetic Script Manager | N/A | N/A | N/A | N/A | ||||
Threshold Manager | N/A | N/A | N/A | N/A |
- Where
- indicates that members of this role have this permission
- indicates that members of this role do not have this permission
- N/A indicates that this permission does not exist
The following table describes
the actions that are associated with each permission:
Permission | Description |
---|---|
Advanced Configuration | If you have view permission, you can perform
the following tasks:
|
Agent Configuration | If you have view permission, you can perform
the following tasks:
|
Informational Pages | If you have view permission, you can perform
the following task:
Note: When the Getting Started page opens,
if you clear Show this page at startup, for
subsequent logins, you see a permission denied error. However, you
are still able to navigate to the Getting Started page
and any other areas that you have permission to.
|
Search Provider | If you have view permission, you can perform
the following tasks:
|
Usage Statistics | If you have view permission, you can perform
the following task:
|
Application Performance Dashboard | If you have view permission, you can perform
the following tasks:
If you have modify permission, you can perform the following
tasks:
|
Applications | If you have view permission, you can perform
the following tasks:
|
Individual Application | See Application and resource group permissions. |
Resource Group Manager | If you have view permission, you can perform
the following task:
|
Resource Groups | If you have view permissions, you can perform
the following task:
Note: Resource Group Manager is used to organize monitored systems
into groups, so that eventing thresholds can be assigned to these
groups. If you do not have view permission to Threshold Manager, you
are not able to see the eventing thresholds that are assigned to Resource
Groups. If you assign the modify Resource Groups permission to a role,
you also need to assign the view Threshold Manager permission to the
role.
|
Individual Resource Group | See Application and resource group permissions. |
Threshold Manager | If you have view permission, you can perform
the following tasks:
|
Synthetic Script Manager | If you have view permission, you can perform
the following tasks:
Note: To work with synthetic transactions in Synthetic Transaction
Manager, you also need to be a member of a role that has view permission
for Agent Configuration.
|
Diagnostics Dashboard | If you have view permission, the Diagnose button is enabled on the diagnostic dashboards for the WebSphere® Applications agent, Node.js agent, Ruby agent, and Microsoft .NET agent. Click the Diagnose button to drill-down to deep dive dashboards. |