Define users on each hub and specify access rights for
each user (query or update) by following the procedure below.
About this task
Complete the following procedure to define users and
specify access rights:
Procedure
- Select the server (click anywhere within the server tree
displayed), if required.
- Under Add User Data, type the user name. User IDs must
be identical to those specified for monitoring server logon validation.
Access is restricted to only that monitoring server to which a user
has access.
Note: If you do not supply a user ID,
all users are given permission to update data.
- Click the type of user access: Query or Update.
- Click Add User. The server tree is updated, showing
the user and type of access.
- To delete a user: Select the user name from the tree and
click Delete Item.
- To delete a hub: Click anywhere within the hub's tree
and click Clear Tree.
Attention: When SOAP security is enabled, the user
Query and
Update permissions
control authorization of the
tacmd commands that
send requests to the hub monitoring server and requests from other
SOAP clients. The
SOAP_IS_SECURE environment variable
of the hub monitoring server must also be set to
YES if
you want to control which users can issue SOAP CT_EMail and CT_Export
requests.
The query permission prevents the user from performing
the create, update, and delete operations, and also the tacmd commands
for remote deploy and execution of commands, such as executeaction and executecommand.
The
update permission grants permission to run all SOAP operation and
applies to all tacmd commands that send requests
to the hub monitoring server, except for the tacmd getFile and tacmd
putFile commands. Permission to run the tacmd
getFile and tacmd putFile commands is
controlled by the KT1_TEMS_SECURE environment variable
of the hub monitoring server. For more details on how to enable permission
to run these two commands, see the IBM Tivoli Monitoring Command Reference.