Assigning access privileges
To use a specific feature of IBM® Intelligent Operations Center, an administrator can assign a user access through membership of a user group that is assigned access to the feature. In version 5.1.0.11 or later, you can also define a role that has one or more user groups mapped to it. When you assign access privileges to a role, the access privileges are assigned to all the user groups that are mapped to the role.
Before you begin
To use roles in version 5.1.0.11 or later, your system must be configured to work with a Lightweight Directory Access Protocol (LDAP) user registry. For more information, see Defining roles and access.
Procedure
Assign access privileges to user groups according to your
requirements. In version 5.1.0.11 or later, you can also assign access privileges to roles.
- Access to tenants
- Assign user groups to one or more tenants. In version 5.1.0.11 or later, you can also assign roles to tenants. With Device Management Enablement, the users then have access rights to the tenant or to any of its child tenants. For more information, see Creating or modifying tenants.
- Access to contracts
- Assign roles access privileges for one or more groups of contracts. For more information, see Assigning access to contracts in a group.
- Access to pages
- Assign user groups access privileges for views in the IBM Intelligent Operations Center user interface, such as the Operations view. In version 5.1.0.11 or later, you can also assign this access to roles. For more information, see Configuring page access.
- Access to data sources
- To allow a user access to data items from your data source on a map or list, assign the required access level to the data source. For more information, see Securing your data source.
- Access to customized actions for data sources
- Based on the access level assigned to the data source, configure the access privileges that are needed to make a customized action available on a data item's preview card. By default, the customized action is available on the preview card for users that have read or write access to the data source. For more information, see Configuring access to customized actions.
- Access to dynamic filter panes
- Assign user groups access to dynamic filter panes. In version 5.1.0.11 or later, you can also assign this access to roles. For more information, see Configuring access to filter panes.
- Access to geospatial maps
- Assign user groups access to geospatial maps. In version 5.1.0.11 or later, you can also assign this access to roles. For more information, see Configuring access to geospatial maps.
- Access to taskbar features
- Assign user groups access to features and actions that are available from the taskbar in the different views. In version 5.1.0.11 or later, you can also assign this access to roles. For more information, see Configuring taskbar access.
- Assign access to services in Device Management Enablement
- Assign user groups access to services. In version 5.1.0.11 or later, you can also assign this access to roles. For example, you can assign roles or user groups access to the services for a particular asset type, so that only these users can view assets of this type on the map or in the list. For more information, see Configuring service access.
- Assign access to page configuration in Device Management Enablement
- In version 5.1.0.12 or later, you can use the administrative user interface to configure the Filter window to restrict access to entries in the assets filter pane to selected roles. For more information, see Configuring access to asset filter items.