Every portal work session begins with a successful logon and connection to the Tivoli® Enterprise Portal. The logon user IDs and user groups are created and profiled through the Administer Users window.
Administer Users is a multi-tabbed two-paned window. The top frame
has two tabs: 
Users and 
User Groups, that list the
user IDs, distinguished names if the portal server is configured for
authentication to an LDAP user registry, and the user groups that
are stored on the portal server. The profile of the selected user
or user group is reflected in the bottom frame:
Permissions has a list
of the portal features in the Authorities box. On the right are the
possible operations for the selected feature. A selected check box
means the selected user or user group has permission to perform that
operation; a 
indicator next to the check box means the permission was
added to a user group the user belongs to.
Applications shows all
the applications being monitored and that are available for assigning
to the user or user group. One user or user group, for example, can
be profiled to see only the OMEGAMON® applications,
another to see only Linux and
Oracle, middleware, and another to see all applications.
Navigator
Views shows all the Navigator views that are on the portal
server and that are available for assigning to the user or user group.
The user or user group can be restricted to seeing only a certain
branch of a Navigator view rather than the entire hierarchy.- Member of, when the Users tab is selected,
or Members, when the User Groups tab
is selected, is a list of the groups the user belongs to or the user
names in the group.
The User Administration function enables you to maintain user IDs and user groups on the portal server, and provides varying degrees of access to the features and views of your monitored environment to accommodate any combination of job roles, such as operators who respond to alerts and direct them to the appropriate person for handling and administrators who plan, design, customize, and manage the monitoring environment.
In some managed enterprises one person might assume all of these roles. In larger enterprises, the roles are often divided. You can choose to assign roles by individual user or by user type or both.
- Role-based authorization policies
- These policies are created using the tivcmd Command-Line Interface for Authorization Policy. They provide more granular authorization than Tivoli Enterprise Portal monitoring application assignments. Using role-based authorization policies, you can assign a user permission to view specific managed system groups or managed systems. When role-based authorization policies are enabled in the portal server, dashboard users need a Tivoli Enterprise Portal user ID but do not require any Tivoli Enterprise Portal permissions or monitoring application assignments unless they are also Tivoli Enterprise Portal client users. In this case, role-based authorization policies control what resources they can access in the monitoring dashboards, and Tivoli Enterprise Portal permissions and monitoring application assignments control what they can access in the Tivoli Enterprise Portal client.
- Tivoli Enterprise Portal authorization
- This is the default authorization mechanism for dashboard users. A dashboard user must have a Tivoli Enterprise Portal user ID and be assigned the permissions and monitoring applications to control their access to resources in monitoring dashboards. If a dashboard user is also a Tivoli Enterprise Portal client user then they are assigned a single set of permissions that control what monitored resources they can access in both applications.
Tivoli Enterprise Portal user IDs are automatically created with no permissions if a dashboard user requests monitoring data and does not have a user ID mapped to their distinguished name. See Notes on user administration for more details.