Restrictions and permissions

After you define data visibility groups (DVGs), you assign them to roles, making the roles DVG restricted. The roles are then assigned to users, making the users DVG restricted.

A role can have a server group restriction or DVG restriction or both. If a role is server or DVG restricted, it cannot be given “manage” permission for DVGs. As a result, restricted role can have only “none” or “view” permission for data visibility groups.

Important: Only IBM® Sterling Control Center Monitor administrators can manage data visibility groups. To qualify as an administrator, a role must not be server group or data visibility group restricted and must have “manage” authority to required elements. If a role qualifies as an administrator, the “manage” permission is allowed; otherwise, only “view” or “none” permissions are allowed.

A DVG-restricted user sees only a subset of all data in the IBM Sterling Control Center Monitor monitors and a subset of all rules and SLCs. Users with roles restricted to one or more DVGs can view only activity entities such as processes, statistics, alerts, and reports, that match their DVG restriction.