Users and Roles Management

Click Users and Roles tab on the Control Center Director Web Console navigation menu to configure how Control Center Director manages access and permission control. Access control defines and restricts role-based user access to all or a limited set of Server Groups. Permissions control defines the actions that a role-based user can perform on the modules of Control Center Director. The Permissions will be applicable to the all or limited set of server groups based on the access assigned to the role-based user.

Key Provisioning Concepts - Users and roles

  • Access Control
    • Access control enables Control Center Director administrators create custom Server group restricted roles and assign them to specific users.
      • Example 1: You might have a user, User1_Finance in your organization, assigned a role Role_Team_Finance and Server group Finance_Group1.

        User1_Finance is allowed partial access to Deployment to schedule upgrades only over Finance_Group1.

      • Example 2: AdminUser_Finance in your organization with role Role_Admin_Finance is allowed complete access to Deployment to schedule upgrades over all Server groups in your environment.
    • With limited access role assigned, a user can have unique login credentials.
    • With complete access role assigned, a user can track transactions performed for all user created with limited access.
  • Permission Control
    • Permissions can be set by defining the Base Permissions and Control Center Director Permissions. Each module can be granted No Access, View Only or Manage permissions where Manage is the maximum permission that can be provided. Some modules have sub modules to which the permissions can be granted individually.
      Note:
      • For IBM Sterling Control Center define Control Center Monitor Permissions along with Base and Control Center Director Permissions.
      • If you upgrade from a previous version to version 6.2 or later, the permissions to all the use-roles except admin are set to No Access, by default. The admin-role must reassign the required permissions to the roles.

The following table summarizes Control Center Director permissions:

Module Manage Permission View Only Permission No Access
Base Permissions
Servers/Groups
  • Add any server type that is supported by Control Center Director regardless of server-level restrictions
  • Add, update, view, and remove servers and server groups
  • Stop Sterling Connect:Direct® servers
  • Update monitoring policies for servers
 View properties, status, and monitoring policies of servers and server groups. Cannot view or manage servers, server groups, and properties, status or monitoring policies of servers and server groups
Users & Roles Role Add, change, delete, and view role information View role information Cannot view role information or manage role
User Add, change, delete, and view user information View user information Cannot view user information or manage users
Settings (Control Center System Settings) Manage settings like duration of logs, timeout, email server etc. View settings like duration of logs, timeout, email server etc. Cannot manage or view settings like duration of logs, timeout, email server etc.
Control Center Director Permissions
Deployments Create and manage maintenance jobs View maintenance jobs Cannot view email list information or manage email lists
License NA View Sterling Connect:Direct server license information Cannot view Sterling Connect:Direct server license information
New Install Create and manage Sterling Connect:Direct Installation links View Sterling Connect:Direct Installation links Cannot view or manage Sterling Connect:Direct Installation links
C:D Configuration Templates Create and manage Sterling Connect:Direct configuration templates. View Sterling Connect:Direct configuration templates. NA
Netmap Entries Create and manage Sterling Connect:Direct configuration Netmap Entries. View process Sterling Connect:Direct configuration Netmap Entries. Cannot view or manage Sterling Connect:Direct configuration Netmap Entries.
Initialization Parameters Create and manage Sterling Connect:Direct configuration Initialization Parameters View Sterling Connect:Direct configuration Initialization Parameters Cannot view or manage Sterling Connect:Direct configuration Initialization Parameters
User Proxies Create and manage Sterling Connect:Direct configuration User Proxies View Sterling Connect:Direct configuration User Proxies Cannot view or manage Sterling Connect:Direct configuration User Proxies
Functional Authorities Create and manage Sterling Connect:Direct configuration Functional Authorities View Sterling Connect:Direct configuration Functional Authorities Cannot view or manage Sterling Connect:Direct configuration Functional Authorities
Secure+ Entries Create and manage Sterling Connect:Direct configuration Secure+ Entries View Sterling Connect:Direct configuration Secure+ Entries Cannot view Sterling Connect:Direct configuration Secure+ Entries

Initial Administrator Work flow - Users and Roles

The following steps shows the initial work flow for a Control Center Director Web Console Administrator:

  1. Create Role(s)s
    Procedure
    1. Click Create Role to add a new role and set the required fields.
    2. Set Access as Full Access or Restricted Access (access to selected server groups). For Restricted Access, click Browse to select the Server Groups for which the access has to be provided.
    3. Set the Base Permissions and Control Center Director Permissions of respective modules.
      Note: If permissions of Server/Groups is set to No Access, all Base and Control Center Director Permissions are disabled except Settings module.
  2. Create User(s)
    1. Click Create Users to create a new user and assign a role created in Step 1.
  3. Manage Roles
    1. Click List Roles to view and manage existing roles. Click the overflow menu icon (Overflow menu icon displays a list of actions ) to perform following actions:
      • View, Edit and Delete other roles
        Note: While you cannot edit the Role Name, you can edit the Access and Permissions granted to the role.
      • Duplicate the existing role.
        Note: You must add a new name of the role while duplicating as Role Name is a unique field.
      • Check Cross Reference of the roles with users. This will display a list of users mapped with the selected role.
        Note: For IBM Sterling Control Center, entity links to launch IBM Control Center Classic Console also appear.
  4. Manage Users
    1. Click List Users to view and manage an existing user. Click the overflow menu icon (Overflow menu icon displays a list of actions ) to perform following actions:
      • View, Edit and Delete other users.
        Note: While you cannot edit the username associated with a user, you can change the Role, IP Address and Email fields.
      • Send a Reset Password link for other users.
      • Check Cross Reference of the users with the mapped role. This will display the role to which the selected user is mapped.