Group permissions
Group permissions (known as activities) are defined in the profile for each group. These functional access rights allow the users in the group to perform a number of predefined activities.
Activities
The following table identifies the valid permission activities along with a description that summarizes the allowable activity.
Permission activity | Description |
---|---|
Apply Native Command Sets |
This activity is required to permit the users in a group to apply Native Command Sets. However, a user will still be allowed to apply a modelled Command Set without this activity. |
Apply Wizard Preferences |
This activity provides the users in a group with the ability to make changes to the UoW Submission wizard settings in User Preferences. |
Execute Compliance Policy |
This activity is required to be able to execute compliance policy. |
Execute Configuration Change |
Permits the users in a group to apply Configuration UOW. |
Execute Configuration Synchronization |
Permits the users in a group to perform configuration synchronizations on one or more resources. |
Execute Direct Commands |
Permits a user of the API to call a function on irm\ResourceManagerSB to submit a command directly to a network resource. This permission is also required to create native command sets. |
Execute Imports |
Permits the users in a group to import new resources into ITNCM - Base. Users can also make changes to a configuration, but they cannot submit the changes. |
Housekeeping |
Permits the users in a group to clean up completed UOWs and versioned configurations using the Work Housekeeping and Configuration Housekeeping utilities. |
IDT Access |
This activity provides access to IDT through the Tools menu. IDT Access is only required for login to a device via IDT. The user does not require any activities to view their own logs. They do however require IDT Administration to view other users' logs. |
IDT Administration |
Allows users to view active sessions and device logs for all other users. |
IDT Allow Auto Login |
Allows groups with this activity to use automatic login for a device. Must also have IDT Access permission. |
IDT Allow Manual Login |
Allows groups with this activity to use manual login only to gain access to the device. Must also have IDT Access permission. |
IDT Enable Mode |
Allows IDT to gain access to Enable Mode on a device if a device script is used. Either Auto Login or Manual Login mode must also be chosen. |
Manage Accounts |
Permits the users in a group to add, modify, and delete users and groups from the system. Modifications can include changes to the data scope and changes in permissions of any group. |
Manage Archive |
Permits the users in a group to run the Archive housekeeping utility in icosutil from the command line. |
Manage Compliance Policy |
Permits the users in a group to create, edit, and delete compliance entities. |
Manage Policy Remedial Work |
Permits the users in a group to approve remedial work in the compliance remedial queue. |
Manage System |
Permits the users in a group to pause or restart ITNCM - Base. Users can also denote a realm as a system realm. |
Manage Work |
Permits the users in a group to approve, reject, or dequeue/cancel any UOWs submitted through the user interface or API. Users can dequeue their own UOW without "Manage Work" permissions. However, in order to dequeue another user's UOW "Manage Work" rights must be granted. If this permission is disabled, the user cannot override the default Pre-Emptive Compliance settings for the Hother three Pre-Emptive activities. |
Pre-Emptive Compliance(Block on Failure) |
Will block an Apply Commandset or Submit Config from completing if any Compliance failure exists against the projected config. |
Pre-Emptive Compliance(Block on new failure) |
Will block an Apply Commandset or Submit Config from completing if any compliance failure exists against the projected configuration and where the current configuration is compliant. Basically, the changes being applied are causing the compliance failure rather than any pre-existing failure. |
Pre-Emptive Compliance(Report Only) |
Will only report status of pre-compliance in the audit log. Changes to the device will still be made. |
PrintAndSave Configuration |
Permits the users in a group to do print, save and export to file operations in Netcool Configuration Manager. |
Service Template Management |
Allows users in the group (typically NSM service
designers) to manage
NSM service
templates by
using the NSM service templates allow for the easy and repetitive execution of Netcool Configuration Manager command sets in an ordered and controlled manner. NSM service templates also allow the execution of Netcool Configuration Manager device synchronizations and extractions. |
Service Management |
Allows users in the group (typically NSM client users) to use the NSM REST API URIs to POST services and GET information about services, service templates, devices, and realms from Netcool Configuration Manager. |
OS Upgrade |
Permits the users in a group to run OS Upgrades. |
View All Work |
Permits the users in a group to see all the work that has been submitted on the system by all users. If the user does not have this activity, they shall only have the ability to view work from other users with whom they share a group. |
View Archive |
Permits the users in a group to view the Archive Manager in the user interface. |
View Native Commands |
Permits the users in a group to view Native Commands on a network resource. |
View System |
Permits the users in a group to view the Systems Manager in the user interface. |