Group permissions

Group permissions (known as activities) are defined in the profile for each group. These functional access rights allow the users in the group to perform a number of predefined activities.

Activities

The following table identifies the valid permission activities along with a description that summarizes the allowable activity.

Permission activity Description

Apply Native Command Sets

This activity is required to permit the users in a group to apply Native Command Sets. However, a user will still be allowed to apply a modelled Command Set without this activity.

Apply Wizard Preferences

This activity provides the users in a group with the ability to make changes to the UoW Submission wizard settings in User Preferences.

Execute Compliance Policy

This activity is required to be able to execute compliance policy.

Execute Configuration Change

Permits the users in a group to apply Configuration UOW.

Execute Configuration Synchronization

Permits the users in a group to perform configuration synchronizations on one or more resources.

Execute Direct Commands

Permits a user of the API to call a function on irm\ResourceManagerSB to submit a command directly to a network resource. This permission is also required to create native command sets.

Execute Imports

Permits the users in a group to import new resources into ITNCM - Base. Users can also make changes to a configuration, but they cannot submit the changes.

Housekeeping

Permits the users in a group to clean up completed UOWs and versioned configurations using the Work Housekeeping and Configuration Housekeeping utilities.

IDT Access

This activity provides access to IDT through the Tools menu. IDT Access is only required for login to a device via IDT. The user does not require any activities to view their own logs. They do however require IDT Administration to view other users' logs.

IDT Administration

Allows users to view active sessions and device logs for all other users.

IDT Allow Auto Login

Allows groups with this activity to use automatic login for a device. Must also have IDT Access permission.

IDT Allow Manual Login

Allows groups with this activity to use manual login only to gain access to the device. Must also have IDT Access permission.

IDT Enable Mode

Allows IDT to gain access to Enable Mode on a device if a device script is used. Either Auto Login or Manual Login mode must also be chosen.

Manage Accounts

Permits the users in a group to add, modify, and delete users and groups from the system. Modifications can include changes to the data scope and changes in permissions of any group.

Manage Archive

Permits the users in a group to run the Archive housekeeping utility in icosutil from the command line.

Manage Compliance Policy

Permits the users in a group to create, edit, and delete compliance entities.

Manage Policy Remedial Work

Permits the users in a group to approve remedial work in the compliance remedial queue.

Manage System

Permits the users in a group to pause or restart ITNCM - Base. Users can also denote a realm as a system realm.

Manage Work

Permits the users in a group to approve, reject, or dequeue/cancel any UOWs submitted through the user interface or API. Users can dequeue their own UOW without "Manage Work" permissions. However, in order to dequeue another user's UOW "Manage Work" rights must be granted. If this permission is disabled, the user cannot override the default Pre-Emptive Compliance settings for the Hother three Pre-Emptive activities.

Pre-Emptive Compliance(Block on Failure)

Will block an Apply Commandset or Submit Config from completing if any Compliance failure exists against the projected config.

Pre-Emptive Compliance(Block on new failure)

Will block an Apply Commandset or Submit Config from completing if any compliance failure exists against the projected configuration and where the current configuration is compliant. Basically, the changes being applied are causing the compliance failure rather than any pre-existing failure.

Pre-Emptive Compliance(Report Only)

Will only report status of pre-compliance in the audit log. Changes to the device will still be made.

PrintAndSave Configuration

Permits the users in a group to do print, save and export to file operations in Netcool Configuration Manager.

Service Template Management

Allows users in the group (typically NSM service designers) to manage NSM service templates by using the nsmadmin.sh utility.

NSM service templates allow for the easy and repetitive execution of Netcool Configuration Manager command sets in an ordered and controlled manner.

NSM service templates also allow the execution of Netcool Configuration Manager device synchronizations and extractions.

Service Management

Allows users in the group (typically NSM client users) to use the NSM REST API URIs to POST services and GET information about services, service templates, devices, and realms from Netcool Configuration Manager.

OS Upgrade

Permits the users in a group to run OS Upgrades.

View All Work

Permits the users in a group to see all the work that has been submitted on the system by all users. If the user does not have this activity, they shall only have the ability to view work from other users with whom they share a group.

View Archive

Permits the users in a group to view the Archive Manager in the user interface.

View Native Commands

Permits the users in a group to view Native Commands on a network resource.

View System

Permits the users in a group to view the Systems Manager in the user interface.