Restricting access to domains in the GUI
You can control the domains in which users of the GUI can access network views, poll policies, and other domain-specific information.
To restrict access to domain-specific information, you must enable role-based access to domains, create the appropriate roles, and assign the roles to users.
To enable role-based access to domain for users, set the
tnm.role.based.domain.access.control.enable
parameter in the
tnm.properties
file to true
. By default, this parameter is set to
false
.
For each specific domain, if a user has a role called
netcool_domain_access_domain-name
, the user can access the particular domain. The
role can be granted directly to the user, or to a group in which the user is a member.
The predefined netcool_all_domains_access
role provides access to all domains.
Domain-specific roles must be created if they do not already exist.
These roles grant access to entities in the domain, network views associated with the domain, and poll policies associated with the domain. They do not grant the access to entity classes, poll definitions, and bookmarks, because they are not associated with a domain.
The aggregation domain, if it exists, is not special as far as this feature is concerned (The
aggregation domain is a domain called AGGREGATION that contains all devices in all other domains.).
A user who has the role netcool_domain_access_AGGREGATION
can access all devices in
the aggregation domain. This is equivalent to granting the user
netcool_all_domains_access
, or
netcool_domain_access_domain_name
for all domains.