Restricting access to domains in the GUI

You can control the domains in which users of the GUI can access network views, poll policies, and other domain-specific information.

To restrict access to domain-specific information, you must enable role-based access to domains, create the appropriate roles, and assign the roles to users.

To enable role-based access to domain for users, set the tnm.role.based.domain.access.control.enable parameter in the tnm.properties file to true. By default, this parameter is set to false.

For each specific domain, if a user has a role called netcool_domain_access_domain-name, the user can access the particular domain. The role can be granted directly to the user, or to a group in which the user is a member.

The predefined netcool_all_domains_access role provides access to all domains. Domain-specific roles must be created if they do not already exist.

These roles grant access to entities in the domain, network views associated with the domain, and poll policies associated with the domain. They do not grant the access to entity classes, poll definitions, and bookmarks, because they are not associated with a domain.

The aggregation domain, if it exists, is not special as far as this feature is concerned (The aggregation domain is a domain called AGGREGATION that contains all devices in all other domains.). A user who has the role netcool_domain_access_AGGREGATION can access all devices in the aggregation domain. This is equivalent to granting the user netcool_all_domains_access, or netcool_domain_access_domain_name for all domains.