Administering users for Runbook Automation
Three levels of authority are available for using and managing Runbook Automation (RBA) runbooks in Netcool® Operations Insight® on Red Hat® OpenShift®. Both for
hybrid deployments and cloud deployments, as reflected in the following three Netcool
Operations Insight roles:
- noi_operator
- View alerts, and run the runbooks that are linked to those alerts. This role does not have read access to the Runbook Library or other Runbook Automation pages.
- noi_engineer
- Like noi_operator, plus full read/write access to the Runbook Automation pages (Library, Execution, Automations, Triggers).
- noi_lead
- Like noi_engineer, plus full access to the administration of automation connections and API keys, and full access to the RBA settings.
Additionally, you can enable the Allow users to assign runbooks to groups
feature in the
RBA settings. When this RBA feature is enabled, a user with at least noi_engineer authority can
assign runbooks to groups. If a runbook is assigned to a group rbagroup1
, then a user with
noi_operator authority can run this runbook only if the user is also a member of the
rbagroup1
group. Users with noi_engineer or noi_lead authority can always manage all
runbooks, regardless if they are assigned to additional groups (such as rbagroup1
) or
not.
Creating groups to control the level of authority for managing runbooks
- User and group management: use your preferred tool to create users and groups in LDAP.
- For example, the WebSphere® administrative UI (if it is enabled to have write access to LDAP).
- Create the groups, for example, "rbaoperators" and "rbaengineers".
- Assign the appropriate users to these groups.
- Assign all users that should have full administrative access to a group with the "noi_lead" role associated with it. For example, the "icpadmins" group.
- Role management: open the Netcool/OMNIbus
WebGUI.
- Navigate to .
- For each of the newly created groups, select the group and assign the appropriate roles to the
group. For example:
- rbaoperators: noi_operator
- rbaengineers: noi_engineer
Creating groups to allow only members of those groups access to particular sets of runbooks
- Use your preferred tool to create users and groups in LDAP.
- For example, the WebSphere administrative UI (if enabled).
- Create the group, for example "rbagroup1".
- Assign the appropriate users to that group.
- Open the Netcool/OMNIbusWebGUI.
- Navigate to .
- Select the newly created group, for example "rbagroup1".
- Assign the role "noi_operator" to this group.
- Login as an administrative user with the role noi_lead (for example, icpadmin) to the Netcool
Operations Insight UI.
- Navigate to the Runbook Library at .
- Click Configure settings in the filter bar.
- Enable Allow users to assign runbooks to groups and save the settings.
- Select the runbooks that you want to add to a particular group. For example, "rbagroup1".
- Click Grant permission.
- In the Grant permission dialog, select the applicable groups. For example, "rbagroup1".
- Save your changes.
- When a user with noi_operator authority who is not a member of the "rbagroup1" group selects an alert that is linked to one of these runbooks and attempts to run the runbook, an error message is displayed. The user does not see the runbook details.