Administering users for Runbook Automation

Edit online

Three levels of authority are available for using and managing Runbook Automation (RBA) runbooks in Netcool® Operations Insight® on Red Hat® OpenShift®. Both for hybrid deployments and cloud deployments, as reflected in the following three Netcool Operations Insight roles:
noi_operator
View alerts, and run the runbooks that are linked to those alerts. This role does not have read access to the Runbook Library or other Runbook Automation pages.
noi_engineer
Like noi_operator, plus full read/write access to the Runbook Automation pages (Library, Execution, Automations, Triggers).
noi_lead
Like noi_engineer, plus full access to the administration of automation connections and API keys, and full access to the RBA settings.

Additionally, you can enable the Allow users to assign runbooks to groups feature in the RBA settings. When this RBA feature is enabled, a user with at least noi_engineer authority can assign runbooks to groups. If a runbook is assigned to a group rbagroup1, then a user with noi_operator authority can run this runbook only if the user is also a member of the rbagroup1 group. Users with noi_engineer or noi_lead authority can always manage all runbooks, regardless if they are assigned to additional groups (such as rbagroup1) or not.

Creating groups to control the level of authority for managing runbooks

  • User and group management: use your preferred tool to create users and groups in LDAP.
    • For example, the WebSphere administrative UI (if it is enabled to have write access to LDAP).
    • Create the groups, for example, "rbaoperators" and "rbaengineers".
    • Assign the appropriate users to these groups.
    • Assign all users that should have full administrative access to a group with the "noi_lead" role associated with it. For example, the "icpadmins" group.
  • Role management: open the Netcool/OMNIbus Web GUI.
    • Navigate to Console Settings > Group Roles.
    • For each of the newly created groups, select the group and assign the appropriate roles to the group. For example:
      • rbaoperators: noi_operator
      • rbaengineers: noi_engineer

Creating groups to allow only members of those groups access to particular sets of runbooks

  • Use your preferred tool to create users and groups in LDAP.
    • For example, the WebSphere administrative UI (if enabled).
    • Create the group, for example "rbagroup1".
    • Assign the appropriate users to that group.
  • Open the Netcool/OMNIbusWeb GUI.
    • Navigate to Console Settings > Group Roles.
    • Select the newly created group, for example "rbagroup1".
    • Assign the role "noi_operator" to this group.
  • Login as an administrative user with the role noi_lead (for example, icpadmin) to the Netcool Operations Insight UI.
    • Navigate to the Runbook Library at Automations > Runbooks.
    • Click Configure settings in the filter bar.
    • Enable Allow users to assign runbooks to groups and save the settings.
    • Select the runbooks that you want to add to a particular group. For example, "rbagroup1".
    • Click Grant permission.
    • In the Grant permission dialog, select the applicable groups. For example, "rbagroup1".
    • Save your changes.
  • When a user with noi_operator authority who is not a member of the "rbagroup1" group selects an alert that is linked to one of these runbooks and attempts to run the runbook, an error message is displayed. The user does not see the runbook details.