Page Comparison

...

Role Name

Available Functions

Contains Roles

Anchor

	ops_admin
	ops_admin

ops_admin

All functions; this is the Universal Controller administrator role. The easiest way to assign full permissions to a user is to add the user to the Administrator Group, which by default is assigned the ops_admin role.

Note

title	Note

The ops_admin role contains all other roles. If a user is assigned the ops_admin role, no other roles need to be assigned to that user, and unassigning any other role from the user will not revoke that role.

The ops_admin role contains all other roles.

Anchor

	ops_agent_cluster_admin
	ops_agent_cluster_admin

ops_agent_cluster_admin

Create, read, update, and delete agent clusters.

(Also see Agent Cluster Permissions, below.)

Anchor

	ops_audit_view
	ops_audit_view

ops_audit_view

Read all Audits.

Note
If Audit Owner Read Permitted system property = true, users can view their own audits without having either the ops_admin role or the ops_audit_view role.

Anchor

	ops_bundle_admin
	ops_bundle_admin

ops_bundle_admin

Create, read, update, and delete Bundles.
View Promotion Targets, including agent mappings.
View Promotion History.
View a record's list of bundles.
View Promotion Schedules.
Add a record to a bundle.
Create bundles by date.
Generate a Bundle Report.

(Also see Bundle Permissions and Promotion Target Permissions, below.)

Anchor

	ops_dashboard_global
	ops_dashboard_global

ops_dashboard_global

Create, update, and delete Dashboard Details with Everyone visibility; updating includes updating Dashboard visibility.

Anchor

	ops_dashboard_group
	ops_dashboard_group

ops_dashboard_group

Create, update, and delete Dashboard Details that are visible for a group in which this user is a member; updating includes updating Dashboard visibility.

Anchor

	ops_dba
	ops_dba

ops_dba

Create, update, delete Database Connections.

(Also see Database Connection Permissions, below.)

Anchor

	ops_email_admin
	ops_email_admin

ops_email_admin

Create, read, update, delete Email Connections.

(Also see Email Connection Permissions, below.)

Anchor

	ops_filter_global
	ops_filter_global

ops_filter_global

Create Filters with Everyone visibility.

Anchor

	ops_filter_group
	ops_filter_group

ops_filter_group

Create Filters that belong to a group of which this user is a member.

Anchor

	ops_forecast_view
	ops_forecast_view

ops_forecast_view

Read Forecast Calendar, Forecasts List, and Forecast Details.

Note

title	Note

Users also can read forecast information, without being assigned this role, if they have Read permission for the Task specified in the Forecast Details.

Anchor

	ops_imex
	ops_imex

ops_imex

List Import/Export XML.

Anchor

	ops_jcl_edit
	ops_jcl_edit

ops_jcl_edit

Modify the JCL contents and update it.

ops_jcl_view

Anchor

	ops_jcl_view
	ops_jcl_view

ops_jcl_view

Submit the JCL view request to the agent and view the contents of it.

Anchor

	ops_ldap_admin
	ops_ldap_admin

ops_ldap_admin

Read and update LDAP Settings.

Anchor

	ops_multi_update
	ops_multi_update

ops_multi_update

Update multiple records.

ops_oauth_admin

Create, read, update, and delete OAuth Clients.

Anchor

	ops_oms_admin
	ops_oms_admin

ops_oms_admin

Create, update, and delete OMS Servers.

Anchor

	ops_peoplesoft_admin
	ops_peoplesoft_admin

ops_peoplesoft_admin

Create, read, update, and delete PeopleSoft Connections.

(Also see PeopleSoft Connection Permissions, below.)

Anchor

	ops_promotion_accept_bundle
	ops_promotion_accept_bundle

ops_promotion_accept_bundle

Accept bundles being promoted to a target server. (The Accept Bundle command is executed on the target server automatically as part of the Promote and Promote Bundle commands and does not involve user interaction.)

Anchor

	ops_promotion_admin
	ops_promotion_admin

ops_promotion_admin

Create, read, update, and delete Promotion Targets, including agent mappings.
View Bundles.
Refresh Target Agents.
Promote records.
Promote or schedule the promotion of a bundle.
Reschedule, cancel, and delete Promotion Schedules.
Generate a Bundle report.
Accept bundles being promoted to a target server. (The Accept Bundle command is executed on the target server automatically as part of the Promote and Promote Bundle commands and does not involve user interaction.)

Note

title	Note

By default, the ops_promotion_admin role also grants Read permission for any type of definition that can be added to a Bundle, given the expectation that a promotion administrator would review the content of a Bundle before promoting it. To change this default behaviour, see the Promotion Read Permission Required Universal Controller property.

(Also see Bundle Permissions and Promotion Target Permissions, below.)

ops_promotion_accept_bundle

Anchor

	ops_property_admin
	ops_property_admin

ops_property_admin

Read, update, and delete Universal Controller system properties and Password Settings.

Anchor

	ops_report_admin
	ops_report_admin

ops_report_admin

Create, read, update, and delete any report, regardless of visibility, in addition to the roles granted by the ops_widget_admin role.
Create, update, and delete Dashboard Details with Everyone visibility and Dashboard Details that are visible for a group in which this user is a member; updating includes updating Dashboard visibility.

The Strict Report Create Constraints Universal Controller system property specifies whether or not to restrict report creation only to users with the ops_admin, ops_report_admin, ops_report_group, or ops_report_global role.

The Strict Dashboard Create Constraints Universal Controller system property specifies whether or not to restrict Dashboard creation only to users with the ops_admin, ops_report_admin, ops_dashboard_group, or ops_dashboard_global role.

ops_dashboard_global
ops_dashboard_group
ops_report_global
ops_report_group
ops_report_publish
ops_widget_admin

Anchor

	ops_report_global
	ops_report_global

ops_report_global

Create global reports.

Anchor

	ops_report_group
	ops_report_group

ops_report_group

Create reports that belong to a group to which this user is a member.

Anchor

	ops_report_publish
	ops_report_publish

ops_report_publish

Publish reports. (This role was applicable only to the Controller 5.x release.)

Anchor

	ops_restore_version
	ops_restore_version

ops_restore_version

Restore old versions of records.

Anchor

	ops_sap_admin
	ops_sap_admin

ops_sap_admin

Create, read, update, and delete SAP Connections.

(Also see SAP Connection Permissions, below.)

Anchor

	ops_server_operation_admin
	ops_server_operation_admin

ops_server_operation_admin

Run Server Operations.

Anchor

	ops_service
	ops_service

ops_service

Log in and view Home Dashboard.
The Active Task Instances By Status widget will remain blank unless the user is assigned the Task Instance Read permission, as the ops_service role does not include access to such data.
Read Agents.
Read Universal Controller system properties.
Read Password Settings.
Read LDAP Settings (and run the Test Connection command).
Read Single Sign-On Settings.
Read Universal Event Templates and related data (Fields and Field Choices).
Read Universal Templates and related data (Fields and Field Choices).
Read Data Backup/Purge.
Unless the user also is assigned the ops_audit_view role, the Audit tab on the Data Backup/Purge Details, which allows for conveniently viewing related Audit records, will not be available.
Read Users and related data (Roles, Group Membership, and Permissions).
Read Groups and related data (Roles, Group Membership, Child Groups, and Permissions).
Read Universal Controller Metrics (Monitoring Web Services).

ops_simulation_view

Read Simulation records.

Anchor

	ops_snmp_admin
	ops_snmp_admin

ops_snmp_admin

Create, read, update, and delete SNMP Managers, to which the Controller sends SNMP notifications.

(Also see SNMP Manager Permissions, below.)

Anchor

	ops_sso_admin
	ops_sso_admin

ops_sso_admin

Read and update Single Sign-On Settings.

Anchor

	ops_universal_template_admin
	ops_universal_template_admin

ops_universal_event_template_admin

Create, read, update, and delete Universal Event Templates.

ops_universal_event_template_view

Anchor

	ops_universal_template_view
	ops_universal_template_view

ops_universal_event_template_view

Read Universal Event Templates.

Anchor

	ops_universal_template_admin
	ops_universal_template_admin

ops_universal_template_admin

Create, read, update, and delete Universal Templates (including Universal Template Event Templates).

ops_universal_template_view

Anchor

	ops_universal_template_view
	ops_universal_template_view

ops_universal_template_view

Read Universal Templates (including Universal Template Event Templates).

Anchor

	ops_user_admin
	ops_user_admin

ops_user_admin

Create, read, update, and delete users and groups.

ops_user_impersonate

Anchor

	ops_user_impersonate
	ops_user_impersonate

ops_user_impersonate

Allows an authenticated user to impersonate another user by using the X-Impersonate-User HTTP header on a Web Service request.

ops_webhook_admin

Create, read, update, and delete Webhooks.
Enable, Disable, and Assign Execution User for Webhooks.

ops_webhook_view

ops_webhook_view

Read Webhooks.

Anchor

	ops_widget_admin
	ops_widget_admin

ops_widget_admin

Create, update, and delete Widgets.

...

Step 1

Open a User or Group record.

Step 2

Click the Permissions tab. A list of permissions assigned to the User / Group displays.

For Example:

Note

title	Note

Anchor

	Member of Business Services
	Member of Business Services

The Business Services column represents a virtual field whose value is determined by data from both the Member of Business Services field and the Member of Any Business Service or Unassigned field. If you want to apply a sort relating to the data in Business Services, you have to add either or both Member of Business Services and Member of Any Business Service or Unassigned fields as columns and apply the desired sort on either or both of them.

Step 3

Click New. The Permissions Details pop-up displays.

Image Removed

Image Added

Step 4

Select permissions for the selected user or group.

The permissions available differ depending on the Type of permission that you select. Available permissions are Create, Read, Update, Delete, and Execute. For some record types, additional Commands are available. If the permission does not apply to the record type in the Type drop-down, the permission does not appear in the display.

These permissions automatically include other permissions:

Create permission includes Read and Update permissions.
Update permission includes Read permission.
Delete permission includes Read permission.

...

Unassigned to Business ServiceMember of Business ServicesApplies this permission to records that are members of the selected Business Service(s). Click the lock icon to unlock the field and select Business Services

Unassigned
Not Member of Specific Business Services

Field Name

Description

Details

This section contains detailed information about the permission.

Anchor

	Name
	Name

Name

Applies this permission to records whose name matches the string specified here. Wildcards are supported.

anchor

Business Service Criteria

This section contains criteria for selecting records to apply permissions by their business service membership.

Member of Any Business Service or Unassigned
Member of

Any

Specific Business

Service or

Services or Unassigned
Member of Specific Business Services
Unassigned
Not Member of

Any

Specific Business

Service

Services or

Unassigned

Applies this permission both to records that belong to any Business Service and to records that do not belong to any Business Service.

Anchor

Unassigned to Business Service

Applies this permission to records that do not belong to any Business Service. If this option is enabled, the user / user group will have the defined permissions on all records that do not belong to any Business Service.

Anchor

Member of Business Services field

Criteria for matching records by their business service membership.

Member of Any Business Service or Unassigned
Member of Specific Business Services or Unassigned
You must specify one or more business services from the Specific Business Services drop-down.
Member of Specific Business Services
You must specify one or more business services from the Specific Business Services drop-down.
Unassigned
Not Member of Specific Business Services or Unassigned
You must specify one or more business services from the Specific Business Services drop-down.
Not Member of Specific Business Services
You must specify one or more business services from the Specific Business Services drop-down.

Metadata

This section contains Metadata information about this record.

UUID

Universally Unique Identifier of this record.

Updated By

Name of the user that last updated this record.

Updated

Date and time that this record was last updated.

Created By

Name of the user that created this record.

Created

Date and time that this record was created.

Buttons

This section identifies the buttons displayed above and below the Permissions Details that let you perform various actions.

Save

Saves a new record in the Controller database.

Save & New

Saves a new record in the Controller database and redisplays empty Details so that you can create another new record.

Update

Include Page

	IL:Update button
	IL:Update button

Delete

Include Page

	IL:Delete button
	IL:Delete button

Refresh

Refreshes any dynamic data displayed in the Details.

Close

For pop-up view only; closes the pop-up view of this record.

...

Versions Compared

Old Version 5

New Version 6

Key