...
Step 1 | |
---|---|
Step 2 | For a User, click the User Roles tab. A list of Roles assigned to the User displays. |
Step 3 | Click Edit. An Edit Members pop-up displays that allows you to assign Roles to the User / Group. For example:
|
Step 4 | To filter the Users/Groups listed in the Collection window, enter characters in the text field above the Name column. Only Users/Groups containing that sequence of characters will display in the list. |
Step 5 | To assign a Role to the User / Group, move the Role from the Collection window to the Roles window: |
Step 6 | Click Save. |
...
The following table summarizes the roles available in the Controller.
Role Name | Available Functions | Contains Roles | |
---|---|---|---|
Anchor | | ops_admin | ops_admin | ops_adminAll functions; this is the Universal Controller
Step 6 | Click Save. |
Anchor | ||||
---|---|---|---|---|
|
The following table summarizes the roles available in the Controller.
Role Name | Available Functions | Contains Roles | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| All functions; this is the Universal Controller administrator role. The easiest way to assign full permissions to a user is to add the user to the Administrator Group, which by default is assigned the ops_admin role.
|
| |||||||||||
| Create, read, update, and delete agent clusters. | ||||||||||||
| Read Audits. | ||||||||||||
|
(Also see Bundle Permissions and Promotion Target Permissions, below.) | ||||||||||||
| Create, update, and delete Dashboards Dashboard Details with Everyone visibility; updating includes updating Dashboard visibility. | ||||||||||||
| Create, update, and delete Dashboards Dashboard Details that are visible for a group in which this user is a member; updating includes updating Dashboard visibility. | ||||||||||||
| Create, update, delete Database Connections. | ||||||||||||
| Create, read, update, delete Email Connections. | ||||||||||||
| Create Filters with Everyone visibility. | ||||||||||||
| Create Filters that belong to a group of which this user is a member. | ||||||||||||
| Read Forecast Calendar, Forecasts List, and Forecast Details.
| ||||||||||||
| List Import/Export XML. | ||||||||||||
| Read and update LDAP Settings. | ||||||||||||
| |||||||||||||
| Create, update, and delete OMS Servers. | ||||||||||||
| Create, read, update, and delete PeopleSoft Connections. | ||||||||||||
| Accept bundles being promoted to a target server. (The Accept Bundle command is executed on the target server automatically as part of the Promote and Promote Bundle commands and does not involve user interaction.) | ||||||||||||
|
|
| |||||||||||
| Read, update, and delete Universal Controller system properties and Password Settings. | ||||||||||||
|
The Strict Report Create Constraints Universal Controller system property specifies whether or not to restrict report creation only to users with the ops_admin, ops_report_admin, ops_report_group, or ops_report_global role. |
| |||||||||||
| Create global reports. | ||||||||||||
| Create reports that belong to a group to which this user is a member. | ||||||||||||
| Publish reports. (This role was applicable only to the Controller 5.x release.) | ||||||||||||
| Restore old versions of records. | ||||||||||||
| Create, read, update, and delete SAP Connections. | ||||||||||||
| Run Server Operations. | ||||||||||||
|
| ||||||||||||
| Create, read, update, and delete SNMP Managers, to which the Controller sends SNMP notifications. | ||||||||||||
| Read and update Single Sign-On Settings. | ||||||||||||
| Create, read, update, and delete Universal Event Templates. |
| |||||||||||
| Read Universal Event Templates. | ||||||||||||
| Create, read, update, and delete users and groups Universal Templates (including Universal Template Event Templates). |
| |||||||||||
| Read Universal Templates (including Universal Template Event Templates). | ||||||||||||
| Create, read, update, and delete Widgets users and groups. | ||||||||||||
|
...
| Create, update, and delete Widgets. |
Anchor | ||||
---|---|---|---|---|
|
...
Step 1 | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Step 2 | Click the Permissions tab. A list of permissions assigned to the User / Group displays.
| |||||||||||
Step 3 | Click New. The Permissions Details pop-up displays. | |||||||||||
Step 4 | Select permissions for the selected user or group.
|
...
The following fields of information and buttons display in the Permissions Details for all Permission types:
...
Field Name
...
Description
...
Details
...
This section contains detailed information about the permission.
...
Applies this permission to records whose name matches the string specified here. Wildcards are supported.
...
Applies this permission both to records that belong to any Business Service and to records that do not belong to any Business Service.
...
Applies this permission to records that do not belong to any Business Service. If this option is enabled, the user / user group will have the defined permissions on all records that do not belong to any Business Service.
...
Applies this permission to records that are members of the selected Business Service(s). Click the lock icon to unlock the field and select Business Services.
...
Metadata
...
This section contains Metadata information about this record.
...
UUID
...
Universally Unique Identifier of this record.
...
Updated By
...
Name of the user that last updated this record.
...
Updated
...
Date and time that this record was last updated.
...
Created By
...
Name of the user that created this record.
...
Created
...
Date and time that this record was created.
...
Buttons
...
This section identifies the buttons displayed above and below the Permissions Details that let you perform various actions.
...
Save
...
Saves a new record in the Controller database.
...
Save & New
...
Saves a new record in the Controller database and redisplays empty Details so that you can create another new record.
...
Update
...
Delete
...
Refresh
...
Refreshes any dynamic data displayed in the Details.
...
Close
...
For pop-up view only; closes the pop-up view of this record.
...
This section identifies the different types of permissions that you can add to a user or group.
...
Options | Description |
---|---|
Read | Grants permission to read an Agent definition Details pop-up displays. |
Step 4 | Select permissions for the selected user or group.
|
Anchor | ||||
---|---|---|---|---|
|
The following fields of information and buttons display in the Permissions Details for all Permission types:
Field Name | Description | ||||||
---|---|---|---|---|---|---|---|
Details | This section contains detailed information about the permission. | ||||||
| Applies this permission to records whose name matches the string specified here. Wildcards are supported. | ||||||
| Applies this permission both to records that belong to any Business Service and to records that do not belong to any Business Service. | ||||||
| Applies this permission to records that do not belong to any Business Service. If this option is enabled, the user / user group will have the defined permissions on all records that do not belong to any Business Service. | ||||||
| Applies this permission to records that are members of the selected Business Service(s). Click the lock icon to unlock the field and select Business Services. | ||||||
Metadata | This section contains Metadata information about this record. | ||||||
UUID | Universally Unique Identifier of this record. | ||||||
Updated By | Name of the user that last updated this record. | ||||||
Updated | Date and time that this record was last updated. | ||||||
Created By | Name of the user that created this record. | ||||||
Created | Date and time that this record was created. | ||||||
Buttons | This section identifies the buttons displayed above and below the Permissions Details that let you perform various actions. | ||||||
Save | Saves a new record in the Controller database. | ||||||
Save & New | Saves a new record in the Controller database and redisplays empty Details so that you can create another new record. | ||||||
Update |
| ||||||
Delete |
| ||||||
Refresh | Refreshes any dynamic data displayed in the Details. | ||||||
Close | For pop-up view only; closes the pop-up view of this record. |
Anchor | ||||
---|---|---|---|---|
|
This section identifies the different types of permissions that you can add to a user or group.
Anchor | ||||
---|---|---|---|---|
|
Options | Description |
---|---|
Read | Grants permission to read an Agent definition. |
Update | Grants permission to update an Agent definition. (Only certain fields can be updated.) |
Delete | Grants permission to delete an Agent. |
Execute | Grants permission to execute a task on an Agent. |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
(You also can assign Agent Cluster Permissions to a user by assigning the ops_agent_cluster_admin role to the user.)
Options | Description |
---|---|
Create | Grants permission to create a new Agent Cluster. |
Read | Grants permission to read an Agent Cluster definition. |
Update | Grants permission to update an Agent Cluster definition. (Only certain fields can be updated.) |
Delete | Grants permission to delete an Agent Cluster. |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
Options | Description |
---|---|
Create | Grants permission to create a new Application. |
Read | Grants permission to read an Application. |
Update | Grants permission to update an Application. |
Delete | Grants permission to delete an Application. |
Commands | See Application Control Tasks for details. Options:
|
Anchor | ||||
---|---|---|---|---|
|
(You also can assign Bundle Permissions to a user by assigning the ops_bundle_admin role to the user.)
Options | Description |
---|---|
Create | Grants permission to create a Bundle matching both the specified name wildcard and business service membership, including the use of the Create Bundle By Date and Create Bundle By Business Service commands. |
Read | Grants permission to read a Bundle matching both the specified name wildcard and business service membership.
|
Update | Grants permission to update a Bundle matching both the specified name wildcard and business service membership, including the use of the Add To Bundle command. |
Delete | Grants permission to delete a Bundle matching both the specified name wildcard and business service membership. |
Commands |
For the ALL or Promote Bundle command:
|
Anchor | ||||
---|---|---|---|---|
|
Options | Description |
---|---|
Create | Grants permission to create a new Calendar. |
Read | Grants permission to read a Calendar. |
Update | Grants permission to update a Calendar. |
Delete | Grants permission to delete a Calendar. |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
Options | Description |
---|---|
Create | Grants permission to create a new Credential. |
Read | Grants permission to read a Credential. |
Update | Grants permission to update an Agent definition. (Only certain fields can be updated.)a Credential. |
Delete | Grants permission to delete an Agent. |
Execute | Grants permission to execute a task on an Agent. |
Commands |
|
...
to delete a Credential. | |
Execute | Grants permission to execute a task that requires a Credential. |
Commands | N/A |
Anchor | ||||
---|---|---|---|---|
|
(You also can assign Agent Cluster Database Connection Permissions to a user by assigning the ops_agent_cluster_admindba role to the user.)
Options | Description |
---|---|
Create | Grants permission to create a new Agent ClusterDatabase Connection. |
Read | Grants permission to read an Agent Cluster definitiona Database Connection. |
Update | Grants permission to update an Agent Cluster definition. (Only certain fields can be updated.) |
Deleteis false. | |
Update | Grants permission to delete an Agent Clusterupdate a Database Connection. |
CommandsDelete | ALL: Grants permission to issue any commanddelete a Database Connection. Resume Agent Cluster: |
Execute | Grants permission to resume the ability of a suspended Agent Cluster to run tasks. |
...
execute a task that requires a Database Connection. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.) | |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
(You also can assign Email Connection Permissions to a user by assigning the ops_email_admin role to the user.)
(You also can assign Bundle Permissions to a user by assigning the ops_bundle_admin role to the user.)
...
Options | Description | |
---|---|---|
Create | Grants permission to create a new ApplicationEmail Connection. | |
Read | Grants permission to read an ApplicationEmail Connection. | |
Update | Grants permission to update an ApplicationEmail Connection. | |
Delete | Grants permission to delete an ApplicationEmail Connection. | |
Commands | See Application Control Tasks for details. Options: ALL:Execute | Grants permission to execute a Start, Stop, and Query from the Application resource screen. |
...
task that requires an Email Connection. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.) | |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
Options | Description |
---|---|
Create | Grants permission to create a Bundle matching both the specified name wildcard and business service membership, including the use of the Create Bundle By Date and Create Bundle By Business Service commandsnew Email Template. |
Read | Grants permission to read a Bundle matching both the specified name wildcard and business service membership. an Email Template. |
Update | Grants permission to update a Bundle matching both the specified name wildcard and business service membership, including the use of the Add To Bundle commandan Email Template. |
Delete | Grants permission to delete a Bundle matching both the specified name wildcard and business service membershipan Email Template. |
Commands | For the
|
...
|
Anchor | ||||
---|---|---|---|---|
|
(You also can assign OMS Server Permissions to a user by assigning the ops_oms_admin role to the user.)
Options | Description |
---|---|
Create | Grants permission to create a new CalendarOMS Server. |
Read | Grants permission to read a Calendaran OMS Server. |
Update | Grants permission to update a Calendaran OMS Server. |
Delete | Grants permission to delete a Calendaran OMS Server. |
Commands |
|
...
|
Anchor | ||||
---|---|---|---|---|
|
(You also can assign PeopleSoft Connection Permissions to a user by assigning the ops_peoplesoft_admin role to the user.)
Options | Description |
---|---|
Create | Grants permission to create a new CredentialPeopleSoft Connection. |
Read | Grants permission to read a CredentialPeopleSoft Connection. |
Update | Grants permission to update a CredentialPeopleSoft Connection. |
Delete | Grants permission to delete a CredentialPeopleSoft Connection. |
Execute | Grants permission to execute a task that requires a Credential. |
Commands | N/A |
...
PeopleSoft Connection. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.) | |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
(You also can assign Database Connection Promotion Target Permissions to a user by assigning the ops_promotion_dbaadmin role to the user.)
Options | Description |
---|---|
Create | Grants permission to create a new Database ConnectionPromotion Target matching both the specified name wildcard and business service membership. |
Read | Grants permission to read a Database Connection. |
Update | Grants permission to update a Database Connectionupdate a Promotion Target matching both the specified name wildcard and business service membership. |
Delete | Grants permission to delete a Database Connection.Promotion Target matching both the specified name wildcard and business service membership |
Execute | Grants permission to execute a task that requires a Database Connection. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.)promote a Bundle using a Promotion Target matching both the specified name wildcard and business service membership, assuming the user has both Read permission and Promote Bundle command permission for the Bundle. |
Commands |
|
Anchor |
---|
...
|
...
|
...
SAP Connection Permissions
(You also can assign Email SAP Connection Permissions to a user by assigning the ops_emailsap_admin role to the user.)
Options | Description |
---|---|
Create | Grants permission to create a new Email SAP Connection. |
Read | Grants permission to read an Email SAP Connection. |
Update | Grants permission to update an Email SAP Connection. |
Delete | Grants permission to delete an Email SAP Connection. |
Execute | Grants permission to execute a task that requires an Email SAP Connection. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.) |
Commands |
|
Anchor |
---|
...
|
...
|
...
Script Permissions
Options | Description |
---|---|
Create | Grants permission to create a new Email TemplateScript. |
Read | Grants permission to read an Email Template. |
Update | Grants permission to update an Email Templatea Script. |
Delete | Grants permission to delete an Email Templatea Script. |
Execute | Grants permission to execute a Script contained by a task. |
Commands |
|
Anchor |
---|
...
|
...
|
...
SNMP Manager Permissions
(You also can assign OMS Server SNMP Manager Permissions to a user by assigning the ops_omssnmp_admin role to the user.)
...
(You also can assign PeopleSoft Connection Permissions to a user by assigning the ops_peoplesoft_admin role to the user.)
...
Options | Description |
---|---|
Create | Grants permission to create a new OMS ServerSNMP Manager. |
Read | Grants permission to read an OMS ServerSNMP Manager. |
Update | Grants permission to update an OMS ServerSNMP Manager. |
Delete | Grants permission to delete an OMS Server. |
Commands |
|
...
SNMP Manager. | |
Execute | Grants permission to execute a task that requires an SNMP Manager. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.) |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
Options | Description |
---|---|
Create | Grants permission to create a new PeopleSoft ConnectionTask. |
Read | Grants permission to read a PeopleSoft Connection. |
Update | Grants permission to update a PeopleSoft Connection. |
Delete | Grants permission to delete a PeopleSoft Connection. |
Execute | Grants permission to execute a task that requires a PeopleSoft Connection. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.)Task. |
Delete | Grants permission to delete a Task. |
Commands |
|
...
(You also can assign Promotion Target Permissions to a user by assigning the ops_promotion_admin role to the user.)
...
Options
...
Description
...
Create
...
Grants permission to create a Promotion Target matching both the specified name wildcard and business service membership.
...
Read
...
Grants permission to read a Promotion Target matching both the specified name wildcard and business service membership.
User can View Target Server Info for Promotion Target matching both the specified name wildcard and business service membership.
...
Update
...
Grants permission to update a Promotion Target matching both the specified name wildcard and business service membership.
...
Delete
...
Grants permission to delete a Promotion Target matching both the specified name wildcard and business service membership
...
Execute
...
Grants permission to promote a Bundle using a Promotion Target matching both the specified name wildcard and business service membership, assuming the user has both Read permission and Promote Bundle command permission for the Bundle.
...
Commands
...
- ALL: Grants permission to issue any command.
- Refresh Target Agents: Grants permission to refresh Target Agents.
...
(You also can assign SAP Connection Permissions to a user by assigning the ops_sap_admin role to the user.)
...
Options
...
Description
...
Create
...
Grants permission to create a new SAP Connection.
...
Read
...
Grants permission to read an SAP Connection.
The Read check box will be checked automatically if the Business Service Visibility Restricted Universal Controller system property is false.
...
Update
...
Grants permission to update an SAP Connection.
...
Delete
...
Grants permission to delete an SAP Connection.
...
Execute
...
Grants permission to execute a task that requires an SAP Connection. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.)
...
Commands
...
- ALL: Grants permission to issue any command.
- Copy SAP Connection: Grants permissions to copy an SAP Connection.
...
Options | Description |
---|---|
Create | Grants permission to create a new Script. |
Read | Grants permission to read a Script. |
Update | Grants permission to update a Script. |
Delete | Grants permission to delete a Script. |
Execute | Grants permission to execute a Script contained by a task. |
Commands |
|
...
(You also can assign SNMP Manager Permissions to a user by assigning the ops_snmp_admin role to the user.)
...
Options
...
Description
...
Create
...
Grants permission to create a new SNMP Manager.
...
Read
...
Grants permission to read an SNMP Manager.
The Read check box will be checked automatically if the Business Service Visibility Restricted Universal Controller system property is false.
...
Update
...
Grants permission to update an SNMP Manager.
...
Delete
...
Grants permission to delete an SNMP Manager.
...
Execute
...
Grants permission to execute a task that requires an SNMP Manager. (Displays only if the Strict Connection Execute Constraints Universal Controller system property is true.)
...
Commands
...
- ALL: Grants permission to issue any command.
- Copy SNMP Manager: Grants permissions to copy an SNMP Manager.
...
|
Anchor | ||||
---|---|---|---|---|
|
Options | Description | |||||
---|---|---|---|---|---|---|
Create | Task instances are created automatically when the task launches, so the Create permission does not appear. | |||||
Read | Grants permission to read a Task Instance | |||||
Update | Grants permission to update certain fields on a Task Instance. | |||||
Delete | Grants permission to delete a Task Instance. | |||||
Commands | For command descriptions, see Manually Running and Controlling Tasks.
|
Anchor | ||||
---|---|---|---|---|
|
Options | Description | ||
---|---|---|---|
Create | Grants permission to create a new TaskTrigger. | ||
Read | Grants permission to read a TaskTrigger. | ||
Update | Grants permission to update a TaskTrigger. | ||
Delete | Grants permission to delete a Trigger. | ||
Commands |
| Commands |
|
...
...
Options
...
Description
...
Create
...
Task instances are created automatically when the task launches, so the Create permission does not appear.
...
Read
...
Grants permission to read a Task Instance
...
Update
...
Grants permission to update certain fields on a Task Instance.
...
Delete
...
Grants permission to delete a Task Instance.
...
Commands
...
For command descriptions, see Manually Running and Controlling Tasks.
Note | ||
---|---|---|
| ||
Universal Controller will initially check for command permission specifically for the task instance. If no command permission is granted for the task instance, Universal Controller will check if command permission is granted for the parent workflow task instance, and then continue to check for command permission up the workflow task instance hierarchy. |
...
Options | Description |
---|---|
Create | Grants permission to create a Trigger. |
Read | Grants permission to read a Trigger. |
Update | Grants permission to update a Trigger. |
Delete | Grants permission to delete a Trigger. |
Commands |
|
Anchor | ||||
---|---|---|---|---|
|
The authorization for publishing and monitoring Universal Events is separate from the Universal Event Template administration and requires the Universal Event permission.
The permission Name wildcard applies to the published Universal Event Name.
The Name of a published global Universal Event is derived from the Universal Event Template Name.
The Name of a published local Universal Event is derived from the Universal Template Name and the Universal Template Event Template Name.
<template-name>.<event-template-name>
The permission Member of Any Business Service or Unassigned, Unassigned to Business Service, and Member of Business Services applies to the published Universal Event Member of Business Services.
For a global Universal Event published through the Web Service API, the publisher optionally specifies the Member of Business Services.
For a local Universal Event published by a Universal Task Instance Extension, the Universal Event inherits the Universal Task Instance Member of Business Services.
Options | Description |
---|---|
Create | Grants permission to publish Universal Events. |
Read | Grants permission to monitor Universal Events. |
Commands | -- None -- |
Anchor | ||||
---|---|---|---|---|
|
...
By default, enhanced global variable security is enabled; the Variable Security Enabled Universal Controller system property is set to true.
...
All defined Variable permissions will be enforced unless enhanced global variable security has been disabled by setting Variable Security Enabled to false. This allows all global variables to be managed and used by any valid Universal Controller user.
...
Options | Description |
---|---|
Create | Grants permission to create a virtual resource. |
Read | Grants permission to read a virtual resource. |
Update | Grants permission to update a virtual resource. |
Delete | Grants permission to delete a virtual resource. |
Execute | Grants permission to execute a virtual resource. |
Commands |
|
...
By default, enhanced virtual resource security is enabled; the Virtual Resource Security Enabled Universal Controller system property is set to true.
...
All defined Virtual Resource permissions will be enforced unless enhanced virtual resource security has been disabled by setting Virtual Resource Security Enabled to false. This allows all virtual resources to be managed and used by any valid Universal Controller user.
...
The Controller lets you export user groups and their permissions, which then can be imported into another Controller system. Only the permissions listed under the Permissions tab for each group will be exported.
Step 1 | From the Administration navigation pane, select Security > Groups. The Groups list displays. |
---|---|
Step 2 | As desired, filter the list to select the group(s) whose permissions you want to export. When you perform the export, all groups matching the filter will be exported. |
Step 3 | Access the Action menu and select Export > Permissions For Group. |
...