Configure Role Management
This section
describes how to configure
RTView EM
Role Management. Use Role Management
to permit and deny access to displays (as
well as some functionality in certain displays)
based on user roles.
The displays that provide Role Management are the
displays that include the rtv_global_security.rtv file.
The
rtv_global_security.rtv file contains functions which read the roles.xml
and users.xml
files, and compare the $rtvrole and the CMDB-related substitutions to
verify user permissions and accessibility. For details, see
Role Based Security/Configuration in the
RTView
User Guide. If you want to integrate RTView EM with LDAP or other user and
security management systems, see
Custom Security Managers in the
RTView
User Guide.
To
configure Role Management you define your
users and user roles by editing the users.xml and roles.xml
files, located in your project directory/servers/central
directory. In the users.xml
file you specify each user name, as well as the associated encrypted password and role. In the
roles.xml file you specify, per role, the included and excluded displays,
and configure substitutions to define what portion of the CMDB is visible in the
CMDB display. There is no limit to the number of roles and users
you can add to the files.
By default, all
substitutions are set to * (asterisk), which specifies no role
restrictions under
your project
directory.
Also by default, there are three defined and
implemented roles:
read, admin and super. Only the admin and super
roles have access to all features in all displays. The following table
summarizes the functionality that is accessible per role:
| |
Role |
Permission |
| |
read |
Access to all displays and functionality except
administrator functions. |
| |
admin/super |
Access to all displays and functionality. |
| |
|
Full access to the
Alerts Table display, including
the following buttons: |
| |
|
|
Admin button to access the Alert
Administration display. |
| |
|
|
Annotate button that opens a dialog window to
insert comments to the selected alert. |
| |
|
Full access to the
CMDB Admin display for
modifying the CMDB structure, including: |
| |
|
|
Manage Owner button to Delete, Rename or Merge Owners. |
| |
|
|
Manage Area
button to Delete, Rename or Merge
Areas. |
| |
|
|
Manage Group
button to Delete, Rename or Merge
Groups. |
| |
|
|
Manage Service
button to Delete, Rename or Merge
Services. |
| |
|
|
Add CI To
button to add a new CI to the current Service. |
| |
|
|
Add CI
button to add a new CI to a new Service. |
| |
|
|
Update Criticality like selected CI
button to update the criticality of the Service with that of the selected
CI. |
| |
|
|
Update
button to update several fields of the selected CI (Environment, Region, and so
forth). |
| |
|
|
Delete
button to delete the selected CI. |
The following figure illustrates the RTView EM components
that are the subject of this section.
At this
point you have:
To configure role management:
1. Open the roles.xml file, located in
your project
directory/servers/central
directory, in a text editor. By default, the
read, admin and super
roles are defined as follows:
<?xml version="1.0"?>
<roles xmlns="www.sl.com"
>
<role>
<name>read</name>
<displays>
<include>ALL</include>
</displays>
</role>
<role>
<name>admin</name>
<displays>
<include>ALL</include>
</displays>
</role>
<role>
<name>super</name>
<displays>
<include>ALL</include>
</displays>
</role>
</roles>
2. Create new roles using the following
substitutions:
| |
$rtvrole: |
Specifies the role of the logged in user. Can also
be used to modify the role permission. |
| |
$rtvOwnerMask: |
Specifies the list of visible Owners. |
| |
$rtvAreaMask: |
Specifies the list of visible Areas. |
| |
$rtvGroupMask: |
Specifies the list of visible Groups. |
| |
$rtvServiceMask: |
Specifies the list of visible Services. |
| |
$rtvManageableCompID: |
Specifies the list of visible CIs. |
For each role, specify the included and excluded
displays, and the values of the substitutions that define the visible part of
the CMDB.
The following example illustrates a role named ITmanager with no
admin permissions that has access to
all owners within
the two IT areas of the company:
<role>
<name>ITmanager</name>
<displays>
<include>ALL</include>
</displays>
<sub name="$rtvrole"
value="read" />
<sub name="$rtvOwnerMask"
value="*" />
<sub name="$rtvAreaMask"
value="'IT Servers','IT Central'" />
</role>
3. Save the file.
4. Open the users.xml file, located in the
your project
directory/servers/central directory, in a text editor. By
default, there are three users defined, super, admin and demo:
<?xml version="1.0"?>
<users xmlns="www.sl.com" >
<user>
<name>super</name>
<password>0133401351013460133501348</password>
<role>super</role>
</user>
<user>
<name>admin</name>
<password>0133101334013430133901344</password>
<role>admin</role>
</user>
<user>
<name>demo</name>
<password>01334013350134301345</password>
<role>read</role>
</user>
</users>
5. Add the new role you just created in Step 2 to
this file. For example:
<?xml version="1.0"?>
<users xmlns="www.sl.com" >
<user>
<name>super</name>
<password>0133401351013460133501348</password>
<role>super</role>
</user>
<user>
<name>admin</name>
<password>0133101334013430133901344</password>
<role>admin</role>
</user>
<user>
<name>demo</name>
<password>01334013350134301345</password>
<role>read</role>
</user>
<user>
<name>Johnson</name>
<password>0133801335013420134201345</password>
<role>ITmanager</role>
</user>
</users>
6. Save the file.
7. Add as many users to the users.xml file as
needed. NOTE: You can
encrypt passwords using
the encode_string utility.
8. Save the file.
9. Restart the Display Server, if you are using
the Thin Client, and/or the Viewer if you have installations that are working
locally.
You have finished configuring EM Role Management.
Proceed to
Configure HA.
|
