Page tree
Skip to end of metadata
Go to start of metadata

As an administrator, you can control access permissions to the TrueSight IT Data Analytics (or IT Data Analytics) product based on the user roles and permissions assigned to users.

Note that you can use various options to authenticate users into IT Data Analytics. However, regardless of the method you use to authenticate users, IT Data Analytics uses the access permissions described in this topic to authorize users.

Access permissions can be of two kinds – role-based access (or feature-level access) and data-level access. The role-based access permissions and data-level access permissions together determine the actions that a user can perform related to viewing, creating, modifying, or deleting data.`

This topic contains the following information:

Role-based access

Role-based access refers to access to various features (tabs) in the product, depending on the user role and responsibility. Thus, this kind of access is enabled at the feature-level. As an administrator, you can apply this kind of access by assigning user groups to roles.

The following roles are available in IT Data Analytics:

  • Super Admin
  • App Admin
  • Troubleshooter

For more information about roles, see Managing roles.

The following table provides an illustration of the feature-level access permissions available to different roles. Note that the 'X' symbol in the table indicates the access permissions available to various user roles.

Main tabSubtabRoles
Super AdminApp AdminTroubleshooter
DashboardsXXX
SearchXXX
Saved SearchesXXX
AdministrationData CollectorsXX 
Data PatternsXX 
NotificationsXX 
Users*X  
User Groups*X  
RolesX  
ComponentsX  
CredentialsXX 
HostsX  
Content PacksX

X

(Export only access)

 
System SettingsX  
External ConfigurationsX

X

(View only access)

 
Collection ProfilesX  
SettingsUser Settings

X

(Specific to individual user)

X

(Specific to individual user)

X

(Specific to individual user)

Change Password

X

(Specific to individual user)

X

(Specific to individual user)

X

(Specific to individual user)

If you are using Atrium Single Sign-On for user authentication, then the Users and user Groups pages are not available.

Data-level access

Data-level access refers to access to data emerging from particular data sources or applications.

Data-level access can be implemented by assigning user groups to data collectors. Data collectors are responsible for collecting data from various data sources and making it available for search. By assigning user groups at the time of data collector creation, you can restrict access to the data collected.

Note

Based on the data-access permissions, as a user, you can:

  • Perform searches on the event data to which you have been granted access.
  • See objects shared with you via saved searches.

This kind of access control is useful when you want to restrict access to application data based on user roles or based on users with certain attributes. You can group users with similar attributes by adding them to a common user group. After doing this, you can use that user group for assigning access permissions to particular application data (or data emerging from particular data sources).

For the data-level access permissions to be applied:

For more information about creating data collectors, see Collecting data into the system.

Where to go from here

To configure the product for data collection, see Collecting data into the system.

To configure user authorization, see Authenticating users with Atrium Single Sign-On or IT Data Analytics.