The use case in this section demonstrates how configuration item (CI) based access control allows you to:
- Maintain access and permissions separately, thus leading to better management of resources
- Leverage the separation above to achieve the required level of control
Joe is an operator who has access to both Microsoft Windows and UNIX servers. The administrator wants Joe to be able to monitor and observe events generated from both these servers but wants to allow setting of thresholds only on monitors associated with UNIX servers.
The administrator can achieve this control by performing the following steps. For detailed information about procedures mentioned in these steps, see Managing users.
- Create two access control user groups: Windows servers and UNIX servers.
- Identify the CIs of the Windows server and add Windows Servers in the Read Security Access Control List (ACL) of these CIs.
- Identify the CIs of the UNIX server and add UNIX Servers in the Write Security ACL of these CIs.
- Create a user group called Threshold Management Operator. Create a role that contains permissions to set thresholds and associate this role with the Threshold Management Operator user group.
- Create a user group called Event Operator. Create a role that contains permissions to close events and associate this role with the Event Operator user group.
The figure below illustrates these settings.