How collector permissions work


Child collectors inherit the permissions and role assignments specified for the parent collector. You cannot override a role assignment at a child collector level after the role has been assigned at a parent level. Therefore, roles and related permissions must be assigned at the highest-level collector.

A self collector must be defined in each collector tree. If more than one .mrl file containing collector definitions exists for any Knowledge Base, you need only one self collector defined. The following example illustrates the main collector, self, followed by the c1 collector and its child collectors, c1.one and c1.two. The collector tree also contains the c2 collector and its child collectors, c2.one and c2.two.

Collector tree definition example 

collector self:
{r[Full Access]; w[Full Access]; x[Full Access]}
END
collector c1:
{r[Service Administrator,Service Operators]; w[Service
Administrator,Service Operators]; x[Service Administrator,Service
Operators]}
END
collector c1.one:
{r[Service Managers-Senior]}
END
collector c1.two:
{r[Service Managers-Senior], w[Service Managers-Senior]}
END
collector c2:
{r[Service Managers-Senior,Service Administrator]; w[Service Managers-
Senior,Service Administrator]; x[Service Managers-Senior,Service
Administrator]}
END
collector c2.one:
{r[Service Operators], w[Service Operators]}
END
collector c2.two:
{r[Service Operators]}
END

The following points describe the user roles and associated permissions for the collectors defined in the previous example:

  • Users with a Super Admin role have read, write, and execute permissions for all collectors and subcollectors defined in this example. 
  • Users with Service Administrator and Service Operators roles have read, write,_and _execute permissions on collector c1 and subcollectors c1.one and c1.two
  • Users with a Service Managers-Senior role have read permissions at collector c1, and subcollector c1.one, and read and write permissions on subcollector c1.two
  • Users with Service Managers-Senior and Service Administrator roles have read, write, and execute permissions on collector c2, and subcollectors c2.one and c2.two
  • Users with a Service Operators role have read permissions at collector c2, and subcollector c2.two, and read and write permissions at subcollector c2.one.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*