Specifying objects

When creating or modifying authorization profiles, in addition to restricting access to specific features, you can also restrict access to specific PATROL Agents, Computer System Configuration Items (CSCI), devices, and other objects. You specify this granular level of access through the selection of objects on the Objects tab of the Profile Details page.

This topic describes the following information about specifying objects:

Overview of the Objects tab

The Objects tab is where you specify the object restrictions for the authorization profile, as shown in the following image and described the table that follows.

Object filtering

For each category, the Objects tab always displays the available types of objects for each category. The data sources determine the objects that exist for a selected type. When you select a category, type, and source, you can then specify individual objects available to the user groups in the authorization profile. The following table lists the types, sources, and objects available for each category.

Categories	Types	Source	Accessible objects
TrueSight Presentation
	Applications	Host name or IP address of the Presentation Server	Applications
	Devices		Devices
	Event Groups		Event groups
	Groups		Groups
	Monitoring Policy Configuration Types		Any combination of the following monitoring policy configuration types: Agent Configuration Configuration Variables Solution Configuration
	PATROL Agent ACLs		PATROL Agents specified in a PATROL Agent ACL
	PATROL Solutions		Solutions that can be configured by creating policies in Central Monitoring Administration.
TrueSight Infrastructure
	CIs	Host name or IP address of Infrastructure Management servers	Computer System Configuration Items (CSCIs)
	Component Folders		Component folders on the infrastructure device
	Event Folders		Event folders on the infrastructure device
	Monitor Groups		Groups in the TrueSight Infrastructure Management server
	Views		Views in the TrueSight Infrastructure Management server

How object hierarchy affects monitoring permissions

Providing access to an object enables access to objects that are subordinate to it, as detailed in the following table:

Object type	Subordinate objects
Applications	Devices and groups in the application
Devices	Monitor instances under the device
Event Groups	Child event groups, and events in the event group and child event groups
Groups	Sub-groups, devices, and monitor instances in the group

The following example illustrates how the event group hierarchy affects the monitoring permissions of the users in the authorization profile:

Event group hierarchy:

  By_Location
   America
    North America
    South America
   Asia
    India
      Metro
    Delhi
    Mumbai
      Non Metro
    Pune
    Chandigarh
    China

If America is the selected object, then users have access to America and its child event groups: North America and South America. If the selected object is China, which has no child event groups, then users have access to it. When child event groups will be added under China, users will have access to them as well.

Note

You cannot specify monitor-level permission in authorization profiles. To provide access to a specific monitor instance under a device, you must create a group, add those monitor instances to the group, and add the group to the authorization profile.

To illustrate how the object hierarchy affects the monitoring permissions of the users in the authorization profile, observe how the objects listed under Selected objects map to the objects listed in Monitoring permissions, which lists the objects that users could access in the TrueSight console.

Specifying objects

Overview of the Objects tab

Object filtering

How object hierarchy affects monitoring permissions

Selected objects

Monitoring permissions

Related topics

On this page