Unsupported contentThis version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Specifying objects

When creating or modifying authorization profiles, in addition to restricting access to specific features, you can also restrict access to specific PATROL Agents, Computer System Configuration Items (CSCI), devices, and other objects. You specify this granular level of access through the selection of objects on the Objects tab of the Profile Details page.

This topic describes the following information about specifying objects: 

 

Overview of the Objects tab

The Objects tab is where you specify the object restrictions for the authorization profile, as shown in the following image and described the table that follows. 

authProfileObjects.png

Object filtering

For each category, the Objects tab always displays the available types of objects for each category. The data sources determine the objects that exist for a selected type. When you select a category, type, and source, you can then specify individual objects available to the user groups in the authorization profile. The following table lists the types, sources, and objects available for each category.

Categories

Types

Source

Accessible objects

TrueSight Presentation





Applications

Host name or IP address of the Presentation Server




Devices

Groups

Monitoring Policy Configuration Types

Any combination of the following monitoring policy configuration types:

  • Agent Configuration
  • Configuration Variables
  • Solution Configuration

PATROL Agent ACLs

PATROL Agents specified in a PATROL Agent ACL

PATROL Solutions

Solutions that can be configured by creating policies in Central Monitoring Administration.

TrueSight Infrastructure




CIs

Host name or IP address of Infrastructure Management servers



Component Folders

Event Folders

Monitor Groups

Views

How object hierarchy affects monitoring permissions

Providing access to an object enables access to objects that are subordinate to it, as detailed in the following table:

Object type

Subordinate objects

Applications

Devices and groups in the application

Groups

Sub-groups, devices, and monitor instances in the group

Devices

Monitor instances under the device

Note

You cannot specify monitor-level permission in authorization profiles. To provide access to a specific monitor instance under a device, you must create a group, add those monitor instances to the group, and add the group to the authorization profile. 

To illustrate how the object hierarchy affects the monitoring permissions of the users in the authorization profile, observe how the objects listed under Selected objects map to the objects listed in Monitoring permissions, which lists the objects that users could access in the Operations Management console.

Selected objects

Monitoring permissions

Related topics

Role-based-access

Getting-started-with-devices-and-events

Managing-authorization-profiles

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*