Users and Roles

Overview of the security model Copied

This section provides an overview of the Users and Roles model within Opsview Monitor, how to add new Users, configure Roles to limit access for certain Users and more.

This document explains the concept of Users, Roles, and Tenancies within Opsview Monitor, explain how to configure and add new Users, secure their access via Roles and create Tenancies for extra security and configuration options.

After reading the User Guide, Users should be able to create their own Users, Roles, and Tenancies and fine-tune the access control of Opsview Monitor for a range of different scenarios and requirements.

User and Roles Copied

Opsview Monitor provides a security model that allows you to easily restrict Users and what they can access. This means that if you want to restrict a User so that they cannot create their own dashboards, or restrict it so they can only see Hosts tagged with a certain Hashtag, then you can.

The access control within Opsview Monitor is all controlled via Roles. A Role is essentially a ‘blueprint’ of what a User can and cannot do or see within Opsview Monitor.

Roles enable you to control various facets of the User’s experience within Opsview Monitor, including what:

Once a Role is configured, i.e. the blueprint is created, then Users can be assigned to one or more Roles. A user gains the combined permissions from all assigned roles — see Combining multiple roles below. For example, if a user called ‘John’ is assigned only a Role that does not include Business Service Monitoring, he will not have any concept of Business Service Monitoring when he logs in.

The general workflow is to create Roles, i.e. define what can or cannot be done, and then create Users and assign them to those Roles. Modifying a Role changes the access control for every User assigned that Role.

In additional to Roles and Users, there is a concept of Tenancies. Tenancies are a grouping of Roles and Users together, so end-users can make changes to Roles and Users without knowing any information about other tenants.

Essentially, a Tenancy is a single Primary Role, which defines what objects (Hosts, etc.) the Tenancy can modify and see. This Primary Role becomes the basis for access control within the Tenancy. Unlike Roles, where it is a simply ‘One Role can ‘contain’ many Users’, a Primary Role (and thus a ‘Tenancy’) can be created to contain further sub Roles, as shown in the graphic below:

Users and Roles diagram

In the example above, there are two standard Roles; Customer A and Customer B. When a User is a member of the ‘Customer A’ Role, he can view all objects specified within the Role.

With ‘Customer C’ we have created a primary Role for the purpose of Multi-Tenancy. At this level, we have determined that all objects relating to ‘Customer C’ are available for Sysadmins to add to ‘sub Roles’. There are then two Roles created by the Tenancy Sysadmin; ‘Network team’ and ‘Apps Team’. These ‘sub Roles’ can take what is defined with the ‘Customer C’ primary Role and further limit it. For example, if Customer C can view 10 hosts, while ‘Network team’ Users can only view four of them.

Tenancies are a great way to give a control of Opsview Monitor to your users by allowing them to create new Hosts and further Roles and Users ’ all within their own secure, private environment.

Combining multiple roles Copied

When a user has multiple roles, permissions from all assigned roles are combined. How this works depends on which part of the role defines the permission.

Status access Copied

Permissions for status access are combined as follows:

For example, suppose Role A grants VIEWSOME and DOWNTIMESOME for Host Group A, and Role B grants VIEWSOME and ACTIONSOME for Host Group B. A user assigned both roles can view hosts in Host Group A and Host Group B, but can only schedule downtime on Host Group A and can only take actions (such as acknowledgments or rechecks) on Host Group B.

Configuration and administration Copied

For permissions on the Configuration and Administration tabs:

BSM Copied

For permissions on the BSM tab:

["Opsview On-Premises"] ["User Guide"]

Was this topic helpful?