Authorization policies provide you with role-based access control capabilities for monitoring dashboards in IBM® Dashboard Application Services Hub. You can restrict the access that dashboard users have to managed system groups and to individual agent managed systems. The Tivoli® Authorization Policy Server and tivcmd Command-Line Interface (CLI) for Authorization Policy are required framework components for the IBM Tivoli Monitoring authorization policy feature.
For more information and advantages of using authorization policies over Tivoli Enterprise Portal user permissions to control dashboard user access to managed system groups and managed systems, see Authorization and authentication.
The tivcmd CLI should be installed on the computers where administrators create and work with authorization policies. The tivcmd CLI connects to an IBM Dashboard Application Services Hub where the Tivoli Authorization Policy Server package is installed by using HTTP or HTTPS. Therefore, it can either be installed on the same computer as Authorization Policy Server or on other computers that administrators use.
Authorization policy checking is disabled by default at the Tivoli Enterprise Portal Server. The installation of the Tivoli Authorization Policy Server and tivcmd CLI have no effect on IBM Tivoli Monitoring runtime behavior unless you enable authorization policy checking during configuration or reconfiguration of the Tivoli Enterprise Portal Server.
After successful installation of the Tivoli Authorization Policy Server and tivcmd Command Line Interface for Authorization Policy packages, you can execute various tivcmd CLI commands as required to create roles, grant permissions, exclude permissions, and so on. The IBM Tivoli Monitoring Administrator's Guide also provides examples of creating authorization policies for common scenarios in the Using role-based authorization policies chapter. The Preparing your dashboard environment chapter contains steps for configuring a dashboard environment to use authorization policies. For a complete list of tivcmd CLI commands, see the IBM Tivoli Monitoring Command Reference.
For a complete list of prerequisite criteria, see Required software and memory requirements for a dashboard environment.
| Task | Where to find detailed information |
|---|---|
| Install and configure using the IBM Tivoli Monitoring
installation launchpad or the IBM Installation
Manager graphical user interface. Note:
|
If you are using IBM Installation Manager to perform the installation and configuration, first install IBM Installation Manager and set up a repository. See Using IBM Installation Manager to install components from a local repository and Using IBM Installation Manager to install components from a network repository. To install the Authorization Policy Server or tivcmd CLI, see Installing and configuring the Tivoli Authorization Policy Server using the graphical user interface and Installing the tivcmd Command Line Interface for Authorization Policy using the graphical user interface. If you plan to install the infrastructure management dashboards, also see Installing and configuring the IBM Infrastructure Management Dashboards for Servers |
| Install and configure using IBM Installation Manager console mode. Note: You
can install the Tivoli Authorization
Policy Server and IBM Infrastructure
Management Dashboards for Servers at the same time but the tivcmd
CLI package must be installed separately.
|
Set up a repository by using the instructions in one of the following sections: Using IBM Installation Manager to install components from a local repository or Using IBM Installation Manager to install components from a network repository. To install the Authorization Policy Server, see Installing and configuring the Tivoli Authorization Policy Server using console mode. To install the tivcmd command line interface, see Installing the tivcmd Command Line Interface for Authorization Policy using console mode. |
| Install and configure using IBM Installation Manager silent installation mode. | Performing a silent installation of software packages using IBM Installation Manager |
| Configure the Tivoli Authorization Policy Server feature after installation. | Configuring the Tivoli Authorization Policy Server feature after installation |
| Verify the Tivoli Authorization Policy Server installation. | Verifying the Tivoli Authorization Policy Server installation |
| Create authorization policies and complete the
set up and configuration of the dashboard environment to use authorization
policies. Note: The user credentials that are specified during the
installation and configuration of the Authorization Policy Server
are assigned to the PolicyAdministrator role. You must use these credentials
with the tivcmd Command Line Interface to log in to the Authorization
Policy Server and assign other administrators permission to create
and work with authorization policies.
|
Using role-based authorization policies and Preparing your dashboard environment in the IBM Tivoli Monitoring Administrator's Guide. |
| Use IBM Installation Manager to save the Authorization Policy Server package information that is needed to perform a rollback in the future. | Saving package information for rollback |
| Upgrade the Tivoli Authorization Policy Server. | Updating the Tivoli Authorization Policy Server |
| Rollback the Tivoli Authorization Policy Server to a previously installed version. | Rollback of the Tivoli Authorization Policy Server |
| Uninstall procedures. | Uninstalling IBM Tivoli Monitoring components for a dashboard environment |