IBM Tivoli Composite Application Manager for Transactions, Version 7.4.0.0

Setting up security for Response Time

Set up Response Time security and logical views with IBM Tivoli Monitoring security controls so that unauthorized users cannot view or modify applications, transactions, or profiles.

This section provides the following information:

Giving permissions to individual users

The Application Management Configuration Editor uses the following IBM Tivoli Monitoring security controls to determine the following:
  • Who can see and launch the Application Management Configuration Editor.
  • What profiles and transactions a user can view and edit.
  • Which agent types a user can access.
Use the following chart to help you decide what permissions you want to give to individual users. For example, if you set up a user with access to Response Time Dashboard and Robotic Response Time, but not Applications, that user can view and create new Robotic Response Time Profiles, but cannot create new Robotic transactions or edit existing Robotic transactions.
Note: If you give a user permission to access one or more agent types, such as Robotic Response Time, Web Response Time, the Transaction Collector, or the Transaction Reporter, and if you also give permission to access one or more applications, such as Applications, or Response Time Dashboard, or Application Management Console, then the user will be able to view only profiles or applications of those types.
Allowed Application

If allowed, a user can

If NOT Allowed, a user cannot
  • Response Time Dashboard (IBM Tivoli Monitoring, v6.2.0)
  • Application Management Console (IBM Tivoli Monitoring, v6.2.0.1)
  • View the profiles tree.
  • View profiles.
  • Modify profiles.
Applications
  • View the applications tree.
  • View applications.
  • Modify applications.
Clients
  • View the clients tree.
  • View clients.
  • Modify clients.
Robotic Response Time plus Applications access
  • View robotic transactions.
  • Modify robotic transactions.
Web Response Time plus Applications access
  • View Web Response Time (HTTP/S) transactions.
  • Modify Web Response Time (HTTP/S) transactions.
Transaction Collector or Transaction Reporter plus Applications access
  • View Transaction Tracking transactions.
  • Modify Transaction Tracking transactions.
Robotic Response Time plus Dashboard / Application Management Console access
  • View Robotic Response Time profiles
  • Modify Robotic Response Time profiles.
Web Response Time plus Dashboard / Application Management Console access
  • View Web Response Time profiles.
  • Modify Web Response Time profiles.
Transactions Collector OR Transactions Reporter plus Dashboard / Application Management Console access
  • View Transaction Tracking profiles.
  • Modify Transaction Tracking profiles.
For detailed information on setting up security, see the "User Administration" chapter in the IBM Tivoli Monitoring Administrator's Guide.
Note: To see the Application Management Console Application tree you need both the Application Management Console permission as well as the Applications permission.
  1. Access the Tivoli Enterprise Portal.
  2. Access Administer Users by clicking on User Icon.
  3. Select the Users tab.
  4. If you have not already done so, you must create the user to whom you want to set up permissions. For details on doing this, see IBM Tivoli Monitoring Administrator's Guide.
  5. Do the following to grant a user permission to see the Application Management Configuration Editor icon in the Tivoli Enterprise Portal toolbar:
    1. Select the user.
    2. Click the Permissions tab.
    3. Select Situations under Authorities.
    4. Click the Modify check box.
    5. Click the Applications tab.
    6. Use the arrow buttons to move any of the following from the Available Applications column to the Allowed Applications column.
      • Applications
      • Clients
      • Response Time Dashboard
      • Robotic Response Time
      • Web Response Time
      • Transaction Collector
      • Transaction Reporter
  6. Click Apply to save the settings for this user.
  7. (Optional) Repeat the previous steps to set up permissions for another user.
  8. When you finish setting up users, click OK to close the window.

Setting up security with logical views

If you do not customize the Tivoli Enterprise Portal, the default view when a user accesses the portal is the Navigator Physical view. This default view shows the entire enterprise as a physical mapping of platforms, systems, monitoring agents, and monitored resources, which means that Tivoli Enterprise Portal detected the managed systems in the network and created items for them under the appropriate platform branch. If new managed systems come online, the software adds them to the default Navigator Physical view, unless you set up different logical views for different users. You can define Navigator Logical views for any obvious hierarchical grouping, such as business units, job responsibilities, or geographical sites. You can then use Logical views in conjunction with individual user permissions to create a limited view specific to a single user (or group of users) that restricts access to ITCAM for Transactions.

If you have access to Applications, then you can see a list of the applications underneath the Application Management Console, If you don't have this access, you cannot see those applications.

The following example shows the default Navigator Physical view and restricted view for a group called East Coast Administrators, who are responsible for monitoring the Plants by WebSphere application:
Default Navigator Physical View East Coast Administrators Logical View

Physical view of the ITCAM for Transactions monitoring agents

A logical view of the ITCAM for Transactions monitoring agents, restricted to WebSphere applications

See the User Administration section in IBM Tivoli Monitoring Administrator's Guide and the Customizing the Navigator section in the IBM Tivoli Monitoring User's Guide for the specific steps for creating a Logical view, and use the following the process as a guideline.

  • Create users for the various users or groups of users for whom you want to set up access to specific applications, systems, and monitoring agents.
  • Create a custom logical view.
  • Give that view access only to the items that you want them to see and grant access to only that view, not the physical view.
  • (Optional) Give the user the ability to view more details by granting access to a specific monitoring agent.
  • Set up access so that the user only has access to the logical view that you create for them.
Parent topic: Using the Application Management Configuration Editor


Last updated: September 2014