Creating, modifying, and deleting users, groups, and roles

You can use SQL commands to organize collections of users into groups and then assign roles to each group to control access to ObjectServer objects. You can create, modify, and drop users, groups, and roles.

Permissions control access to objects and data in the ObjectServer. By combining one or more permissions into roles, you can manage access quickly and efficiently.

Each user is assigned to one or more groups. You can then assign groups permission to perform actions on database objects by granting one or more roles to the group. You can create logical groupings such as super users or system administrators, physical groupings such as London or New York NOCs, or any other groupings to simplify your security setup.

For example, creating automations requires knowledge of Tivoli Netcool/OMNIbus operations and the way a particular ObjectServer is configured. You do not typically want all of your users to be allowed to create or modify automations. One solution is to create a role named AutoAdmin, with permissions to create and alter triggers, trigger groups, files, SQL procedures, external procedures, and signals. You can then grant that role to a group of administrators who will be creating and updating triggers.

Default groups and roles for network management operators and administrators are defined in the security.sql SQL script. You can also use this script as a template to create your own groups and roles.