Assigning portal-level roles to Ops Center groups

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23

As an alternative to using the built-in local opscenter-administrators group, you can assign portal-level roles to local and Active Directory groups.

Note: Local users are automatically members of the opscenter-users group. By default, Active Directory users who are under the Base DN but not members a group are not allowed to log in to the portal. (This is controlled by the Add all users under Base DN to opscenter-users group option described in Configuring Active Directory as a directory service for Ops Center.) Instead, only AD group users are allowed to log in (because they are assigned the opscenter-user role).
  1. Log in to the Ops Center portal as sysadmin or a user with opscenter-administrators membership.
  2. From the navigation bar, click Manage users and select Groups from the Asset type list.
  3. In the Groups window, find the entry for the group and then click the role (profile with star) icon.
    You can assign the following roles:
    opscenter-user

    The default role assigned to users that grants access to the Ops Center portal. These users can start products, but they cannot view other users or groups, add products, or change portal settings.

    opscenter-system-administrator
    Manage portal users, groups, product registration, user federation (Active Directory/LDAP), and access all admin functions within the component products.
    opscenter-security-administrator
    Similar to the system-administrator role, except that it does not grant full access to admin functions within the component products. Instead, this role grants access to the Access product-level roles link in the Inventory tab. This controls the mapping of component-level roles to the roles defined in the Ops Center portal. For example, a member of a group with the opscenter-security-administrator role connecting to Automator will only see the Administration tab with Resources and Permissions; none of the other Administration categories (or other dashboard tabs) are visible.
  4. From the Available roles list, select the role you want to assign and then click the left arrow. To remove a role from a group, select the role from the Assigned roles list and then click the right arrow.
  5. When you are finished, click in the upper left corner of the window to return to the list of groups.