As an alternative to using the built-in local opscenter-administrators group, you can assign portal-level roles to local and Active Directory groups.
Note: Local users are automatically members of the
opscenter-users group. By default, Active Directory users who are under the Base DN but not members a group are
not allowed to log in to the portal. (This is controlled by the
Add all users under Base DN to
opscenter-users group option described in
Configuring Active Directory as a directory service for Ops Center.) Instead, only AD group users are allowed to log in (because they are assigned the
opscenter-user role).
- Log in to the Ops Center portal as sysadmin or a user with opscenter-administrators membership.
-
From the navigation bar, click
Manage users and select
Groups from the Asset type list.
-
In the Groups window, find the entry
for the group and then click the role (profile with star) icon.
You can assign the following roles:
- opscenter-user
-
The default role assigned to users that grants
access to the Ops Center portal. These users can start products, but
they cannot view other users or groups, add products, or change
portal settings.
- opscenter-system-administrator
- Manage portal users, groups, product registration, user
federation (Active Directory/LDAP), and access all admin functions
within the component products.
- opscenter-security-administrator
- Similar to the system-administrator role, except that
it does not grant full access to admin functions within the
component products. Instead, this role grants access to the
Access product-level roles link in the
Inventory tab. This controls the mapping
of component-level roles to the roles defined in the Ops Center
portal. For example, a member of a group with the opscenter-security-administrator role
connecting to Automator will only see the
Administration tab with Resources and
Permissions; none of the other Administration categories (or other
dashboard tabs) are visible.
-
From the Available roles list, select the role
you want to assign and then click the left arrow. To remove a role from a group,
select the role from the Assigned roles list and then
click the right arrow.
-
When you are finished, click
< in the upper left corner of the window to return to the list of groups.