Schema for Assigning Roles to channel Repository access by function

Assume you have 3 agencies using OM Web Viewer and each agency has 2 View® databases (A JCL database and a report database).

They need to be isolated.  The Finance department doesn't want Payroll users seeing their reports and vice versa. As they share a single OM Web Viewer, when for example a new Finance user comes along, and if they have a valid Mainframe ID they will go into the Default User group (which could be for Payroll or Customer Service). Getting them into the Finance Group requires someone with System Administrator authority.

Can you suggest another schema or process that would allow for automatic assignment to the appropriate role? Can we be assured a user from one agency/role won't be able to see the reports of the other two?  

Output Management Web Viewer 12.1

Assumptions: 

• 6 View® databases secured by mainframe security.
• 3 "agencies" each with access to 2 View® databases (no overlap) 
• 1 instance of OM Web Viewer 12.1 to serve all users. 

Recommendations for predefining users (one-time): 

1. Define 6 repositories, one for each View® database.
2. Define 3 roles, one for each "agency". Assign the appropriate repositories (View® database) to the roles. 
3. Create 3 models users, one for each "agency", and assign the appropriate role. 
4. From the Administration / User panel, Export the Users. This will produce an XML file (adminUser.xml by default).
5. Copy/edit adminUser.xml and strip out all users (<user>...</user>) records for all users EXCEPT the 3 model users.
6. Edit the resulting file, duplicating the user record (<user>...</user>) for each of the real users to add. Select the model user to match the actual user's agency.
7. From the Administration / User panel, Import the updated User XML file. Suggest conflict = Skip, else may replace already defined users
8. Refresh the user list (using form button, not browser refresh). Review the list to ensure users were added. 

Recommendations for dynamically added users (on-going) 

1. Update the Default User role. Remove all assigned repositories. 
2. When a new user (not predefined to OM Web Viewer) logs in, they will be assigned to this role. They will have no "Reports" nor repositories under Advanced Search.
3. These new users should be instructed log off from OM Web Viewer then request access for their agency. 
4. The OM Web Viewer system administrator (or their proxy) should login to OM Web Viewer, set their role to System Admin, locate the user under Administration / User then change the Selected Role to their agency (and remove Default User). 

See Also:

Adding roles to existing CA Output Management Web Viewer users with Export and Import for Releases 12.0 and 12.1