in Operator Console how can I make different internal groups able to only see subsets of our devices?

book

Article ID: 220358

calendar_today

Updated On:

Products

DX Infrastructure Management

Issue/Introduction

We have some devices reporting in Operator Console that we want to isolate to be accessible to only a few groups.  How can we accomplish this?

Environment

Release : 20.3

Component : UIM OPERATOR CONSOLE - ACCOUNT ADMIN

Resolution

First we should review the types of users in UIM -

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/administering/types-of-users.html

In order to separate out groups of devices like this you would need to use Account Contact users and not Bus Users.  A high-level overview of this setup would be as follows:

- in Account Admin (now in Settings tab) you would need to create an account, e.g. "NetworkGroup" 
- also in Account Admin you would create an ACL for this group, like "NetworkGroupLDAPACL" and give the appropriate level of permissions for the users in that group
- next in Account Admin you would link that ACL to a specific LDAP group;  now, users who log into UIM who are part of that LDAP Group will be assigned this ACL and be treated as members of this Account
- next in Operator Console you would log in as the administrator and create a new group.  Set the appropriate filters to capture the devices that you are interested in, and choose the account (e.g. "NetworkGroup") at the top of the group creation screen - this will limit this particular group so that only members of the assigned account can see it.
- You would have to repeat this process for each different LDAP group, creating a unique Account and unique ACL for each one which would then be used to link the LDAP Group to the account.

 

Additional Information

see also- 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/administering/using-account-admin/add-or-modify-users-with-account-admin.html#concept.dita_47a6540198ab8cb897e14035d8e6ed8305f18217_ManageACLsandLDAPinAccountAdmin