The SLM portlet cannot be accessed even with SLM ACL Admin privilege

book

Article ID: 33898

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

Problem:

The SLM portlet cant be accessed even with SLM ACL Admin privilege checked/applied to the user.

Related errors:

"The users's ACL does not have the required permission to access this portlet"

Environment:  

All CA UIM/Nimsoft NMS versions up to and including 8.4

Cause: 

The SLM portlet does NOT allow access to Account-Contact users, regardless of the ACL permissions set. This is due to the fact that the SLM portlet enables users to perform "sensitive" data operations such as manage the UIM database or access QOS raw data tables. There is no data segregation/multi-tenancy implemented for this portlet so it is only available for CA UIM administrative users. The SLM portlet cannot be accessed even with SLM ACL Admin privilege applied for an Account contact user. The underlying reasoning for this is that SLM is not 'multi-tenant aware,' so anyone using SLM can see any data and every SLA regardless of the account or origin to which it belongs. The SLM portlet would allow the user to see ALL available data, not just the data related to a specific origin or account.

Resolution:

SLM access is allowed only for CA UIM 'administrative' users, a.k.a. Real 'NimBUS' users in older Nimsoft/NMS product versions, the kind generated through 'User Administration' in the Infrastructure Manager.

'Account-Contact' users, set up through 'Account Administration,' and with Origin ownership's, are not allowed to access the SLM portlet.

Additional Information:

Permissions reference for UMP portlets.

https://docops.ca.com/display/UIM83/Permissions+Reference+for+UMP+Portlets#PermissionsReferenceforUMPPortlets-SLM

Environment

Release:
Component: CAUIM