How to limit a Spectrum User to a specific Global Collection
search cancel

How to limit a Spectrum User to a specific Global Collection

book

Article ID: 46069

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

I have a group of users where I would like to limit their Spectrum OneClick access to a specific Global Collection. How do I accomplish this?

Environment

Release: Any
Component:

Resolution

To limit a Spectrum users OneClick access to a specific Global Collection will require the use of Spectrum User Security. At the very least, a Security String will need to be assigned to the specific Global Collection and a custom Security Community with custom Privileges created for the User or Group model for the Security String assigned to the Global Collection. The following is a step by step guide to create a basic configuration to accomplish this task.

GOAL: The goal of this exercise is to limit a User or Group of users so they only have OneClick access to the RegionA Global Collection seen below.



 

Step 1: Assign a unique Security String to the RegionA Global Collection. This can be done in General Information subview in the Information tab of the RegionA Global Collection. For the purpose of this exercise, we will assign it a Security String of "REGIONA". The "REGIONA" Security String should also be applied to all of the models within the Global Collection as well. In addition, a Security String other than REGIONA should be assigned to all other models in the database. If not, this user will still be able to see alarms for these models in the My Spectrum folder in the Navigation panel. When using Security Strings in Spectrum, a model without a Security String assigned is open to all users.

Keep in mind that if you have a security string assigned to a model that is different than the security string that is assigned to the GC, when the user logs into OneClick they may still see the model listed, but will not see any alarms or information about it. To "fix" this, you need to either assign the user the security string the device has, or remove the security strings from the device (which will most likely require that you remove the security string from the container it is in).



 

Step 2: Create a new "REGIONA" Security Community for the User or Group model to associate to the "REGIONA" Security String on the RegionA Global Collection. It is recommended to use User Groups to make the administration of Users easier. Either create a new User Group or select an existing User Group in the Users tab. Select the User Group and click on the Access tab in the Contents panel. Remove any existing Security Communities and create a new one called "REGIONA".

 

Step 3: Create a new custom Role for the REGIONA Security Community. Select the REGIONA Security Community in the Contents panel. Click on the Roles tab in the Component Detail panel. Then click on the New button. Below is a screen shot of some of the recommended roles to select. The ones you select may be different based on your specific needs.



So far, with the above work done, when User1 logs into OneClick, they will see the following:

You will notice the user is able to "see" the RegionB and RegionC Global Collections. The reason is because the RegionB and RegionC Global Collections do not have a Security String assigned. You will need to assign the RegionB and RegionC Global Collections a Security String the user does not have an Access Community to. After assigning a Security String to the RegionB and RegionC Global Collections, the user is not able to see them anymore when they log into OneClick.



 

Step 4: As an additional step, you can configure Users in the Group so that their initial view when they log into OneClick is the RegionA Global Collection. To do this:

1. Log into OneClick as an ADMIN user

2. Click on the Users tab in the Navigation panel

3. Right mouse click on the User Group and select Set Preferences from the menu

4. Expand the Explorer Tab folder and select Initial View

5. Find and select the Global Collection (in this case, the RegionA GC)

6. Check the Locked check box in for the Initial View

7. Click on the Apply button

8. Click the OK button

Now when the user logs into OneClick, they are taken directly to the RegionA Global Collection.

You can also limit user access to a specific Universe Topology by following the directions in the "How to limit a Spectrum User or User Group to a specific Universe Topology" knowledge document.

 

Additional Information

Please reference the "User Administration in OneClick" and the "Model Security in OneClick" sections of the documentation for more information.