Chapter 14 Using the Systems Management Web Console

Configuring access control

The Systems Management Access Control allows the system administrator to restrict the users that can start, stop, and modify managed systems using the Web console. These privileges should be granted to any administrator who performs basic administrative tasks, such as starting a component that has stopped.

WARNING!

In an EAServer installation without EP Security installed, the roles used to constrain Web console access must be defined in Jaguar Manager before using them in the Web console security constraints.

If you have installed the EP Security option, the Portal Security Officer must first define access roles through the Portal Security Manager, and map those roles from EAServer to Enterprise Portal. At least one user must be associated with that role before the PSO can assign access permissions to an asset via the Web console. See the Enterprise Portal Security Guide for more information.

Access to the Access Control interface of the Web console should be granted only to those administrators who determine which roles have what type of permissions (read or update) on the managed services. Administrators that have this privilege effectively have access to all Web console functionality--the administrator can grant themselves any rights necessary.

Since the default user name and password are printed in this document, Sybase strongly advises that you change the user name and password that is used to log in to the Access Control interface after installation. See "Changing the settings of a component".

Once the access permissions are set for a component, the Web console checks the user role against the roles in the host EAServer.

See "Connecting to the Web console" for instruction on logging in to the Systems Management Access Control interface.

The Systems Management Access Control view displays all components by type.

Setting read and update permissions on a service

Expand the Components by Type folder.
Select the service in the object tree.
In the details view, there are two input fields:
- Read - any role with read permissions can see a component's status and retrieve error logs.
- Update - any roles with update permissions can see a component's status, retrieve error logs, start or stop components, and change component settings.
Enter the role that you want to grant read permissions, and the role to which you want to grant update permissions.
Click Apply Settings.

The new settings are applied to the service, and only those roles that have been granted either read or update permissions can access the component.