Hi, people!!!
I would like to define a CTM-EM user who can only view the progress of jobs and if it ends OK or not.
Also, I would like to this user to not be able to modify or execute any job.
I will be pleased if anyone knows how I can do it or where can I get documentation about this.
Thanks,
Eche
Is it possible to define a read-only user?
Hi,
Put your user in the predifined group named <BrowseGroup>
Another solution would be to create a <new group> with your own specific permissions, and then put the user in this new group.
- The user(s) that belong to that group logout of CONTROL-M/Enterprise Manager GUI clients and CONTROL-M/Enterprise Manager Desktops.
- Recycle the Gui-Server to make the change take effect.
Once all are logged out, they can login again.
Put your user in the predifined group named <BrowseGroup>
Another solution would be to create a <new group> with your own specific permissions, and then put the user in this new group.
- The user(s) that belong to that group logout of CONTROL-M/Enterprise Manager GUI clients and CONTROL-M/Enterprise Manager Desktops.
- Recycle the Gui-Server to make the change take effect.
Once all are logged out, they can login again.
Best regards
Walty
Walty
Thanks, that was very useful.
Now, I want to go one step beyond. Do you know if is possible to give a user permission to submit certain jobs?
I have some Unix & Win jobs that are part of a chain and I'm in charge of starting it. I want the Win operator to have a CTM-EM user only to submit, check or rerun the Win job not all the jobs in CTM-EM.
Hope you understand my point.
Thanks again.
Now, I want to go one step beyond. Do you know if is possible to give a user permission to submit certain jobs?
I have some Unix & Win jobs that are part of a chain and I'm in charge of starting it. I want the Win operator to have a CTM-EM user only to submit, check or rerun the Win job not all the jobs in CTM-EM.
Hope you understand my point.
Thanks again.
Yes,
You can do this using the Control-M/EM Security mechanism. If you work with the Full Security Level parameter set to N (default) on Control-M/Server the users not defined in Control-M/Server security will have their rights controlled at Control-M/EM level exclusively.
The implementation of the security level in a DataCenter is very different from one customer to another.
For this reason, I recommend reading the following manuals: Control-M/EM Manager and Control-M/Server Admin Guide.
The security mechanisms of Control-M/EM and Control-M/Server together ensure a high degree of security.
You can do this using the Control-M/EM Security mechanism. If you work with the Full Security Level parameter set to N (default) on Control-M/Server the users not defined in Control-M/Server security will have their rights controlled at Control-M/EM level exclusively.
The implementation of the security level in a DataCenter is very different from one customer to another.
For this reason, I recommend reading the following manuals: Control-M/EM Manager and Control-M/Server Admin Guide.
The security mechanisms of Control-M/EM and Control-M/Server together ensure a high degree of security.
Best regards
Walty
Walty
Hi,
I suggest to use in this situation the Control-M/EM security based on a GROUP with limited access.
Try:
From Control-M/EM Manager / Tools / Authorisations / Groups
- Create a new GROUP and allow what specific access you want (Actions)
- Select 'Filter' and choose in the 'Field' tab what specific option you want to allow (like Application, Jobname,...) and in the 'Value' tab your appropriate selection
From Control-M/EM Manager / Tools / Authorisations / Users :
- Create a new user(s) or choose existing one and select which GROUP they have access (one user can be member of a differents GROUP)
- If user is already login please execute logout/login again
Using this kind of security allow the user to see only the jobs and execute only the actions that they are allowed in the GROUP. The user is not dependent on the type of viewpoint used.
I suggest to use in this situation the Control-M/EM security based on a GROUP with limited access.
Try:
From Control-M/EM Manager / Tools / Authorisations / Groups
- Create a new GROUP and allow what specific access you want (Actions)
- Select 'Filter' and choose in the 'Field' tab what specific option you want to allow (like Application, Jobname,...) and in the 'Value' tab your appropriate selection
From Control-M/EM Manager / Tools / Authorisations / Users :
- Create a new user(s) or choose existing one and select which GROUP they have access (one user can be member of a differents GROUP)
- If user is already login please execute logout/login again
Using this kind of security allow the user to see only the jobs and execute only the actions that they are allowed in the GROUP. The user is not dependent on the type of viewpoint used.
Best regards
Walty
Walty