Configure User and Role Management
This section describes how to configure RTView Enterprise user and role management. Use Role Management to permit and deny access to displays as well as some functionality in certain displays based on the logged in user or role. The alert, CMDB administration and other administration views check the role of the logged in user to prevent users that are not the admin or super role from saving settings. The RTView Alert Table checks the role of the logged in user to hide buttons based on the role of the logged in user. You can also set substitutions on your users and roles to filter what portion of the CMDB is visible in the Service Tree, Service Views and Alerts tabs as well as the CMDB Administration view.
Note that if you are Using the Pre-configured Apache Tomcat Installation as your application server, you can optionally Integrate LDAP with Tomcat and HTML UI.
To configure Role Management you define your users and user roles by editing the users.xml and roles.xml files, located in the RTViewCentral/projects/rtview-server directory. In the users.xml file you specify each user name, the associated encrypted password, role and optional substitutions to filter what portion of the CMDB is visible for that user. In the roles.xml file you specify, per role, the included and excluded displays, and optional substitutions to define what portion of the CMDB is visible for that role. There is no limit to the number of roles and users you can add to the files. By default, all substitutions are set to * (asterisk), which specifies no role restrictions under the RTViewCentral/projects/rtview-server directory.
For details on users.xml and roles.xml syntax, see Role Based Security/Configuration in the RTView Core© User’s Guide.
Substitutions for User and Role Management
The following substitutions can be set per user or per role and will limit the CMDB entries shown in the Service Tree, Service Views and Alerts tabs. For example, if your application has three Owners: Owner 1, Owner 2, and Owner 3, and you specify $rtvOwnerMask=Owner 1 for a role, users that login with that role will only see the services under Owner 1 in the SERVICE TREE, SERVICE VIEWS and ALERTS tabs, and only see alerts related to services under Owner 1 in the ALERTS tab. If a substitution is set for both the user and role, the role value will take precedence. To specify multiple values, separate them with commas. To specify all values, use * or just do not include the substitution in your user and role settings.
|
$rtvOwnerMask: |
Set this to filter the Owners a user or role will see in the Service Tree, Service Views and Alerts tabs. For example, <sub name="$rtvOwnerMask" value="Owner 1,Owner 2" /> |
|
$rtvAreaMask: |
Set this to filter the Areas a user or role will see in the Service Tree, Service Views and Alerts tabs. For example, <sub name="$rtvAreaMask" value="*" /> |
|
$rtvGroupMask: |
Set this to filter the Groups a user or role will see in the Service Tree, Service Views and Alerts tabs. For example, <sub name="$rtvGroupMask" value="Group 1,Group 2" /> |
|
$rtvServiceMask: |
Set this to filter the Services a user or role will see in the Service Tree, Service Views and Alerts tabs. For example, <sub name="$rtvServiceMask" value="MyService" /> |
|
$rtvManageableCompID: |
Set this to limit the alerts that can be closed by a user or role to alerts where the Primary Service value matches one of the items in the list. |
Also by default, there are five defined and implemented roles: read, event, full, admin and super. Only the admin and super roles have access to all features in all displays. The following table summarizes the functionality that is accessible per role:
|
Role |
Permission |
|
read |
Access to all displays and functionality except administrator functions. |
|
admin/super |
Access to all displays and functionality including all actions on the Alerts Table display, write access in the Alert Administration display, and write access in the CMDB Admin displays. |
|
full/event |
Access to all displays. Access to all actions in the Alerts Table display. |
Configuration Steps
This section assumes you completed the Configure Service Model instructions, and that you also have configured RTViewCentral database for your production environment (if not, see Configure RTViewCentral Databases.
To configure role management:
| 1. | Open the roles.xml file, located in your RTViewCentral/projects/rtview-server directory, in a text editor. By default, the read, admin and super roles are defined as follows: |
<?xml version="1.0"?>
<roles xmlns="www.sl.com" >
<role>
<name>read</name>
<displays>
<include>ALL</include>
</displays>
</role>
<role>
<name>admin</name>
<displays>
<include>ALL</include>
</displays>
</role>
<role>
<name>super</name>
<displays>
<include>ALL</include>
</displays>
</role>
</roles>
| 2. | Create new roles. For each role, optionally specify the included and excluded displays, as well as the values for the substitutions that define the visible part of the CMDB and actionable alerts (as described above). For example, the following illustrates a role named ITmanager that has no administrator permissions and does have access to all owners within the two IT areas of the company: |
<role>
<name>ITmanager</name>
<displays>
<include>ALL</include>
</displays>
<sub name="$rtvrole" value="read" />
<sub name="$rtvOwnerMask" value="*" />
<sub name="$rtvAreaMask" value="IT Servers,IT Central" />
</role>
| 3. | Save the file. |
| 4. | Open the users.xml file, located in the your RTViewCentral/projects/rtview-server directory, in a text editor. By default, there are three users defined, super, admin and demo: |
<?xml version="1.0"?>
<users xmlns="www.sl.com" >
<user>
<name>super</name>
<password>0133401351013460133501348</password>
<role>super</role>
</user>
<user>
<name>admin</name>
<password>0133101334013430133901344</password>
<role>admin</role>
</user>
<user>
<name>demo</name>
<password>01334013350134301345</password>
<role>read</role>
</user>
</users>
| 5. | Add the new role you just created to this file and optionally add values for the substitutions that define the visible part of the CMDB and actionable alerts (as described above). For example: |
<?xml version="1.0"?>
<users xmlns="www.sl.com" >
<user>
<name>super</name>
<password>0133401351013460133501348</password>
<role>super</role>
</user>
<user>
<name>admin</name>
<password>0133101334013430133901344</password>
<role>admin</role>
</user>
<user>
<name>demo</name>
<password>01334013350134301345</password>
<role>read</role>
</user>
<user>
<name>Johnson</name>
<password>0133801335013420134201345</password>
<role>ITmanager</role>
</user>
</users>
| 6. | Add as many users to the users.xml file as needed. |
| 7. | Save the file. |
| 8. | Restart the Display Server if you have installations that are working locally. |
You have finished configuring RTView Enterprise Role Management.