Scom 2012 knowledge sharing-20: Managing User Roles

Platform: System Center 2012 RTM/SP1

Bytes ------------------------------------------------------------------------------------------------------

In System Center 2012-operations manager, user roles are used to assign permissions required to access monitoring data and perform operations. User roles are intended to be applied to user groups. These users must have access permissions to the same monitoring object group and perform operations on the group. By default, only the Operations Manager Administrator account has the right to view and process monitoring data. User roles must be assigned to all other users before they can view or process monitoring data.

User roles are created using the create user role wizard. In this wizard, you can configure one or more operations manager groups for Active Directory Security groups assigned with this User Role and monitoring objects that this user can access, and the tasks and views that the user role can access.

User roles are a combination of configuration files and scopes, as shown in. A user can have multiple roles, and the result scope is the union of all user roles.

650) This. width = 650; "Title =" ic657222 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" ic657222 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515233V2bU.gif "Height =" 484 "/>

Bytes ------------------------------------------------------------------------------------------------------

As the Operations Manager Administrator, you may want to restrict access to monitoring data. Role-based security allows you to restrict user privileges on all aspects of operations manager. If you add a computer account to a user role member, all services on the computer are allowed to access the software development kit (SDK ). We recommend that you do not add a computer account for any user role.

In operations manager, you have grouped operations that resolve alerts, run tasks, replace monitors, create user roles, view alerts, and view events to the configuration file, each configuration file represents a specific job function, as shown in the following table.

The following link lists the default Administrator roles and scope of scom.

Http://technet.microsoft.com/zh-cn/library/hh212858.aspx

On the Manage-User Role page, you can view all default user roles.

650) This. width = 650; "Title =" 10 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 10 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515234ivmT.png "Height =" 446 "/>

Bytes ------------------------------------------------------------------------------------------------------

You can right-click a specific user role to view its attributes.

650) This. width = 650; "Title =" 11 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 11 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515235a2Cx.png "Height =" 403 "/>

You can add a user to a role in the properties pane to become a member of the role ,.

650) This. width = 650; "Title =" 13 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 13 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515235TUg2.png "Height =" 484 "/>

You can also create a new user role. Here, I create a read-only Operator role ,.

650) This. width = 650; "Title =" 17 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 17 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515236CRvH.png "Height =" 484 "/>

Enter the name of the Custom User Role group and add the members of the Custom User role ,.

650) This. width = 650; "Title =" 18 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 18 "src =" http://img1.51cto.com/attachment/201407/28/639838_14065152366MyI.png "Height =" 484 "/>

You can specify the objects in the group that our Custom User roles can monitor ,.

650) This. width = 650; "Title =" 20 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 20 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515237Plg4.png "Height =" 484 "/>

On the approve dashboard and view page, you can restrict this role member to access the view's dashboard monitoring view ,.

650) This. width = 650; "Title =" 21 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 21 "src =" http://img1.51cto.com/attachment/201407/28/639838_14065152403EH4.png "Height =" 484 "/>

Specifies that a user role member can access the task pane ,.

650) This. width = 650; "Title =" 22 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 22 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515240tIHG.png "Height =" 484 "/>

Select a dashboard that you can view.

650) This. width = 650; "Title =" 23 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 23 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515241WUw3.png "Height =" 484 "/>

After adding ,.

650) This. width = 650; "Title =" 24 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 24 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515241nP3G.png "Height =" 484 "/>

After the configuration is complete, as shown in.

650) This. width = 650; "Title =" 25 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 25 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515242gGNn.png "Height =" 484 "/>

650) This. width = 650; "Title =" 26 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 26 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515242vtXa.png "Height =" 205 "/>

After setting, we will use the readonly group role to log on to the scom console. We will find that we can only view or configure the specified functions.

650) This. width = 650; "Title =" 27 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 27 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515242C4pp.png "Height =" 453 "/>

650) This. width = 650; "Title =" 28 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 28 "src =" http://img1.51cto.com/attachment/201407/28/639838_1406515243FLbn.png "Height =" 406 "/>

Bytes -------------------------------------------------------------------------------------------------------------

This article is from the blog "Zeng luxin's technical column" and will not be reposted!