Permissions

To access the Agent Management UI, you require to be an administrator or a user with Agent Management role-based access control. The administrators can provide access to the application owners to view or manage App Server Agent inventory from the Agent Management UI. See Role-Based Access Control.

Currently, an administrator can manage only App Server Agents, and Machine Agents by using Smart Agents. An administrator can also view the tasks in progress, history of tasks, and import configuration to the Controller.

The application owners with role-based access control (RBAC) can manage the app server agents based on their roles.

Role-Based Access Control

The ITOps administrator (with the administrator role) can now use the role-based access control to provide permissions to application owners. These permissions allow the application owners to perform the following for a specific application (View Agent, Edit Agent or both) or for a specific account (Install Agent):

  • View Agent: to allow users in a specific role view the App Server Agent inventory in the Agent Management UI for the specific applications.
  • Edit Agent: to allow users in a specific role to manage (except install) one or more App Server Agents for the specific applications.
  • Install Agent: to allow users to install the agents based on all the Smart Agents that are associated with the account. The users with this permission will have the same permission as the administrator. The users can manage the agents from the App Server Agent inventory on the Agent management UI.
Note:

These permissions apply to AppServer Agent, Machine Agent, and Smart Agent.

Tabs other than App Server Agents will be inactive for the non-admin users.

Application-Based Access Control

An ITOps administrator can create a role for an application owner and assign any specific application to it. When you assign a user with the View or Edit permissions to the application, the user can respectively view or modify AppServer Agents, Machine Agents, and Smart Agents.

If you select the Edit Agent permission, the user with the specific role can manage (except install) only the agent associated with the application.

Perform the following to provide access based on the application:

  1. Create a role by navigating to Settings > Administration > Roles > Create, and then associate the role with a user.
    You must associate the role to the username of the application owner. See Manage Controller Tenant Users and Groups. If you have already created the role, select the role name under Name on the left pane.
  2. Click Applications.
  3. Under Custom Permissions for Applications / Tiers, click Add.
  4. Select the applications on which you require to allow the application owners to view or manage the agents, and then click Done.
  5. Select Custom under Permissions.
  6. Select View to enable the Edit checkbox, and then select Edit.
  7. Click Edit (All)
    1. Select View Agent if you require the users in the specified role to view the application-specific agent inventory in the Agent Management UI.
    2. Select Edit Agent if you require the users in the specified role to view and manage the agents through the Agent Management UI.

Account-Based Access Control

An ITOps administrator can create a role for any user. Administrator can specify the Install Agent permission for a role within a specific account. If you select the Install Agent permission, the user of the specified role can view, and manage all the agents connected to that account. The users can install the agents on all the Smart Agent hosts connected to that account.

Perform the following to provide access to install agents at the account level:

  1. Create a role by navigating to Settings > Administration > Roles > Create, and then associate the role with a user.
    You must associate the role to the username of the application owner. See Manage Controller Tenant Users and Groups. If you have already created the role, select the role name under Name on the left pane.
  2. Click Account > Add.
  3. Select Install Agent.
  4. Click Done.
Hence, the application owner can log in using their credentials and access Agent Management to manage the app server agents.