2.2 Functions for managing operation targets
JP1/AO provides the following functions to manage operation targets:
-
Managing groups
You can use user groups and resource groups to restrict the range of services that can be run and tasks that can be referenced for each user group.
-
Managing connection destinations
In JP1/AO, a host at a connection destination that is the operation target of a service is called a connection destination. You can restrict connection destinations as targets of services for each resource group, and centrally manage authentication information for hosts at connection destinations in order to reduce workload during operation.
Detailed access control according to operations and jobs - managing groups
By allocating resource groups to user groups, you can restrict the services and tasks that each user can access. At this time, you can specify permissions (roles) to restrict available service operations (such as managing and running services) for each user group.
The following shows an example of access control using resource groups and user groups.
In this example, users A, B, and C who belong to user group 1 can use the resources in resource group 1. Users C, D, and E who belong to user group 2 can use the resources in resource groups 2 and 3. User F who belongs to the built-in user group can access all services in JP1/AO because All Resources (built-in resource groups) is assigned to it. Therefore, users A and B, who belong only to user group 1, cannot reference the services of resource groups 2 and 3.
Thus, using group management enables you to efficiently control accessible services so that they match the usage goals of users.
For example, if IT operations running at a data center are divided among multiple tenants, you can classify the services used by the individual tenants by resource group and restrict the services that can be run by each user group. This allows you to prevent services of another tenant from being run by mistake, and to restrict the range of tasks that can be referenced by each tenant.
Agentless operations that reduces the load of management - managing connection destinations
The function for managing the connection destination information (including resource group names and host names) and the authentication information (including the user ID, password, and protocol used to log in to the host at the connection destination) for each connection destination is called the connection destinations management function.
If you register the connection destination information in JP1/AO, you can control accesses to the connection-destination hosts for each resource group when running services. If you also register the authentication information, you can save the time required to enter the authentication information each time a service is run because JP1/AO can manage information (such as passwords) shared among multiple services. You can also specify the protocol and authentication method for each host to be connected.
In this figure, the administrator user with the Admin role uses window operations to register connection destination information and authentication information, and then the service execution user with the Submit role for resource group R runs the services. In this case, the service execution user can connect only to host1 whose connection destination information has been registered, but cannot connect to any other host. Because the authentication information for host1 has been registered in JP1/AO, the user does not need to enter a user ID or password when running a service.