1.11.1 Access control using user groups and resource groups
A user group is a group which is created taking into consideration the type of organization or business and in which JP1/AO users are registered. A resource group is a group which is created at the level at which you want to control access and in which JP1/AO resources (such as services and connection destination definitions) are registered. To control access such as execution of services, or referencing tasks by using these groups, you must assign to each user group the resource groups to which you want to permit access.
The following figure shows an example of controlling accesses using user groups and resource groups.
|
|
![[Figure]](GRAPHICS/UG020050.GIF)
In the example in the figure, users A, B, and C, who belong to user group 1, can use the resources in resource group 1. Users C, D, and E, who belong to user group 2, can use resources in resource groups 2 and 3. User F, who belongs to the built-in user group, has access to all services in JP1/AO because All Resources (built-in resource group) is assigned. Because of this, users A and B who belong to user group 1 only cannot reference services of resource groups 2 and 3.
Group management in JP1/AO lets you efficiently control the access each user has to specific services in the context of user groups.
In scenarios such as a multi-tenant system of IT operation in a data center, you can sort the services used by each tenant into resource groups, thereby limiting the services each user group can execute. By doing so, you can avoid executing services of another tenant by mistake, and limit the range of tasks that can be referenced by each tenant.