6.6.1 User management considerations when monitoring work tasks centrally

(1) Conditions required for login

JP1/AJS3 Console uses the JP1/Base user authentication functionality when you log in to the JP1/AJS3 Console Manager from JP1/AJS3 Console View.

JP1/AJS3 Console retains a Main Scope window, to permit the JP1 users to monitor work tasks, at the JP1/AJS3 Console Manager hosts at the connection-destinations, and manages the definitions (monitoring objects) for each JP1 user. In order to prevent access by inadmissible users, there is a login process and users receive authentication.

The JP1 users that log in are authenticated by the authentication server that the JP1/AJS3 Console Manager host at the login destination references.

The following figure shows the conditions required to log in to a JP1/AJS3 Console Manager host from JP1/AJS3 Console View.

Figure 6‒13: Conditions required for login

1. The authentication server that the JP1/AJS3 - Manager (JP1/AJS3 Console Manager) references must be set at the JP1/AJS3 Console Manager host.

2. The JP1 users who will log in must be registered at the authentication server that the JP1/AJS3 - Manager (JP1/AJS3 Console Manager) references.

Since the definition details in the Main Scope window are saved individually for each JP1 user, no JP1 permission level setting is necessary.

To Page Top

(2) Conditions required to monitor work task statuses

JP1/AJS3 Console utilizes the user mapping functionality to monitor work tasks in JP1/AJS3.

Problems may occur if all the JP1 users who log on to JP1/AJS3 Console Manager are allowed to reference and operate the work tasks on JP1/AJS3 Console Agent (JP1/AJS3 - Manager) hosts. You should therefore map OS users onto the JP1 users that are to monitor work tasks at the JP1/AJS3 Console Agent hosts, so that the work task access permissions of the JP1 users that log in at the JP1/AJS3 Console Manager can be managed.

Note that these access permissions conform to the JP1 permission levels set on the authentication server referenced by the JP1/AJS3 Console Agent hosts. Since it is the OS users who actually monitor work tasks, the OS users must also be mapped to the JP1/AJS3 Console Agent hosts.

The following figure shows the conditions required to monitor work tasks in JP1/AJS3.

Figure 6‒14: Conditions required for status monitoring

1. You must register the JP1 users who will monitor work tasks on JP1/AJS3 Console Manager at the authentication server that the JP1/AJS3 Console Agent host references.

2. At the JP1/AJS3 Console Agent hosts, you must map OS users onto the JP1 users who are to monitor work tasks (specify the JP1/AJS3 Console Manager host name as the server host name).

3. When making setting 2 above at the JP1/AJS3 Console Agent hosts regarding JP1 users that will monitor work tasks, you must map the OS user specified as the primary OS user (specify the JP1/AJS3 Console Agent (local host) host name).

4. The JP1 users that monitor work tasks must have permission to reference the work tasks to be monitored (JP1_AJS_Guest permission or higher).

Supplementary notes

• In the user mapping setting in 2 above, if you set * (asterisk) as the server host name, the setting in 3 will not be required.

• To start up JP1.AJS3 - View from JP1/AJS3 Console View and operate work tasks, or to operate monitored work tasks directly from JP1/AJS3 Console View, you need operation permissions for the work tasks (JP1_AJS_Operator permission or higher).

• In the setting in 2 above, if the OS user specified as the primary OS user has administrator's permissions (Windows) or superuser permissions (UNIX), no restrictions apply to the JP1 permission level settings.

• You can monitor work tasks even if the user authentication blocs of the JP1/AJS3 Console Manager host and the JP1/AJS3 Console Agent host are different. However, if they are in the same user authentication bloc, you can log in without displaying the Login screen when starting JP1/AJS3 - View from JP1/AJS3 Console View. For details, see 13.5 Monitoring application in the Job Management Partner 1/Automatic Job Management System 3 Operator's Guide.

• JP1/AJS3 Console can monitor work tasks even if you do not register JP1 users for monitoring work tasks on the authentication server referenced by the JP1/AJS3 Console Agent host, as mentioned setting in 1 above. In this case, the following restrictions apply:

  (a) If the mapped OS user setting in 2 above is a member of the Administrators group (for Windows) or a superuser (for UNIX):

  • To start JP1/AJS3 - View from JP1/AJS3 Console View, login must be done on a started JP1/AJS3 - View.

  (b) If the mapped OS user in condition 2 is a general user (users other than those in (a)):

  • To start JP1/AJS3 - View from JP1/AJS3 Console View, login must be done on a started JP1/AJS3 - View.

  • Monitoring is not available if a resource group is specified for the jobnet to be monitored or a higher-level unit.

To Page Top

(3) Example user mapping definition

The following figure shows an example of defining user mapping.

Figure 6‒15: Example of user mapping definition

From JP1/AJS3 Console View, a JP1 user (jp1user1) logs in to the JP1/AJS3 Console Manager host (hostA). The JP1/AJS3 Console Manager host (hostA) directs the JP1/AJS3 Console Agent host (hostB) to monitor work task statuses for the JP1 user (jp1user1). The JP1/AJS3 Console Agent host (hostB) monitors the status of work tasks based on the permission level of the OS user (osuser1) mapped onto the JP1 user (jp1user1) from the JP1/AJS3 Console Manager host, and the JP1 access permission of the JP1 user (jp1user1).

To Page Top