Hitachi

JP1 Version 12 JP1/Automatic Operation Administration Guide 


1.10.1 Controlling access using user groups and service groups

A user group is a group in which JP1/AO users are registered. The users in a user group might belong to the same organization or share similar responsibilities. Service groups are groups of JP1/AO resources (such as services and Connection Destinations), and are created at the level at which you want to control access. To use these groups to control access to functionality such as submitting services and viewing tasks, you assign to each user group the service groups to which you want to permit access.

The following figure shows an example of controlling accesses using user groups and service groups.

Figure 1‒16: Example of access control configuration

[Figure]

In this example, the Modify role is assigned to the user group Office 1 for the service group Office 1 Server Management. The user group Office 2 is assigned the Modify role for the service group Office 2 Server Management. The members of these user groups can execute, add, and delete resources in the service group for which they are assigned the Modify role. Because Office 1 also has the Submit role for Office 2 Server Management, users in the Office 1 user group can execute resources in the Office 2 Server Management service group on behalf of users in the Office 2 group. Because the access of the Submit role does not extend to resource management, users A and B who only belong to Office 1 cannot inadvertently delete the resources associated with another office.

In this example, the Office 2 user group is not assigned a role in relation to the Office 1 Server Management service group. Therefore, users D and E who only belong to the Office 2 user group cannot view the resources in the Office 1 Server Management service group. Suppose that User B is transferred from Office 1 to Office 2. In this scenario, you can remove Office 1 from the user groups to which User B belongs, and add Office 2. From that point, User B will no longer be able to view the resources in the Office 1 Server Management group.

User F, who belongs to the System Development Division user group, has access to all services in the JP1/AO system because he or she is assigned the All Service Groups built-in service group.

Managing groups in this way lets you efficiently control the access each user has to specific services.