2.4.1 Examining user management methods and the use of business groups
Taking security policies and considerations into account, the system administrator examines the user account management and operation methods to determine whether to use business groups. For user accounts, the setting of appropriate permissions corresponding to each worker's job duties needs to be considered.
- Organization of this subsection
(1) Examining user account management methods
With Performance Management, you can select the user account management method from the following two choices.
- How to manage user accounts in an operation monitoring system (PFM authentication mode):
-
This method manages user accounts by using PFM - Manager. User accounts are created in the window of PFM - Web Console. This is the management method for standard user accounts in a Performance Management system.
- How to perform integrated management of user accounts by using JP1/Base (JP1 authentication mode):
-
This method performs integrated management of user accounts by using JP1/Base, which is the authentication server of the integrated management product (JP1/IM). User accounts are created as JP1 users in JP1/Base. If this method is used when authentication by JP1/Base has already been performed using another JP1 product or when the linkage function of Performance Management is used to link with JP1/AJS3, JP1/IM, and JP1/SLM, there is no need to manage multiple accounts.
If the account is managed by a JP1 user, JP1/Base is required in the host on which PFM - Manager is installed. In a cluster environment, the logical host name for PFM - Manager and JP1/Base must be the same.
- Important
-
To enable linkage with JP1/IM2, use JP1 authentication mode.
|
|
![[Figure]](GRAPHICS/ZU103040.GIF)
(2) Examining user account operation methods
For security reasons, the system administrator grants the appropriate permissions for user accounts. User account permissions that can be set are either administrator user permissions or general user permissions. You can grant the following permissions to user accounts:
-
Administrator user permissions
-
General user permissions
-
General user permission per business group#
#: This permission can be granted only when the access control functions based on business groups is enabled.
In addition, passwords are set for user accounts. To prevent spoofing, passwords that are difficult to guess must be set. To increase security, delete any unused accounts. We recommend that passwords be changed regularly.
(3) Examining whether to use business groups
To limit the users who can access performance data in the individual business systems, you can use business groups. Each user is only allowed to reference the business group he or she has access to. This prevents mixing of different types of information, reduces operation mistakes, and maintains the integrity of monitored systems.
Consider using business groups when multiple system administrators will be monitoring the same system or when a large system will be monitored. If you use business groups, evaluate which monitored hosts are to be defined as the same business group and the user accounts that will be permitted to access the individual business groups.
|
|
![[Figure]](GRAPHICS/ZU103027.GIF)
- Tip
-
If you include a PFM - RM host in a business group, also include the hosts managed by that PFM - RM host (remote agent hosts) in that same business group. If you include a remote agent in a business group, it is not required that you include the corresponding PFM - RM host in the same business group. A system administrator empowered to run the entire system specifies the settings, including setting the collection interval for each remote agent.