3.8 Functions monitored in a business group
Performance Management enables you to group multiple monitored hosts together for each business system and specify the users who will be able to access each group. A group of monitored hosts is called a business group. When you use business groups, you can limit the users who monitor the operating status of each business system, thereby improving security. This is called the access control function based on business groups.
|
|
![[Figure]](GRAPHICS/ZU104070.GIF)
When the user to whom a business group is assigned logs on to the monitoring console, only the agents in that business group are displayed. The user can perform operation monitoring, such as displaying reports, only for the displayed agents.
For details about the configuration of the access control function based on business groups and the operations that can be performed from a monitoring console by a user to whom a business group has been assigned, see the chapters that describe user accounts and management of business groups in the JP1/Performance Management User's Guide.
The resources to be assigned to each business group are specified by monitored host. Therefore, if multiple agents are installed on the same host, those agents cannot be assigned to different business groups. The following figure shows an example of a configuration in which multiple agents are installed on a monitored host.
|
|
![[Figure]](GRAPHICS/ZU104071.GIF)
- Note
-
Access control over command execution when business groups are used
The commands of PFM - Manager and PFM - Base cannot be executed on a per business group basis. However, depending on option settings, you can limit the hosts that can be manipulated to the local host only. This can prevent a user from manipulating a host that does not belong to the user's business group. For details, see 3.9.4 Settings to limit the host subject to command processing.
The commands of PFM - Web Console can be used with the user permissions specified in the authentication key file that is created by using the jpcmkkey command. The user who created the authentication key file can execute the commands only on the monitored hosts in the business group to which that user is assigned.