4.1.4 Restrictions on viewing and operating business groups

The system administrator can restrict what JP1 users are able to view and operate on. This is called restrictions on viewing and operating business groups.

If restrictions on viewing and operating business groups are enabled, a user can view and operate on only the JP1 events issued within the assigned business group. This prevents users from unintentionally operating on JP1 events in other business groups.

If restrictions on viewing and operating business groups are enabled, the following windows display only the JP1 events issued within the assigned business group:

Event Console window
Related Events window
Event Details window

Events window of the Integrated Operation Viewer

Figure 4‒6: The range of JP1 events that can be viewed and operated

In this example, resource group sigenA is assigned to business group A, and resource group sigenB is assigned to business group B.

For details about how to enable restrictions on viewing and operating business groups, see 5.19 Setting reference and operation restrictions on business groups in the JP1/Integrated Management 3 - Manager Configuration Guide.

When you change the configuration of business groups, note the following:

When moving the JP1/Base event server to another business group, initialize the event database.

If you do not initialize the event database, the JP1 users in the business group to which the event server is moved will be able to view and operate on JP1 events saved in the event database. Therefore, be sure to initialize the event database.

As an example, assume that business groups are configured as in the following figure.

Figure 4‒7: Configuration of business groups

Now move the event server in business group A to business group B.

Figure 4‒8: Moving the event server

The following explains the above example, in the order of the numbers in the figure:
1. Before the event server is moved, JP1 events issued on the event server (Event1, Event2, and Event3) can be viewed and operated on in business group A. In business group B, no JP1 events can be viewed and operated on yet.
2. After the event server is moved, JP1 events issued before the event server is moved (Event1, Event2, and Event3) can be viewed and operated on in business group A. In business group B, JP1 events issued after the event server is moved (Event4 and Event5) can be viewed and operated on.
3. If the event database is not initialized when the event server is moved, JP1 events issued before the event server is moved can also be viewed and operated on in business group B.
For details about how to initialize the event database, see the description about initialization of the event database in the chapter for setting the event service environment in the JP1/Base User's Guide.
Do not forward events between different business groups.

If you forward events between different business groups, JP1 events from different business groups are saved in the event server. This enables you to view and operate on JP1 events from business groups that you are not monitoring. Check and, if necessary, revise the forwarding settings for JP1 events before setting business groups.
Use an authentication server whose JP1/Base version is 07-00 or later.

When you enable restrictions on viewing and operating business groups, you cannot log in to JP1/IM - Manager if you use an authentication server whose JP1/Base version is earlier than 07-00.

For details about business groups, see 8.4 Managing business groups.

Organization of this subsection

(1) Settings when multiple business groups are assigned to a JP1 user
(2) Assigning a JP1 resource group and permission level to a JP1 user
(3) How to specify business groups

(1) Settings when multiple business groups are assigned to a JP1 user

You can assign multiple JP1 resource groups that can be viewed and operated to a JP1 user. You can also assign different JP1 permission levels for the individual resource groups. This enables operation as shown in the following figure, where a user can operate on some of the displayed JP1 events and can view other displayed JP1 events.

Figure 4‒9: Control of viewing and operating business groups by using combinations of JP1 resource groups and JP1 permission levels

To Page Top

(2) Assigning a JP1 resource group and permission level to a JP1 user

If restrictions on viewing and operating business groups are enabled, operations allowed for a JP1 user depend on the combination of the JP1 resource group and JP1 permission level assigned to the user. Check and, if necessary, revise the assigned JP1 resource group and JP1 permission level of the user.

For details about operations allowed for each combination of JP1 resource group and JP1 permission level, see E.2(2) Operating permissions required when restrictions on viewing and operating business groups are enabled.

When restrictions on viewing and operating business groups are enabled, even JP1 users who are restricted from viewing and operating business groups can perform the following operations:

Set the view filter
Display the event list and event details
Display event-information mapping
Monitor repeated events
Output a CSV file of the event list
Display the severe event list
Change the action status of JP1 events (when the Event Console window is used)
Change settings of memo entries
Search for events
Display correlation events
Execute commands, and display and click command buttons
Display event guide information
Start monitor windows and the Tool Launcher window
Manually register incidents (JP1/Service Support)
Link with BJEX and JP1/AS to list response-waiting events, enter responses to response-waiting events, release response-waiting events from the accumulate-and-hold state, and monitor the accumulation status

For details about JP1 permission levels when restrictions on viewing and operating business groups are disabled, see E.2(1) Operating permissions required when restrictions on viewing and operating business groups are disabled.

To Page Top

(3) How to specify business groups

When the conditions below are met, you can specify the path to a business group for an event condition or the name of the execution host (command execution target host). By doing so, you need only to change what hosts belong to a business group or monitoring group, and you do not need to change the definitions.

The IM Configuration Management database is enabled.
Business groups or monitoring groups are defined in the IM Configuration Management database.
The integrated monitoring database is enabled.
Restrictions on viewing and operating business groups are enabled.
Mapping of the event source hosts is enabled.

When these conditions are not met, even if you specify a business group for an event condition or the name of the execution host (command execution target host), it is handled as a host name rather than as a business group.

The following table describes the correspondence between the attributes for which a business group can be specified as an event condition and the functions.

Table 4‒3: Correspondence between the attributes for event conditions and the functions
Function	Attributes
Function	Source host (`B.SOURCESERVER)`	Destination event server name (`B.DESTSERVER`)	Event source host name (`E.JP1_SOURCEHOST`)
Severe event definition	Y	N	Y
Event search	Y	N	Y
Filtering using the event acquisition filter (common exclusion-conditions in extended mode)	Y	N	Y
Filtering using the event receiver filter	Y	N	Y
Filtering using the view filter	Y	N	Y
Automated action	Y	N	Y
Correlation event generation	Y	Y	Y
Severity change	Y	Y	Y
Changing the message display format	Y	Y	Y
Filter file for output of an event report	Y	N	Y
Mapping of the event source host	Y	Y	N
Suppression of repeated-event monitoring	Y	N	Y

Legend:

Y: Can be specified.

N: Cannot be specified. (The attribute does not exist.)

When you specify a business group for an event condition, you can specify IN (match) or NOTIN (do not match) as the operator.

If a condition for specifying a business group in a path representation is satisfied or the operator is neither IN (match) nor NOTIN (do not match), the business group is handled as a host name even if the business group is specified for the event condition and the target (host targeted by the command).

Note that an event condition is determined to be not satisfied when no host exists in the specified business group.

You can specify the name of the execution host (command execution target host) when an automated action is executed, action results are displayed, a command button is defined, or a command is executed. The following shows example specifications of paths.

Example: When specifying a host in the business group Personnel system for an event condition:: /Personnel system
Example: When specifying the monitoring group AP server in the business group Personnel system for an event condition:: /Personnel system/AP server

After a business group or monitoring group is applied, the name of the business group or monitoring group specified in the definitions below in the Central Console is changed to the latest name. Note that, if a business group or monitoring group is deleted, the name (specified in the Central Console) of the business group or monitoring group changes to a double slash (//) and is invalidated.

Severe event definition
Event search conditions
Event acquisition filter (common exclusion-conditions in extended mode)
Event receiver filter
View filter
Correlation event generation definition
Automatic action definition
Conditions for updating list of action results
Command button definition
Severity change definition
Display message change definition
Event-source-host mapping definition
Repeated event condition

To Page Top