As far as I understand that, yes you are correct.
Redundant groups if you need the "same" group for different accounts, and to make it funny... different names if I remember right
Original Message:
Sent: Sep 20, 2024 03:17 PM
From: Reinaldo Rivero
Subject: Operator Console Group for several accounts
Hi,
I did the test in a laboratory environment. From a net_connect probe I started monitoring some devices (which is the particular case of the customer), and changed the Origin of the robot carrying the probe.
I created an account in the Operator Console with only that origin, and a user to test.
On the OC groups side, I created a group with no account assigned but grouping the devices with that new Origin.
When I log in with the created user, in the Inventory I see the devices monitored by the net_connect probe plus the host that contains the probe, by the Origin, but, at the group level it does not see the created group that groups those devices. The only way to see the group is that, it is assigned.
So, I understand that if I wanted different accounts to see "the same group", I would have to create the same group for each of the accounts.
Or am I wrong?
------------------------------
Reinaldo Rivero
IT Consultant @ IT Business Solutions DEF
Original Message:
Sent: Sep 19, 2024 12:47 AM
From: Matthias Gruber
Subject: Operator Console Group for several accounts
But keep in mind, that Maintenance Windows are kept by the Account and are not "shareable/viewable", if Account A builds a Maintenance, Account B is not able to see them, despite they have access to the same origin.
cheers
Matthias
Original Message:
Sent: Sep 18, 2024 11:18 AM
From: Stephen Danseglio
Subject: Operator Console Group for several accounts
Hi Reinaldo,
Access to the data including visibility is controlled via Origin(s).
The segregation of data and viewable contexts in the Operator Console only happens through origin-based distinction, using the origins specified in the account ownership.
Example:
In order to separate out groups of devices/hosts you need to use Account Contact users and not NimBUS (administrative) Users.
- In Account Admin you would need to create an account, e.g. "GroupA"
- also in Account Admin you would create an ACL for this group, like "GroupALDAPACL" and give the appropriate level of permissions for the users in that group
- next in Account Admin you would link that ACL to a specific LDAP group; now, users who log into UIM who are part of that LDAP Group will be assigned this ACL and be treated as members of this Account
- next in Operator Console you would log in as the administrator and create a new group. Set the appropriate filters to capture the devices that you are interested in, and choose the account (e.g. "GroupA") at the top of the group creation screen - this will limit this particular group so that only members of the assigned account can 'SEE' it.
- You would have to repeat this process for each different LDAP group, creating a unique Account and unique ACL for each one which would then be used to link the LDAP Group to the account.
Steve
------------------------------
Steve Danseglio
Technical Support Engineer 4 | IMS Division
UIM Certified Expert
KCSv6 Practices Certified
Certified Customer Success Manager (CCSM) Level 1
Original Message:
Sent: Sep 18, 2024 11:10 AM
From: Reinaldo Rivero
Subject: Operator Console Group for several accounts
Is it possible to have one OpConsole group for several accounts, or is it mandatory to create a group for each account even when the groups will have the same devices.
We would like to assign a group for two or more OpConsole accounts but not for all accounts because we don't want everyone to be able to see it.
Best regards,
------------------------------
Reinaldo Rivero
IT Consultant, Software Implementor
------------------------------