How can I set Control-M/Enterprise Manager Authorizations so that specific users or members of specific groups can only see certain jobs?

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Control-M/Enterprise Manager


    COMPONENT:

    Control-M/Enterprise Manager


    APPLIES TO:

    BMC Control-M/Enterprise Manager 8.0.00, 9.0.00



    QUESTION:

    - How can I set Control-M/Enterprise Manager Authorizations so that specific users or members of specific groups can only see certain jobs?
    - How to set up Control-M/Enterprise Manager Authorizations to filter which jobs given Control-M users can see in the Planning and Monitoring domain?
    - Why is the Control-M/Enterprise Manager User able to view all folders and jobs in the Planning Domain but not in the Monitoring Domain?


    ANSWER:

    To filter certain jobs and folders a Control-M/Enterprise Manager user allow to see in the Planning Domain:
    - This authorization is done on the "Folders" tab of the Authorizations dialog for the given user or group.
    - These permissions are authorized at the folder level.
    - In order for a user to be able to see a specific folder in the Planning domain, a line must be defined as required in the "Folders" tab of the User or Group Authorization that the user belong to.
    - A "Browse" permission will be sufficient for the user to see the jobs.
    - For more detail on these permissions, see our online documentation.
    - In the following example, the user "test" is authorized to:
       1. Access to browse any folder that contains "ABC" or "DEV"
       2. Any permissions granted to groups of which the user "test" is a member.

        User Authorizations: test Folders

    To filter certain jobs and folders a Control-M/Enterprise Manager user allow to see in the Monitoring Domain:
    - This authorization is done on the "Active" tab of the Authorizations dialog for the given user or group
    - These permissions can be done at a more granular level than the folder level.
    - Under "Displayed Jobs and Folders", click the "Filter..." button to specify the criteria to determine whether or not the given entity should be able to see that job in the Monitoring domain.
    - The permissions specified in the "Actions" section will apply to all of the jobs that match the criteria specified in the filter defined above.
    - For more detail on these permissions, see our online documentation.
    - In the following example, the user "test" is authorized to:
       1. Perform all of the "Browse" actions to all jobs in the "Finance" Sub Application for which Critical is not True
       2. Any authorizations granted to any groups of which the user "test" is a member

        Jobs and Folders Filter Definition

    Additional Information:
    - In order to give a user authorization to perform different sets of actions on different sets of jobs, make multiple groups have that user as a member.
    - Each group can grant a specific set of actions to a specific set of jobs, and the user will get the union of all of the authorizations from all of the groups of which the user is a member.
    - For more information on Active authorizations, please see the following section in our online documentation.


    Article Number:

    000116452


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles