2 Replies Latest reply on Nov 12, 2018 3:32 AM by Mark Francome

    Access to the planning domain

    Joseph Garito

      Hi!

       

      Looking in the config manager, em authorizations, user or group, which option grants access to the planning domain?

       

      As an admin, we have access. But looking to verify what other groups may have access. I have tested a few of the options from the privilege tab, but not sure which one it may be.

       

      Thank you,

       

      The main reason for this ticket is someone checked out a calendar causing a newday issue. We know where to limit calendar access, but also want to limit planning access.

       

      Thanks!

        • 1. Re: Access to the planning domain
          Paul Robins

          Hi Joseph,

          Unfortunately you can't limit access to the Planning domain, e.g. hide it from unauthorised users. It would be great if you could.

          All you can do is limit the access people have to the Planning functions to prevent them doing any damage!

          Regards,

          Paul.

          1 of 1 people found this helpful
          • 2. Re: Access to the planning domain
            Mark Francome

            There are security options on Control-M that can allow you to limit access to specific entities, these exist on the Control-M Server and the EM Authorisations.

             

            The Control-M Server settings can be somewhat complex and you should test first (and consider if it is worth the trouble). I would recommend going with the Enterprise Manager settings first (shown second here) and testing.

             

            Basically you would switch Control-M Server security "on" (via the main config menu in ctm_menu) and then use ctmsec to define access for the various groups (if you want everybody to stay with "unfettered" access then simply define groups as */*). Then in the ctmsec utility-

             

            +-----------------------------------------------+

            |     CONTROL-M SECURITY MAINTENANCE UTILITY    |

            |                   Main Menu                   |

            +-----------------------------------------------+

             

            1) User Maintenance

            2) Group Maintenance

            3) Scheduling Table Authorization

            4) Active Jobs File Authorization

            5) Entities Authorization

             

            q) Quit

             

            Select option 5 and limit the calendar access for the "problem" group there. This will not grey out the option in the GUI but it will stop unauthorised users from uploading changes.

             

            Alternatively (or in addition, if you really want to stop the users from doing this) you can change the access on the Enterprise Manager side (which can be completely separate from Control-M Server Security, depending on how you have configured the system) and do this from the CCM -

             

            Assigning a Calendar authorization

            This procedure describes how to assign a Calendar authorization for a Control-M/EM user or group, which enables you to limit the actions a user can perform on a calendar.

            To assign a Calendar authorization:

            1. From the Security tab, in the Security group, click Authorizations. class="listcontinue"
            2. Do one of the following:
              • If you want to define a Calendar authorization for a Control-M/EM user, select the Users tab and double-click the user that you want to apply an authorization.
              • If you want to define a Calendar authorization for a Control-M/EM group, select the Group tab and double-click the group that you want to apply an authorization.
            3. Select the Calendars tab and click Add. class="listcontinue"
            4. For each field, type or select the required value, as described in Calendar authorizations and then click OK. class="listnote"

             

            The settings are as follows -

             

            Calendar authorizations

            Calendar authorizations grant users access to specific calendars in Control-M and an authorization level for each calendar, as described in the following table:

            Field

            Description

            Access Level

            Determines one of the following access levels for each user and group:

            • None: Disables the user from viewing, adding, editing, and deleting objects in Control-M
            • Browse: Enables the user to view and refresh objects in Control-M
            • Update: Enables the user to add and edit objects in Control-M
            • Full: Enables the user to add, edit, and delete objects in Control-M
            • Default: Inherits the authorizations from the associated group

            Control-M Server

            Defines the name of the Control-M/Server (or Control-M for z/OS) that processes the job.

            Calendar

            Define the name of the calendar that the user has access to based on the access level.

            1 of 1 people found this helpful