Free 30 Day Trial
Find the root-cause of your cloud, hybrid-cloud
or on-prem performance issues
|
||
|
In large enterprises, the IT staff have clearly demarcated roles and responsibilities. The help desk staffs are responsible for handling user complaints and their main concern when a user calls about a problem is to determine whether the user call pertains to a problem that the other operations staff is already working on. The domain experts and service managers are responsible for the early detection, diagnosis and fixing of problems with the networks, servers, applications, and services they control. While the domain experts are interested in the detailed performance metrics relating to the IT infrastructure, the executive managers are interested in high-level service level reports that detail if the IT infrastructure is meeting the service expectation of their users. To support these varying requirements of the IT operations staff, eG Enterprise supports different user roles. The user roles define the rights and responsibilities that any user of the eG Enterprise system has. Each user in the eG Enterprise system is assigned a user role.
By default, the Enterprise deployment of eG embeds two users namely, admin and supermonitor. The admin user reserves the administrative rights to the monitored environment, and also receives an unrestricted view of the monitored environment. Only users with the privileges of the admin user can add new users or new roles to the eG Enterprise system. The supermonitor user cannot perform administrative tasks, but is authorized to monitor the performance of the entire environment.
Similarl to default users, a set of default roles are also available for use in the eG Enterprise system. These default roles are different for different deployments of eG Enterprise - i.e., by default, a few additional roles are available only for the Enterprise deployment of eG, as compared to the SaaS deployment.
Roles also vary with entity type. By default, the SaaS deployment of eG Enterprise system supports the following entity types:
Organization: An MSP for instance, can configure each of their customers as tenant Organizations in the eG Enterprise system. Likewise, a Cloud Service Provider can configure every cloud consumer as a tenant Organization. In the case of our example, we will be configuring a banking customer of an MSP as a tenant Organization.
User: These are individual users who can belong to an Organization or an Organizational Unit. In the case of our example, we will be configuring one member of the Retail Banking Organizational Unit of the banking Organization as a User.
In contrast, the Enterprise deployment supports only the Organizational Unit and User entities. By default, a Default Organization pre-exists to which new organizational units and/or users can be added.
Let us first look at the default user roles. To view the default roles, do the following:
From the User Management tile, select the Roles menu option. Figure 1 will then appear.
As can be inferred from Figure 1, the pre-defined roles tab page of the user roles page opens by default. This tab page displays the default roles pre-defined by the eG Enterprise system. These are as follows:
OrgAdmin: This role allows an entity to administer and monitor a limited set of infrastructure elements alone. In other words, any entity who is assigned this role will be allowed access to the eG admin interface, so they can download and install agents for monitoring those components that have been explicitly assigned to them by the administrator, discover and manage such components, and configure tests, thresholds, and alarm policies for these components. The role also enables the entity to build new segments, services, groups, and zones for monitoring using the assigned components. The entity can also login to the eG monitoring console to understand the performance and problems pertaining to the components, services, segments, and zones that are part of their specific monitoring scope. The role also allows the entity access to the Configuration Management interface, but does not authorize them to create, modify, or delete additional users/entities/roles.
AlarmViewer: This role can only be assigned to the Entity type, User. This role is ideal for help desk personnel. The users vested with AlarmViewer permissions can login to the monitor interface, and perform the following functions:
View feedback history
Like Monitor users, users with this role can only monitor the components assigned to them.
If too many roles are listed in this page, you can quickly search for a particular role using the Search text box in this page. Specify the whole/part of the role name to search for in the Search text box. All role names that embed the specified string will then appear in this page (see Figure 2).
To view the details of a default role, click on the button corresponding to that role. Figure 3 will then appear displaying the rights and privileges of that role.
Figure 3 : Viewing the details of a role
Roles that have already been assigned to specific users are highlighted by a ‘+’ symbol preceding the role names. If you want to view the users who have been assigned a role, click on the ‘+’ button that pre-fixes the role. This will expand the role to reveal the users (see Figure 4).
If you want to view at one shot, which users have been assigned which roles, just click the Show all users button next to the Search text box in Figure 4. To hide the users list that accompanies all roles, click on the Hide all users button next to the Search text box in Figure 5.
To add a new user for a role, just click the Add User icon corresponding to that role in Figure 5. This will lead you to the add user page, where you will find the chosen role automatically displayed against the User role list. You can then proceed to create a new user who is assigned that role.
To add a new role on the other hand, follow the steps below:
First, switch to the user defined roles tab page by clicking on it. If any custom roles pre-exist, they will be listed in that appears. If no custom roles exist, then a message to that effect will be displayed here. To create a new role, click the Add New Role button in Figure 6.
Figure 6 : The User Defined Roles tab page indicating that no custom roles pre-exist
Figure 7 will then appear.
In any monitored environment typically, administrators alone have the right to make configuration changes using the eG administrative interface. Monitor users on the other hand have no access to the administration console. In SaaS deployments such as MSP environments particularly, multiple MSP customers - i.e, tenants - may use the same eG Enterprise manager for their monitoring. These customers would require 'self-service' capabilities - i.e., they will need the ability to install and configure the eG agents their environment requires, track agent status as and when needed, manage the components in their environment, group components based on the needs of their infrastructure, and configure the monitoring of these components by way of configuring tests, defining thresholds, and setting maintenance policies. Additionally, some customers may also need the ability to create additional tenants for their environment and audit the activities of these tenants. To address such requirements, eG Enterprise includes the capability to configure users with limited administration rights. For instance, a separate role can be created to allow monitor users with just the permissions to configure tests that should be executed on their servers, or to change the thresholds that can be applied for monitoring their servers. This is why, as soon as the Limited option is chosen, all the check boxes except the User Management, Component Management, Segment Configuration, Service Configuration, Zone Configuration, Group Configuration, Agent Test Configuration, Agent Threshold Configuration, and Maintenance Policy Configuration , External/Remote Agent Configuration, and Audits check boxes, are grayed out in the Admin section of Figure 7. This implies that you can only assign the following administrative rights to that user role:
On the other hand, if the Complete option is chosen, it implies that the user role has access to all the monitored elements in the infrastructure, and can be granted any administrative/monitoring privilege as the administrator deems fit.
Finally, click the Update button. Figure 1 will then appear, displaying the newly added role.
Figure 8 : The newly created role being displayed in the list of roles
Note that while the PRE-DEFINED ROLES can neither be deleted nor modified, the user-defined role that was newly added can be modified by clicking on the Modify icon (i.e., the ‘pencil’ icon) corresponding to that role in Figure 1. To delete a particular role, use the Delete icon (i.e., the ‘trash can’ icon) against that role in Figure 8. However, note that if any of the user-configured roles has been assigned to any new user registered with the eG Enterprise system, then such roles cannot be deleted; therefore the Delete icon corresponding to such roles will be disabled. You can even create a new user for a role instantly, by clicking on the Add User icon corresponding to that role. This will lead you to the add user page, where you will find the chosen role automatically displayed against the User role list. You can then proceed to create a new user who is assigned that role.
Note:
User-defined roles can only be associated with the entity type, User. In other words, these custom roles will not be available to the Organization or Organizational Unit entities.