I was exploring the possibility of restricting the CMC access for some users. I browsed through multiple blogs, but couldn’t get a clear picture of achieving this.
So I tried on my own and made it work.
Here I would like to showcase the same, “How to restrict the CMC access to specific groups and users”.
As an example I want to restrict the user to see the list of “Servers”, but should not edit or delete any servers.
Go to CMC->Applications->Right-click Central Management Console and select CMC Tab Access Configuration -> Select the “Restricted” radio button and then Save.
Create a New User Group(say View_Admin_Group) under “User and Groups” and Right click this group->CMC Tab Configuration and Explicitly grant the permission to all the items. Please note that, if you want to deny some items, you can still do it here.
Go to “Servers”->Manage->Top-Level Security->All Servers-> Add Principals and Select the Group(View_Admin_Group), and add only the View and View On Demand Access Levels
This step is important and you can do similarly for Folders, Users and Groups, etc, based on the need. Here I am showcasing only for Servers
Create a new user say viewAdmin, and make him as a member of View_Admin_Group
Now login to BI CMC with this new user viewAdmin. This user has restricted access to CMC as you see he can access only few options like, Folders, Servers, Users and Groups, etc.
This user(viewAdmin) can see only few options defined in View and View on Demand Access Levels. But other user(who has all the rights), can see all the options including View,Delete, etc.
Hope this helps.
Feel free to share your comments.