How to restrict the CMC Tab access for specific user or group
Hello Everyone,
I was exploring the possibility of restricting the CMC access for some users. I browsed through multiple blogs, but couldn’t get a clear picture of achieving this.
So I tried on my own and made it work.
Here I would like to showcase the same, “How to restrict the CMC access to specific groups and users”.
As an example I want to restrict the user to see the list of “Servers”, but should not edit or delete any servers.
Step 1:
Go to CMC->Applications->Right-click Central Management Console and select CMC Tab Access Configuration -> Select the “Restricted” radio button and then Save.
Step 2:
Create a New User Group(say View_Admin_Group) under “User and Groups” and Right click this group->CMC Tab Configuration and Explicitly grant the permission to all the items. Please note that, if you want to deny some items, you can still do it here.
Step 3:
Go to “Servers”->Manage->Top-Level Security->All Servers-> Add Principals and Select the Group(View_Admin_Group), and add only the View and View On Demand Access Levels
This step is important and you can do similarly for Folders, Users and Groups, etc, based on the need. Here I am showcasing only for Servers
Step 4:
Create a new user say viewAdmin, and make him as a member of View_Admin_Group
Now login to BI CMC with this new user viewAdmin. This user has restricted access to CMC as you see he can access only few options like, Folders, Servers, Users and Groups, etc.
This user(viewAdmin) can see only few options defined in View and View on Demand Access Levels. But other user(who has all the rights), can see all the options including View,Delete, etc.
Hope this helps.
Feel free to share your comments.
Rgds,
Murali
Hi Murali,
Thank you, I was looking for this for some time. Also can you also add how to restrict applications?
Regards,
Biswajit
Hi Biswajit,
This should be possible by going to the CMC->Applications->Selecting the respective application->User Security and then can restrict there.
Rgds,
Murali
Murali
I am trying to created a restricted access for a principal but the restrict/unrestrict option is dimmed out in CMC. I am part of the admin group. Am I missing some rights?
See attached image.
Thanks
Abdul
If it's grayed out, you may need to change this setting as the Administrator user itself.
Very nice article. Very helpful.
Thanks
Hi,
We have a similar req where the user needs access only to Isntance Manager. But following the above step, instance manager is still not visible. when we grant the access from users group CMC tab config