Skip to Content

How to restrict the CMC Tab access for specific user or group

Hello Everyone,

I was exploring the possibility of restricting the CMC access for some users. I browsed through multiple blogs, but couldn’t get a clear picture of achieving this.

So I tried on my own and made it work.

Here I would like to showcase the same, “How to restrict the CMC access to specific groups and users”.

As an example I want to restrict the user to see the list of “Servers”, but should not edit or delete any servers.


Step 1:

Go to CMC->Applications->Right-click Central Management Console and select CMC Tab Access Configuration -> Select the “Restricted” radio button and then Save.


Step 2:

Create a New User Group(say View_Admin_Group) under “User and Groups” and Right click this group->CMC Tab Configuration and Explicitly grant the permission to all the items. Please note that, if you want to deny some items, you can still do it here.


Step 3:

Go to “Servers”->Manage->Top-Level Security->All Servers-> Add Principals and Select the Group(View_Admin_Group), and add only the View and View On Demand Access Levels

This step is important and you can do similarly for Folders, Users and Groups, etc, based on the need. Here I am showcasing only for Servers


Step 4:

Create a new user say viewAdmin, and make him as a member of View_Admin_Group


Now login to BI CMC with this new user viewAdmin. This user has restricted access to CMC as you see he can access only few options like, Folders, Servers, Users and Groups, etc.


This user(viewAdmin) can see only few options defined in View and View on Demand Access Levels. But other user(who has all the rights), can see all the options including View,Delete, etc.


Hope this helps.

Feel free to share your comments.




You must be Logged on to comment or reply to a post.

      Hi Biswajit,

      This should be possible by going to the CMC->Applications->Selecting the respective application->User Security and then can restrict there.




      • Murali

        I am trying to created a restricted access for a principal but the restrict/unrestrict option is dimmed out in CMC.  I am part of the admin group.  Am I missing some rights?

        See attached image.




  • Hi,

    We have a similar req where the user needs access only to Isntance Manager. But following the above step, instance manager is still not visible. when we grant the access from users group CMC tab config