Skip to Content
Author's profile photo Muralikrishnan Ethiraj

How to restrict the CMC Tab access for specific user or group

Hello Everyone,

I was exploring the possibility of restricting the CMC access for some users. I browsed through multiple blogs, but couldn’t get a clear picture of achieving this.

So I tried on my own and made it work.

Here I would like to showcase the same, “How to restrict the CMC access to specific groups and users”.

As an example I want to restrict the user to see the list of “Servers”, but should not edit or delete any servers.


Step 1:

Go to CMC->Applications->Right-click Central Management Console and select CMC Tab Access Configuration -> Select the “Restricted” radio button and then Save.


Step 2:

Create a New User Group(say View_Admin_Group) under “User and Groups” and Right click this group->CMC Tab Configuration and Explicitly grant the permission to all the items. Please note that, if you want to deny some items, you can still do it here.


Step 3:

Go to “Servers”->Manage->Top-Level Security->All Servers-> Add Principals and Select the Group(View_Admin_Group), and add only the View and View On Demand Access Levels

This step is important and you can do similarly for Folders, Users and Groups, etc, based on the need. Here I am showcasing only for Servers


Step 4:

Create a new user say viewAdmin, and make him as a member of View_Admin_Group


Now login to BI CMC with this new user viewAdmin. This user has restricted access to CMC as you see he can access only few options like, Folders, Servers, Users and Groups, etc.


This user(viewAdmin) can see only few options defined in View and View on Demand Access Levels. But other user(who has all the rights), can see all the options including View,Delete, etc.


Hope this helps.

Feel free to share your comments.




Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Biswajit Biswas
      Biswajit Biswas


      Hi Murali,


      Thank you, I was looking for this for some time. Also can you also add how to restrict applications?




      Author's profile photo Muralikrishnan Ethiraj
      Muralikrishnan Ethiraj
      Blog Post Author


      Hi Biswajit,

      This should be possible by going to the CMC->Applications->Selecting the respective application->User Security and then can restrict there.




      Author's profile photo Former Member
      Former Member


      I am trying to created a restricted access for a principal but the restrict/unrestrict option is dimmed out in CMC.  I am part of the admin group.  Am I missing some rights?

      See attached image.




      Author's profile photo James Zhang
      James Zhang

      If it's grayed out, you may need to change this setting as the Administrator user itself.

      Author's profile photo Noel Scheaffer
      Noel Scheaffer

      Very nice article. Very helpful.


      Author's profile photo Hetal Kataria
      Hetal Kataria


      We have a similar req where the user needs access only to Isntance Manager. But following the above step, instance manager is still not visible. when we grant the access from users group CMC tab config