This is the final posting of the four part series describing how to use the custom groups to secure views within OpsMgr:
- Part 1: Creating Custom Groups (http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!1940.entry)
- Part 2: Using Custom Groups to create Views (http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!1969.entry)
- Part 3: Using Custom Groups with Subscriptions & One-Off Notifications (http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!2017.entry)
- Part 4: Using Custom Group to secure Views
This blog post uses custom groups created in the first part of this series with subscriptions and one-off notifications. To secure the views we use the groups created in part 1 of this series, combined with the views created in part 2, and the security group created in Part 3.
The first step is to create a user role for the members of this functional group. Create a new Operator role in the Administration node of the Operations Manager console by navigating to Administration -> Security -> User Roles. Right-click on the Operator role and choose the option to create a New User Role / Operator (this could also be an advanced operator, or read-only operator depending upon the capabilities you want this group to have).
The Operator Role is defined as <Function>< Admins>, and the group names used for the notification channel are added.
On the Group Scope page, limit the group to only show the members of the new functional security group previously created (Odyssey Security Servers).
Take the defaults for approving tasks, which indicate all tasks are automatically approved.
Now limit the views page to the folder (<_><Function>) and the views that were created in the folder.
A warning is displayed that if additional views are created, the wizard will need to be re-run to add permission to the new view.
Next, the Create User Role Wizard – Operator Profile summary screen shows the options chosen, and pressing the Create button creates the user role.
With the configuration now complete, when a member of the security group logs in they will see only the pieces of the Operations Manager console they have permission to see, which with this configuration shows only the pieces that they are responsible for!
The end-result of this process is a customized set of views and notifications providing a targeted list of the systems important to the particular group, with a high impact targeted set of notifications when alerts occur that impact the systems within these views.
Using the approach discussed in this series you can effectively carve up the Operations Manager console to only show information relevant to a set of server owners, and provide notifications of critical alerts for just those servers to the same server owners. This targeted approach increases adoption of Operations Manager by simplifying the user experience and decreasing noise by providing just the critical alerts to the appropriate server owners.