Role Rights

Role rights determine the types of views that users can see, the administrative features that they can change, and whether they can export data.
capm370
Role rights determine the types of views that users can see, the administrative features that they can change, and whether they can export data.
Administrators can grant rights to users by editing their role. The Edit Role dialog lists role rights that are currently assigned to roles. The Manage Users page shows the role that is assigned to each user.
Role rights also include menus. You can grant access to selected custom and predefined menus by editing role rights.
Do not remove the administrative role rights from your primary administrator account. Administrative access to the console is required.
Administrative Role Rights
The following role rights give users access to administrative features. Limit the number of users with these role rights for increased security.
Several role rights are limited to the Administrator role. Copying the Administrator role does not give the same role rights to the new role.
  • Create DA Threshold Profiles
    Lets users define and configure threshold profiles. Users can only edit the profiles that they created. Unlike the Administer DA Threshold Profiles role right, this role right does not allow users to configure profiles that other users created, or to transfer ownership of profiles.
  • Administer Data Sources
    Lets users register new data sources, test data source connections, view data source status, change data source parameters, and remove data sources. Also lets users view the data source log.
  • Administer Groups Owned by You
    Lets users without full administrative rights manage a specific branch of the Groups tree. With this role right, users can create, change, and delete groups only in the specified branch. The Administrator role and the Tenant Administrator role have this role right by default, allowing administration of All Groups and the Tenant root group, respectively.
    Only the Administrator and the owner (creator) of the groups in the administered branch can delete and modify groups in that branch. When an administered group is a child of another group, the administered group is deleted when the parent group is deleted. Administered groups are not deleted when the user account of the owner is deleted.
    Assign this role right to users who should not have full administrator rights to the Groups tree, but instead require limited, branch-specific administrator rights. In some organizations, this user is a 'power user' or a 'super user.'
    Do not confuse the 'Administer Groups Owned by You' role right with the 'My Custom Groups' feature, which is simply a tool that lets users organize the groups to which an administrator has granted them access. 'My Custom Groups' does not provide administrative rights to a specific branch of the Groups tree.
  • Administer Groups Owned by You and Others
    Lets users without full administrative rights manage the branch of the Groups tree that they have the rights to administer. With this role right, users can create, change, and delete groups in the branch that they or other users created. The Administrator role and the Tenant Administrator role have this role right by default, allowing administration of All Groups and the Tenant root group, respectively.
  • Administer IP Domains
    Lets the user manage IP domains.
  • Administer Life Cycle
    Lets the user change the state of devices.
  • Administer Maintenance Indicators
    Lets users manage maintenance indicators.
  • Administer Menus
    Lets users create, edit, and delete menus. This role right is required to assign new dashboards to menus. To assign menus to user accounts, the 'Administer Roles' role right is required.
  • Administer Roles
    Lets users create, edit, and delete user account roles. Lets users assign new menus to user accounts by editing roles.
  • Administer Shared Dashboards
    Lets users manage their own dashboards and the dashboards of other users. Users with this role right can edit an existing dashboard page and can save changes that are visible to other users.
    • To create a dashboard, the 'Create a Dashboard' role right is required.
    • To assign a dashboard to a menu, the 'Administer Menus' role right is required.
  • Administer SNMP Profiles
    Lets the user manage SNMP profiles.
  • Administer Tenants
    Grants users administrative rights over the tenants that are selected in the user wizard. Users with this role have the rights to administer certain tenants, but have limited access to the default tenant. This role is only used in multi-tenant environments. Tenant administration includes the ability to manage:
    • Users
    • Menus
    • Dashboards
    • Views
  • Administer Users
    Lets users create, edit, and delete user accounts. Lets users assign new roles to user accounts.
  • Create DA Threshold Profiles
    Lets users define and configure threshold profiles. Users can only edit the profiles that they created. Unlike the Administer DA Threshold Profiles role right, this role right does not allow users to configure profiles that other users created, or to transfer ownership of profiles.
  • Create a Dashboard
    Lets users create new dashboards and populate them with views. Other users cannot see these dashboards. To create dashboards for other users, the 'Administer Shared Dashboards' role right is required.
  • Create Notifications
    Lets users configure email notifications using the Create/Edit Notifications wizard from the Administration, Notifications menu. Notifications are not supported for all data sources.
    To create notifications, the user also requires access to the Event Manager data source.
  • Create On-Demand Report Templates
    Lets users create, edit, and delete on-demand report templates. This role right is always assigned together with the Run On-Demand Report Templates right. Users can save on-demand report templates at the user level, which allows only the user to view the templates.
  • Save On-Demand Report Templates for All Users
    Lets the user save On-Demand report templates that are visible to all users. This role right is always assigned together with the Create On-Demand Report Templates and Run On-Demand Report Templates right.
  • Delete Data Sources
    Lets a user with the Administrator role delete (unregister) a data source. This role right is not assigned to any user or role by default, and can only be assigned to the Administrator role.
  • Drill from Views into DA Admin Page
    Lets a user access the Data Aggregator administrator page directly from a page that is associated with the Data Aggregator. For this role right to work properly, the user must also have the Administer Data Sources right. The ability to access the Data Aggregator administrator page is limited to views for Data Aggregator devices, interfaces, and components. Selecting a Data Aggregator interface or component causes the administrator page for the associated parent device to appear when clicking the gear button and Device Admin.
  • Edit Context Pages
    Lets users edit, delete, add, or reorder tabs on context pages. A context is a managed item, such as a device, router, switch, or an interface. A context page resembles a dashboard with a fixed context. Only the Designer and Administrator roles have this right by default.
  • Modify Device Alias
    Lets users modify the alias property for devices.
  • Modify Interface Alias
    Lets users modify the alias property for interfaces.
  • Modify Device IP Address
    Lets users modify the IP address property for devices.
  • Modify Interface Speed Overrides
    Lets users modify the speed override properties for interfaces.
  • Proxy Users
    Lets users log in as a selected user to view and verify user account settings.
  • Save Changes to Shared Views
    Lets users save edits that they have made to the views on a shared page. Other users who can see these views can see the changes if they are applied as a 'Default for All Users'. The changes can also be saved to the user account so that they persist after logout.
  • SNMP Clear Text
    Lets users troubleshoot SNMP profiles and view security information that is typically masked in clear text.
Role Rights for Dashboard and View Access
The following role rights give users access to reporting features. Most user accounts require these rights.
  • Drill into Data Sources
    Lets users navigate to the data source interface during drilldown to see detailed data from a selected item.
  • Drill into Views
    Lets users drill in to a context view to see detailed data from a selected item. This role right is required to enable the 'Edit Context Pages' role right.
  • Edit Shared Views
    Lets users edit the views on a shared page. Other users can see these views, but cannot see the changes. The changes can only be applied to the current login session or saved to the current user account.
  • Edit Time Zone
    Lets users edit their own time zone setting for data that are displayed in dashboards.
  • Run On-Demand Report Templates
    Lets users run on-demand report templates. This role right is always given together with the Create On-Demand Report Templates right. However, if the Create On-Demand Report Templates right is taken away, users do not lose the ability to edit and delete their on-demand dashboards. Users who have this right without the Create On-Demand Templates right can run on-demand report templates on the tenant level.
  • Run Dashboards at Higher Resolution
    Lets users select higher resolutions when viewing dashboards. No roles are given this role right by default. Users with this role right can set and save the resolution to higher values than are typically allowed when reporting for longer time ranges. When users save the higher resolution at the tenant level, it is only visible to users with this role right. To view the current report resolution settings, select
    Administration
    ,
    Report Resolution
    . The resolution settings cannot be modified on the Report Resolution page.
    The following resolutions apply when a user has the Run Dashboards at Higher Resolution role right:
    • As Polled Data
      Less than, or equal to, 31 days.
    • Hourly Roll-Up
      More than 31 days.
    • Daily Roll-Up
      More than 3 months.
    The following resolutions apply to a user without the Run Dashboards at Higher Resolution role right:
    • As Polled Data
      Less than 24 hours.
    • Hourly Roll-Up
      Less than 30 days, and more than, or equal to, 24 hours.
    • Daily Roll-Up
      More than, or equal to, 30 days.
  • View Conversations
    Lets users see specific client conversations.
  • View Groups Change Log
    Lets users see the table view that shows changes that are made to groups.
  • View Hosts
    Lets users see specific client host information.
  • View Item Display Name or Name Alias
    Lets users see the display names or the aliases for items.
    Users who are given this role right can select the name that appears in their dashboards and views in the My Settings, Display Settings menu item.
  • View Item Name Alias Only
    Lets users see only the aliases for items.
  • View Inventory and Search
    Determines whether users can access the Inventory tab and Search field to find items.
  • View Protocols
    Lets users view protocol information, where available.
  • View System Health Dashboards
    Lets users view system health dashboards that show information about the performance of
    CA Performance Management
    .
  • View ToS
    Lets users view the Type of Service information in applicable views.
Role Rights to Export and Print
The following role rights allow users to export dashboard data in various formats:
  • Export to CSV
    Lets users export the contents of a selected view to a file in comma-separated values (CSV) format.
  • Generate URLs for views
    Lets users share views externally with a URL.
  • Print a Dashboard
    Lets users export a dashboard page as a PDF, and to send it to a selected printer. This role right also lets users export a dashboard page to a CSV file.
  • Send Reports by Email
    Lets users export dashboards as reports, and to send them to other users in email messages from the console.
  • Send Reports on a Schedule
    Lets users set up schedules to export dashboards as reports, and to send them by email on a recurring basis automatically.
    This right also requires the 'Send Reports by Email' role right.