Enable Read-Only Access to MCS Profiles
UIM now allows users to have read-only access to the MCS profiles. This ensures that only relevant users are allowed to perform the required operations on the profiles. To enable this functionality, a new permission (MCS Read-Only Access) is now available. Users with this permission can only view the profile; they cannot edit, create, or delete it. You must add the permission to the ACL list.
Follow these steps:
- Add the permission (MCS Read-Only Access) to the ACL list.
- Access the primary hub and open the..\Nimsoft\probes\service\distsrv\base_acls.cfgfile in a text editor.
- Add the permission section to the file.The following snippet shows that the<MCS Read-Only Access>section is added to the file:<MCS Read-Only Access> name = MCS Read-Only Access desc = Read-only view access for any MCS profiles type = UMP access = read </MCS Read-Only Access>
- In Infrastructure Manager, navigate to the distsrv probe on the primary hub.
- With the distsrv probe selected, press Ctrl-P to open the probe Utility (pu).
- In the probe commandset, select theset_acl_initcallback with the parameter value asbase_acls.cfg. The callback updates thesecurity.cfgwith the ACLs; it does not delete or change any ACLs.The following screenshot shows the required information:
- In infrastructure manager, openSecurity, Manage Access Control List.
- Verify that the ACL list has the required permission added to it.
- Ensure that the write permission (OC Monitoring Configuration Service) is cleared and the read-only permission (MCS Read-Only Access) is selected for the user.
- Log in to the OC UI using the required user credentials.
- Access the MCS profile.
- Verify that the user can only view the profile information and configuration settings. Review the following points in the UI:
The following example screenshot shows that the add option is disabled for this user:The following example screenshot shows that the delete option and configuration settings are disabled:The same behavior is also applicable for the sub-profiles.
- User cannot add a new profile.
- User cannot edit the existing profile configuration settings.
- User cannot delete the existing profile.
You have successfully provided the read-only access to users for viewing the MCS profiles.