Roles are collections of permissions that you can assign to users and groups.
Tivoli Netcool/OMNIbus provides a number of default roles. You can also create custom roles for association with users and groups. The default roles are described in the following table.
| Role name | Description |
|---|---|
| CatalogUser | This role includes permissions to view information
about system, tools, security, and desktop database tables. This role provides a basis for Tivoli Netcool/OMNIbus permissions. This role does not provide sufficient permissions to use any Tivoli Netcool/OMNIbus applications. Assign this role to all groups. |
| AlertsUser | This role includes the following permissions:
Use this role together with the CatalogUser role, to display and manipulate alerts, create filters and views, and run standard tools in the event list. |
| AlertsProbe | This role includes permissions to insert and
update entries in the alerts.status table, and insert entries in the
alerts.details table. This role, in combination with the CatalogUser role, provides the permissions that a probe needs to generate alerts in the ObjectServer. Grant these permissions to any user that runs a probe application. |
| AlertsGateway | This role includes permissions to insert, update,
and delete entries in the alerts.status table, alerts.details table,
alerts.journal table, alerts.conversions table, alerts.col_visuals
table, alerts.colors table, the desktop tools tables, and
the tables in the transfer database. The transfer database
is used internally by the bidirectional ObjectServer Gateway to synchronize
security information between ObjectServers. This role also includes permissions to select, insert, update, and delete entries in the master.servergroups table, and permissions to raise the following signals: gw_counterpart_down, gw_counterpart_up, gw_resync_start, and gw_resync_finish. This role, in combination with the CatalogUser role, provides the permissions that a gateway needs to generate alerts in the ObjectServer. Grant these permissions to any user that runs a gateway application. |
| DatabaseAdmin | This role includes permissions to create databases
and files, and to create tables in the alerts, tools,
and service databases. This role also includes permissions
to modify or drop the alerts.status, alerts.details, and alerts.journal
tables, and permissions to create and drop indexes in the alerts.status,
alerts.details, and alerts.journal tables. This role, in combination with the CatalogUser role, provides permissions to create relational data structures in the ObjectServer. |
| AutoAdmin | This role includes permissions to create trigger
groups, files, SQL procedures, external procedures, and user signals.
This role also includes permissions to create, modify, and drop triggers
in the default trigger groups, and to modify or drop default trigger
groups. This role, in combination with the CatalogUser role, provides permissions to create automations in the ObjectServer. |
| ToolsAdmin | This role includes permissions to delete, insert,
and update all tools tables. This role, in combination with the CatalogUser role, provides permissions to create and modify tools that can be run from the desktop and Netcool/OMNIbus Administrator . |
| DesktopAdmin | This role includes permissions to update all
desktop catalogs to insert, update, and delete colors, visuals, menus,
classes, resolutions, and conversions. This role, in combination with the CatalogUser role, provides permissions to customize the desktop. |
| SecurityAdmin | This role, in combination with the CatalogUser role, includes permissions to manipulate users, groups, and roles by using Netcool/OMNIbus Administrator or the SQL interactive interface. This role also includes permissions to set properties and drop user connections. |
| ISQL | This role, in combination with the CatalogUser role, includes permission to view ObjectServer data by using the SQL interactive interface. |
| ISQLWrite | This role, in combination with the CatalogUser role, includes permissions to view and modify ObjectServer data by using the SQL interactive interface. |
| SuperUser | This role has all available permissions. You cannot modify the SuperUser role. |
| Public | All users are assigned this role. By default, the Public role is not assigned any permissions. You can modify, but not drop, the Public role. |
| ChannelAdmin | This role includes permissions to set up channels for accelerated event notification. |
| ChannelUser | This role includes permissions to receive and act on notifications for accelerated events that are broadcast over channels. |
| RegisterProbe | This role includes permissions to add and update entries in the registry.probes table. It must be assigned to all probe user accounts. |
| RegistryReader | This role includes permissions view data in
the registry.probes table. This role does not include permission to modify data in the registry.probes table. |
| RegistryAdmin | This role includes permissions to view, modify,
add, and delete data in the registry.probes table. This role is intended for system administrators only, to enable them to fix unexpected problems with probe registration. |