4.1 Operations Center and Dashboard Interaction

User and group accounts from the Operations Center server are leveraged by the Dashboard to give users access to the Dashboard portal pages and Operations Center data via the Dashboard portlets. Limited status information on specific elements can be seen using the Public User End View portlet without logging into the Dashboard.

Operations Center and the Dashboard use the same user and group accounts. User accounts are organized into groups that exist both in Operations Center and in the Dashboard.

Because the same user accounts are used by both Operations Center and the Dashboard, actions performed on a user account in the Dashboard impact the account in Operations Center and vice versa.

While actions performed on user groups in Operations Center impact the groups in the Dashboard, the reverse is not true. Because of this, groups in the Dashboard can be organized into a different structure designed to follow your corporate hierarchy.

User accounts can be managed (created and edited) by administrators and by users themselves.

User accounts have different permissions in the Dashboard and Operations Center. The permissions in Operations Center determine the Operations Center content that the user can access in the Dashboard. Permissions to administer the dashboard, must be set in the Dashboard control panel.

4.1.1 Understanding User and Group Synchronization

Both user accounts and groups are synchronized between the Operations Center server and the Dashboard. There are two accounts in the Operations Center server that have a special use in the Dashboard: admin and guest.

During the first synchronization (on initial Dashboard server start up), all users and groups from the Operations Center server are imported into the Dashboard, setting up the same user/group associations in the Dashboard. Subsequent synchronizations vary based on whether the action is on a user account or group and where the action is taken.

Any Admin accounts imported from Operations Center, must be given Dashboard administrative permissions from the Dashboard control panel. For example, after the initial synchronization of accounts, give the Admin group administrative permissions in the Dashboard.

Table 4-1 details the action or location of a user or group and the resulting synchronization:

Table 4-1 User/Group Synchronizations

Action/Location

Result

User account actions in Operations Center

Users updated/deleted in Operations Center are updated/deleted in the Dashboard during the next synchronization.

User account actions in the Dashboard

The following actions taken in the Dashboard immediately have the same effect on the Operations Center server:

  • Add, edit, or delete user accounts

    New users accounts are automatically added to the users group in the Operations Center server.

  • Change user account settings

    For important information about passwords, see Section 4.2.3, Understanding Password Policy.

The following actions in the Dashboard have no corresponding effect in the Operations Center server:

  • Deactivate users

  • Restore users

Group actions in Operations Center

Users removed from groups in the Operations Center server are removed from groups in the Dashboard during the next synchronization. Groups deleted in the Operations Center server are removed from the Dashboard during the next synchronization. This default behavior can be changed in Updating Access Control Synchronizer Settings.

Group actions in the Dashboard

Groups that are deleted in the Dashboard are not deleted in Operations Center. Changes made to group membership in the Dashboard are not made to groups in Operations Center. Any groups created in the Dashboard are not maintained and are automatically deleted by the Dashboard.

Dashboard user profiles are assigned a default time zone based upon a global setting in the system-ext.properties file. For more about the time zone setting, see Section 2.2.4, Verifying the Dashboard Default Time Zone for User Accounts. Users can later update this selection manually in their control panel.

4.1.2 Updating Access Control Synchronizer Settings

The first time that the Access Control Synchronizer runs (on initial Dashboard server start up), all the user accounts and groups from the Operations Center server are downloaded to the Dashboard, except those user accounts that have Web access restricted.

The Access Control Synchronizer continues to synchronize with the Operations Center server at specified intervals to maintain all users and groups. When each user logs into the Dashboard, their user account is automatically synchronized.

To update synchronization settings:

  1. Open the /OperationsCenter_Dashboard_install_path/server/webapps/ROOT/WEB-INF/classes/portal-ext.custom.properties file in a text editor.

    For more information about the portal-ext.custom.properties file, refer to Section 3.9, Understanding Portal Properties Files.

  2. Add and update synchronizer properties as required:

    mo.acl.synchronizer.enabled: Enables the synchronization of users and groups between Operations Center and the Dashboard. Default is True.

    mo.acl.synchronizer.interval: The time, in milliseconds, between each synchronization. Default is 300000, which equates to every 5 minutes.

    Because the synchronizer synchronizes all accounts, consider the number of Operations Center users and groups as well as how often user and group information changes when setting this property.

    mo.acl.synchronizer.on.login.enabled: Enables the synchronization of all user accounts whenever any user logs in. If enabled, the login process could take longer depending on the number of Operations Center users. If set to False, only the user’s account is synchronized on login.

    mo.acl.synchronizer.keepUserGroupSynchronized: If enabled, actions taken on groups in Operations Center are also taken on groups in the Dashboard the next time synchronization runs. If set to False, groups are update with changes from the Operations Center server.

  3. Restart the Dashboard server for the changes to take affect. For more information, see Section 2.3.1, Starting the Dashboard.

4.1.3 Understanding the Use of the Default Admin Account

The Dashboard uses the default admin account to communicate with the Operations Center server. This account must have full privileges in Operations Center. The guest account in Operations Center is also used. For more information, see Section 3.5, Changing the Dashboard Account for Persistent Connection.

4.1.4 Understanding Access and Permissions for User Accounts

Because the Dashboard and Operations Center use the same user accounts, they are subject to two different sets of permissions in the Dashboard as follows:

  • Dashboard Permissions: These are relevant to all functionality in the Dashboard.

    When user accounts are created in the Dashboard and thus added to the Operations Center server, the user is automatically added to the users group in the Operations Center server and receives all permissions assigned to the users group. These accounts are automatically set to have restricted access to the Operations Center console. This means that the user can only log in to the Dashboard or another Operations Center Web client; the user cannot log in to the Operations Center console. For more information on how access is restricted, see the Operations Center Security Management Guide.

    Any Admin accounts imported from Operations Center, must be given administrative accounts in the Dashboard, to administer the Dashboard. For example, after the initial synchronization of accounts, you can give the Admin group administrative permissions in the Dashboard.

  • Operations Center Permissions: These are relevant for determining the data in the Operations Center server that the user can access.

    Operations Center permissions cannot be changed in the Dashboard. To change permissions to Operations Center, you must access the permissions in the Operations Center console. For more information on permissions in Operations Center, see the Operations Center Security Management Guide.

    When user accounts are added in Operations Center and given access to the portal, these users are automatically assigned to the users group in the Dashboard and are assigned to two roles: User and Power User. For more information on these roles, see Section 12.1, Assigning Permissions Using Roles.