Subscribe

"Everyone" account in Ops Mgr 4.0

Customer would like to restrict access to users who are not logged into the system.  They are concerned about alarm emails sent to large distribution lists and they want to prevent users from being able to make changes on the system when they are not logged in. 

I would think they could do this by removing privileges to the "Everyone" account, but what would our recomemndation be for admins who want to lock down the system to users who are not logged in?  What roles/capabilities would be required to present a screen with no visibility into the Operations Manager GUI for users who are not logged in?  They would like to restrict visibility to system names, reports, events, etc...

Re: "Everyone" account in Ops Mgr 4.0

Hi christop,

Could you please elaboarate more on what the customer would allow/wants the not logged in users to view/do? Does removing privileges on "Everyone" help...am not sure if there are any recommendation  for it?

Regards,

-Amir

Re: "Everyone" account in Ops Mgr 4.0

HI,

1. Can you paste the output of "dfm user list"?

2. Yes, do not provide any roles for everyone. Any user who logs in through CLI will go through RBAC privileges except for Administrator and Domain Administrator of that server.

3. If other users are part of windows administrator group, then even if you remove all the roles from Everyone, through UI alone they can access everything. There is a BURT for this 257432 which is getting fixed in OnCommand 5.1 to provide enhanced security and much reliability.

Thanks,

  Arun

Re: "Everyone" account in Ops Mgr 4.0

Cool Arun,

Any ETA when OnCommand 5.1 will be GAed ?

Thanks & good w/e

Henry

Re: "Everyone" account in Ops Mgr 4.0

Hi,

You need to contact product mgmt for the ETA.

However beta release was done: https://communities.netapp.com/message/73291#73291

Thanks,

   Arun

Re: "Everyone" account in Ops Mgr 4.0

some more update, you can register for the beta program. check this out: https://communities.netapp.com/docs/DOC-15731

Re: "Everyone" account in Ops Mgr 4.0

Hello,

So there is no way to block Domain Admins and local administrator account from accessing OnCommand features?

Regards,

Pedro

Re: "Everyone" account in Ops Mgr 4.0

Hi

    As Arun, said earlier, this feature is coming in the next release of OnCommand namely5.1 if you would like to try this you can sign up for the beta.

Regards

adai

Re: "Everyone" account in Ops Mgr 4.0

Hi,

And what about the Everyone group, can I block its access to the OC console?

Best wishes,

Pedro Rocha.

Re: "Everyone" account in Ops Mgr 4.0

Yes you can.

Well, did you try the beta version yet. If you have installed the same, I could help you out with steps to do that.

Thanks,

  Arun