Application and resource group permissions
Permissions can be assigned to individual applications and resource groups.
Application permissions
In Cloud APM, an application is a group of components and the instances within those components. Use the Add Application window to define an application. For more information on how to define an application, see Managing Applications.
- View
-
View permission for an application is dominant over any other permissions. To view an application, you do not need to be a member of a role that has view permission for each component and component instance within the application. The following table describes the actions that you can perform if you have view permission for an application:
Table 1. View permission for an application Action Permission available View all the supporting components within that application. View the application and its components in the navigation tree. View the application components in My Components. View customized dashboard pages that are associated with the application. Add or remove components from the application. Assign thresholds to the components of the applications. View the supporting components of an application in the Resource Group Manager.
- Modify
- If you are a member of a role that has modify permission for an individual application, you can
- Delete the application.
- Create customized dashboard pages in the Custom Views tab. See Custom views.
- Add or remove components and component instances by using the Edit
Application window. The components and component instances that are available to you in
the Edit Application window are filtered based on your role permissions. The
following components will be available:
- Components that you directly have permission to access in system resource groups and custom resource group
- Components that you indirectly inherited permissions from, based on other applications that you have modify permission to
Resource Group permissions
Use Resource groups to group components together by their type or purpose. For more information on how to create resource groups, see Resource Group Manager.
To select Resource Group Manager or to view resource group members in the My Components application, you also must be assigned view or modify permission for all resource groups or for individual resource groups.
, you must be assigned the Resource Group Manager view permission. To view resource groups in the- Custom defined resource groups
- Create custom resource groups in the Resource Group Manager. Use custom resource groups to group resources together based on their purpose.
- System resource groups
-
System resource groups are automatically defined as part of your Cloud APM environment setup. System resource groups cannot be created manually, deleted, or customized. Only the view permission is available for system resource groups, the modify permission is not available.
System resource groups are defined for each resource type at the time that the resource becomes known to the Cloud APM server. A system resource group exists for each resource type that is connected to the Cloud APM server.
Cloud APM agents are an example of a resource. For example, the first time you download, install, and start a Db2® agent, a system resource group called Db2 is created. This group contains all Db2 agents that are subsequently added to the Performance Management environment.
The system resource group for each resource type contains all the resources of that type including IBM Tivoli® Monitoring resources. If your environment has both IBM Tivoli Monitoring and IBM Cloud Application Performance Management, you can install the IBM Cloud Application Performance Management Hybrid Gateway to provide a view of agents from both domains. System defined resource groups contain agents from both domains. For more information, see Integrating with IBM Tivoli Monitoring V6.3.
Some system resource groups are based on subnode agents. While you can assign thresholds to system resource groups that are based on subnode agents, events are not displayed in the Application Performance Dashboard. Thresholds are assigned to system resource groups based on subnode agents for event forwarding. System resource groups based on subnode agents have the following description in the Resource Group Manager: 'members of this group cannot be added to an application and do not have events displayed in the Performance Management console'. For more information, see Resource Group Manager.