Network Manager user roles

Network Manager defines a number of default roles, which provide users with the ability to perform a predefined set of activities within Web applications.

Access to the Web applications and to functions within the Web applications depends on the roles that are assigned to users. Network Manager roles are usually assigned to users by using groups. Users can also have roles assigned to them from other products. After the administrator adds or removes roles, the revised function is not available to users until users log out and log back in to the Dashboard Application Services Hub.

Note: For information about the user roles that are defined by Cognos Analytics see the Cognos Analytics Knowledge Center at the following web address: https://www.ibm.com/support/knowledgecenter/SSEP7J.

The following table lists all the default roles that are defined by Network Manager.

Table 1. Network Manager roles
Role Assigned to group Description
ncp_bookmark_admin Network_Manager_IP_Admin User can modify network view bookmark permissions.
ncp_config Network_Manager_IP_Admin User can save any configuration changes that they have made.
ncp_config_editor Network_Manager_IP_Admin User can edit the following widgets.
  • Network Discovery Configuration
  • Configure NCIM Database Access
ncp_disco_config Network_Manager_IP_Admin User can view and edit the discovery configuration settings.
ncp_disco_config_alter_domain Network_Manager_IP_Admin User can change the domain for which they are configuring a discovery.
ncp_disco_editor Network_Manager_IP_Admin User can edit the Network Discovery Status widget.
ncp_disco_status Network_Manager_IP_Admin User can view the status of a discovery as it is running.
ncp_disco_status_control Network_Manager_IP_Admin User can start or stop the discovery, or run a discovery with same configuration settings. This role is ineffective without the role Network Manager IP Discovery Status.
ncp_disco_status_alter_domain Network_Manager_IP_Admin User can change the domain from which they are getting discovery status.
Note: Do not remove this role from discovery administrators.
ncp_event_analytics Not assigned to a group by default.

Enables Event Analytics right-click tools on devices in the topology graph.
ncp_gis Not assigned to a group by default.

User can open geographical views.
ncp_gis_admin Not assigned to a group by default.

User can edit portlet layout preferences in geographical views.
ncp_hopview Network_Manager_User User can access the Hop View.
ncp_hopview_editor Network_Manager_IP_Admin User can edit the Network Hop View widget.
ncp_manage_unmanage Network_Manager_IP_Admin User can set devices to managed and unmanaged status.
ncp_mibbrowser Network_Manager_User User can access the MIB Browser.
ncp_mibbrowser_config Network_Manager_User User can access the MIB Browser for configuration purposes.
ncp_mibbrowser_editor Network_Manager_IP_Admin User can edit the SNMP MIB Browser widget.
ncp_mibgraph_default_properties_config Network_Manager_IP_Admin User can change the MIB graph default properties. This role is ineffective without the following Network_Manager_User group roles: ncp_mibgraph_user, ncp_mibgraph_config, ncp_mibbrowser.
ncp_mibgraph_config Network_Manager_IP_Admin, Network_Manager_User Enables access to the SNMP MIB Graph widget and right-click tools.
ncp_mibgraph_editor Network_Manager_IP_Admin User can edit the SNMP MIB Graph widget.
ncp_mibgraph_user Network_Manager_User User can access SNMP MIB Graph.
ncp_monitor_policy Network_Manager_IP_Admin Enables access to the Configure Poll Policies widget, as well as access to the Create Poll Policy right-click tool.
ncp_monitor_editor Network_Manager_IP_Admin User can edit the following widgets.
  • Configure Poll Definitions
  • Configure Poll Policies
ncp_monitor_policy_alter_domain Network_Manager_IP_Admin User can select a domain other than the default for poll policies.
ncp_monitor_template  Network_Manager_IP_Admin User can create a new poll policy definition.
ncp_networkhealth_dashboard Network_Manager_User User can access the Network Health Dashboard.
ncp_networkhealth_dashboard_admin Network_Manager_IP_Admin User can edit Network Health Dashboard widgets.
ncp_networkview Network_Manager_User

User can access the Network Views and to display any of the following views:

  • User Views: Network views that are created by the user.
  • Group Views: Views that are assigned to the group or groups that this user belongs to.
  • Global Views: Views accessible to all users regardless of the group to which they belong.

Users with this role can not change the view layout, unless the administrator gives them access to the Hierarchichal, Symmetric, Circular, and Tabular layout buttons.

To enable users to change (but not save) the layout, set the topoviz.networkview.readonly.enablelayout=true option in the $NMGUI_HOME/profile/etc/tnm/topoviz.properties file.

To grant more permissions to users, assign a different role, such as ncp_networkview_admin_user.
ncp_networkview_admin_global Network_Manager_IP_Admin User can create, edit, partition, and delete Global Views. These are views accessible to all users regardless of the group to which they belong.

User can also perform Move operations on network views within the global views.

ncp_networkview_admin_group Network_Manager_IP_Admin User can create, edit, partition, and delete Group Views. These are views assigned to the group or groups that this user belongs to.

This role also allows the user to perform Move operations on network views within a group view collection.
ncp_networkview_admin_user Network_Manager_User

User can create, edit, partition, and delete their own set of network views. This role also allows the user to perform Move operations on network views within a user view.
ncp_networkview_admin_all_users Network_Manager_IP_Admin User can create, edit, partition, and delete Private Views. These are private views created by users who have the Network Manager IP Network View - Administer views for user role.

This role also allows the user to perform Move operations on network views within a group view collection.
ncp_networkview_editor Network_Manager_IP_Admin User can edit the Network Views widget.
ncp_oql Network_Manager_IP_Admin User can perform and display the results of select type operations using the Management Database Access page.
ncp_oql_editor Network_Manager_IP_Admin User can edit the Management Database Access widget.
ncp_oql_update Network_Manager_IP_Admin User can perform and display the results of update type operations using the Management Database Access page.
ncp_pathview Network_Manager_IP_Admin, Network_Manager_User User can create, edit, and delete path views.
ncp_pathview_editor Network_Manager_IP_Admin User can edit the Path Views widget.
ncp_printing_allowed Network_Manager_IP_Admin

V4.2 FixPack 17:The Save as Image and Print buttons are displayed for the user.
ncp_reporting_user Network_Manager_IP_Admin, Network_Manager_User Adds the Cognos Reporting menu item.
ncp_reporting_admin Not assigned to a group by default. This role is not currently used.
ncp_rest_api Network_Manager_IP_User Required for access to GUI elements that use RESTful APIs. Leave this role assigned to all users.
ncp_structurebrowser Network_Manager_User User can use the Structure Browser.
ncp_structurebrowser_editor Network_Manager_IP_Admin User can edit the Structure Browser widget.
ncp_structureview_entitysearch Network_Manager_User User can search entities in the Structure Browser.
ncp_structureview_interport_navigation Network_Manager_User User can navigate from a port on one device to a port on another device in the Structure Browser.

ncp_topo_mgmt

 Network_Manager_IP_Admin User can add and remove devices and connections to the topology using the topology management functionality available within the Network Hop View.
ncp_webtools Network_Manager_User User can use the WebTools.
ncp_webtools_editor Network_Manager_IP_Admin User can edit Web Tools, which is a set of GUIs available form the right-click menu on a device in the topology map.
netcool_all_domains_access Not assigned to a user or group by default. User with this role is allowed to access any domain.
netcool_domain_access_domain_name Not assigned to a user or group by default. User with this role can access the specified domain. The administrator can create required roles and grant access to users and groups.
netcool_rw Not assigned to a group by default. User can use the Management Database Access and Network Polling widgets.
noi_npi Network_Manager_User User can view the Device Dashboard and, in particular, the Performance Insights widget used in this dashboard.
V4.2 Fix Pack 1: noi_npi_admin V4.2 Fix Pack 1: Network_Manager_IP_Admin V4.2 Fix Pack 1: User can edits the Device Dashboard and, in particular, the Performance Insights widget used in this dashboard.

User roles for charting

Users must have the user IDs assigned to a chart role before they can see and work with the charting functions.

The main administrator of Jazz for Service Management already has the chartAdministrator role, and can assign users to any of the three chart roles that are available. Logged in users will have no access privileges to the charting features if their user ID has not been assigned to a chart role. These are the capabilities of the chart roles:

chartAdministrator
Users with this role can create and delete charting connections to data sources, upload charts, and can clear the charting cache (useful for troubleshooting).
chartCreator
Users with this role can upload charts, view, and edit them. They cannot create or delete chart connections nor can they clear the charting cache.
chartViewer
Users assigned to this role can select and view charts, but cannot modify them or their preferences. They cannot upload charts, create connections, or clear the charting cache.

Roles are assigned through Users and Groups > Administrative User Roles.