Granular access control
For each user, Enterprise Manager lets you set granular access permissions for different hierarchy levels in the system and for different objects at the same hierarchy level. This granular access control facilitates decentralization of control, effectively preventing the same user from, for example, accessing endpoints and defining and running tasks. As such, granular access control lets you create a buffer between those who can create and access endpoints (DBAs) and those who can create and run tasks.
Enterprise Manager handles permission management as follows:
- Admins can add, remove, and change permissions.
- Designers and Operators can view permissions.
- Viewers cannot view permissions.
By default, each object inherits its permissions from its parent. The following hierarchy is in place, where:
-
Enterprise Manager Root refers to all Enterprise Manager server settings and all Replicate servers monitored by Enterprise Manager.
Information noteChanges to Enterprise Manager root permissions will affect all levels that inherit those permissions.
- All Servers refers to all Replicate servers monitored by Enterprise Manager. This level does not have access to Enterprise Manager server settings.
- Specific Server refers to a server monitored by Enterprise Manager and all its child objects (server settings, tasks, and endpoints).
- All Tasks refers to all tasks that run on a specific Replicate server.
Specific Task refers to all parameters of a particular task.
Information noteTo make a user a designer on a task, the user must be at least a viewer on All Endpoints.
- All Endpoints refers to all endpoints connected to a specific Replicate server.
- Specific Endpoint refers to all parameters of a particular endpoint.
- All Servers refers to all Replicate servers monitored by Enterprise Manager. This level does not have access to Enterprise Manager server settings.