Welcome to docs.opsview.com

Differences

This shows you the differences between two versions of the page.

opsview4.6:tenancy [2014/09/09 12:19] (current)
Line 1: Line 1:
 +====== Tenancy ======
 +A tenancy is a grouping of roles and contacts together, so end users can make changes to roles and contacts without knowing any information about other tenants.
 +
 +A tenancy consists of a [[role|primary role]] which defines the maximum list of [[access]] permissions allowed for all contacts in the tenancy. The primary role also defines the list of [[access#selection_of_objects|objects]] that the contacts can see.
 +
 +The basic rules are:
 +  * The primary role in a tenancy defines the maximum permissions available to all the tenants. This is the tenancy
 +  * Each tenant role can define a subset of permissions based on the primary role
 +  * Each tenant cannot see objects outside of their tenancy
 +  * The primary role cannot be edited by anyone in the tenancy
 +  * Non tenant users can see all objects as usual based on their access
 +
 +You need to have CONFIGURETENANCIES to view the tenancy pages. Contacts with this access will be able to list all roles and all objects.
 +
 +To setup a tenancy, you have to:
 +  * Create the host group in the hierarchy that the tenant will use. We recommend that you create a 2nd host group within this top level host group which is where hosts will be placed
 +  * Create a role to be the primary role. Set the maximum permissions available to all users in the tenancy with the configuration host group to be the one created above. There are some accesses that are not allowed - see [[#primary_role|below]] for the list
 +  * Create the tenancy with the primary role set to the newly created role
 +  * Create contacts for this primary role
 +
 +**Note**: If a tenancy is deleted, all the related roles and all the related contacts will be deleted automatically.
 +
 +**Note**: As tenancies take effect immediately, the UI will not show amber rows after changes.
 +
 +===== List view =====
 +
 +{{:opsview4.6:tenancy_list.png?600|}}
 +
 +This will list all the tenancies configured in Opsview, with the primary role and other roles.
 +
 +If you select //Reorder//, you can reorder the tenancies. This affects the order of tenancies
 +listed on this page and on the [[opsview4.6:role|roles]] list page.
 +
 +===== Edit view =====
 +
 +{{:opsview4.6:tenancy_edit.png?500|}}
 +
 +===== Name =====
 +The name of the tenancy.
 +
 +===== Description =====
 +Free text to describe the tenancy.
 +
 +===== Primary role =====
 +This defines the role which will have the maximum permissions allowed for all contacts in the tenancy.
 +
 +The roles listed will not already be part of a tenancy and will not contain roles that have invalid access (as these reveal information about all hosts in the system). The invalid list of accesses are:
 +  * ADMINACCESS
 +  * CONFIGUREKEYWORDS
 +  * CONFIGURENETFLOW
 +  * CONFIGURETENANCIES
 +  * CONFIGUREVIEW
 +  * VIEWALL
 +  * ACTIONALL
 +  * DOWNTIMEALL
 +  * TESTALL
 +  * NETFLOW
 +  * NAGVIS
 +  * REPORTUSER
 +
 +The primary role cannot be changed after the initial creation, although an administrator can edit the permissions for that role. Opsview will automatically ensure that all other roles in that tenancy will not have more permissions than the primary role.
 +
 +
 +====== Different Functionality For Tenancy Users ======
 +===== Roles =====
 +
 +{{:opsview4.6:role_list_tenancy.png?500|}}
 +
 +You can only list roles associated with your tenancy.
 +
 +You cannot edit the primary role for a tenancy.
 +
 +
 +===== Contacts =====
 +
 +You can only list contacts associated with your tenancy.
 +
 +The list of roles you can set for the contact is limited to the roles in your tenancy.
 +
 +===== Auto-Discovery =====
 +This is disabled for tenant usres as information about hosts outside of the tenancy maybe visible.
 +
 +
 +====== Best Practice ======
 +===== Slaves =====
 +It is best to have one slave per tenant, otherwise there will be data on the slave that could be retrieved form the command line about other tenants.
 +
 +===== Host Groups =====
 +We recommend you have separate trees in the host group hierarchy for each tenant.
 +
 +===== MRTG =====
 +Due to a limitation in [[opsview4.6:mrtg#limitations|MRTG's access control]], if there are multiple tenants on a slave, then they can guess the URL for other hosts that are on that slave.
 +
 +===== Limitations =====
 +**Note**: While a tenant user is restricted to their list of objects, the system needs to have unique names so checks for uniqueness are across tenancies.
 +
 +**Note**: An Opsview reload will affect all tenancies at once.
Navigation
Print/export
Toolbox