How to grant permission to all users/groups for apm_status_console_control

Document ID : KB000030400
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

 

How to grant permission to all users/groups for apm_status_console_control.

 

Answer:

Let's start with some background on the permission: apm_status_console_control.

 

This permission allows non-admin users to have access to the APM Status Console. The APM Status Console allows viewing of important status and events for a standalone or clustered Enterprise Manager.  Its purpose to allow Administrators to monitor and address issues related to the health of the Enterprise Managers they administer.

 

Sometimes, Support is asked whether we can configure server.xml to grant everyone permissions for apm_status_console_control.

 

The answer is yes you can, however you cannot grant all groups or all users permission directly.

 

For example, trying to use a wildcard in the group or user name area will not work.

<grant group="*" permission="apm_status_console_control"/>

 

OR

 

<grant user="*" permission="apm_status_console_control"/>

 

The reason for this is, "grant user" and "grant group" are being taken as literal.  They, unlike "agent mapping", cannot use wildcards.

 

However, you can create a group and add the users in there.

 

In users.xml

<group name="APM Status Console" description="APM Status Console Users">

<user name="UserA"/>

<user name="UserB"/>

<user name="UserC"/>

etc.....

</group>

 

In server.xml, add

<grant group="APM Status Console" permission="apm_status_console_control"/>

This will now allow any user inside the "APM Status Console" group to be able to view the APM Status Console.