Role-Based Access Control (RBAC) is a security method that grants users access to resources based on their roles within an organisation, rather than individual permissions. This approach streamlines access management, simplifies administration, and enhances security by limiting access to only what's needed for a specific role.
IBM Cloud Pak for AIOps (AIOps) provides an RBAC capability to control which pages, alerts, topology resources, and attributes that users can access. This blog goes through the steps to enable and configure RBAC for productive use, highlighting any tips along the way.
MENU AND PAGE ACCESS
AIOps comes out-of-the-box with a number of preset roles that include associated permissions. The underlying permissions are ultimately what give a logged-in user the ability to access a page. So, permissions are associated to roles, then roles can be assigned to individual users and/or groups.
ENABLING RBAC
The other RBAC capabilities control which alerts, resources, or attributes of either, a can be accessed by users or groups. Before this feature can be used, you must enable Group Profiles in your deployed AIOps instance. Once enabled, AIOps will automatically provision additional menu items and capabilities that support these features. For a new deployment of AIOps, this can be enabled as part of the deployment configuration. If you have an existing AIOps deployment where group profiles is not enabled however, you can enable it by modifying the AIOps installation.
To enable RBAC in your existing AIOps deployment, open a command prompt on your workstation and authenticate to your AIOps cluster using one of the following two ways.
FOR LINUX-BASED DEPLOYMENTS
If you are running the Linux-based AIOps, all you need to do is SSH to the primary control plane node and source the environment variable file: