Enterprise Manager logoEM: Security > Groups

Description

In BBj 19.20 and higher, the Groups panel provides a centralized interface for creating, modifying, and managing user security groups within the Enterprise Manager. Each group, such as AdminGroups, contains an associated set of System Permissions, which control access to specific administrative and operational functions across the Enterprise Manager environment. These permissions include privileges such as database management, file access, job control, and Enterprise Manager administrative rights. Additionally, the Group Members panel at the bottom allows administrators to assign or remove users from the selected group. This ensures role-based access control is consistently enforced throughout the system.

Location

Enterprise Manager logoEM NavigatorSecurityGroups

Toolbar

Button Function
Adds a new entry and opens new application.
Removes/deletes selected application(s) or files from the system.
refresh button Refreshes the displayed list of applications and their status.

Creating New Security Group

Administrators use the Groups interface to create custom access groups with specific system permissions. Clicking the opens a prompt requiring a unique group name. Once created, the group can control access to various EM functions, ensuring secure role-based management.

Setting Description
New Security Group Name Prompts the user to enter a unique name for the new security group, this field is mandatory and cannot be left blank to proceed with group creation.

System Permissions List

The System Permissions List defines the scope of operational privileges assignable to each user or group, including administrative actions such as creating databases, managing BBj processes, configuring JDBC/ODBC connection pools, and enabling access to Enterprise Manager. Each permission is granted individually through an interactive checklist, ensuring granular control over system-level functionality.

Settings Description
All/None
  • When unchecked, no individual system permissions are applied to the selected user or group.

  • When checked, all available system permissions in the list are enabled simultaneously for rapid assignment.

Add Users
  • When unchecked, the user is restricted from creating new user accounts within Enterprise Manager.

  • When checked, the user is granted permission to add new users through the Users panel interface.

Allow Enterprise Manager Access
  • When unchecked, the user cannot access the Enterprise Manager interface or perform any associated administrative tasks.

  • When checked, access is granted, enabling the user to log in and interact with Enterprise Manager components according to their assigned permissions.

Asynchronous Trigger Jobs (View, Create, Modify)
  • When unchecked, the user is restricted from accessing, defining, or modifying asynchronous trigger job configurations within Enterprise Manager.

  • When checked, the user is authorized to view existing asynchronous jobs and create or update job definitions that execute specified tasks based on trigger events.

Attach To Existing Database
  • When unchecked, the user is restricted from linking Enterprise Manager to existing BBjServices-managed databases.

  • When checked, the user gains the ability to attach pre-existing databases through the Enterprise Manager interface for administrative access and configuration.

Audit Jobs (View, Create, Modify)
  • When unchecked, the user cannot access or manage audit jobs within the Enterprise Manager.

  • When checked, the user is authorized to view, create, and modify audit jobs within the Enterprise Manager.

BBj Processes (View, Terminate)
  • When unchecked, the user is restricted from viewing or terminating BBj processes running in the Enterprise Manager environment.

  • When checked, the user gains permission to monitor active BBj processes and initiate termination actions through the BBj Process Control interface.

Create New Database
  • When unchecked, the user cannot access the interface or actions required to define and register new BBj database configurations within Enterprise Manager.

  • When checked, the user is granted explicit permission to initiate the creation process for new databases, enabling interaction with configuration fields such as name, port, data location, and other initialization settings.

Document Indexes
  • When unchecked, the user is restricted from performing any operations involving index documentation within the Enterprise Manager interface.

  • When checked, the user is granted access to view, create, and manage document index definitions used in Enterprise Manager's data indexing and retrieval operations.

Email Services
  • When unchecked, the user cannot configure, initiate, or manage email-based notification services within Enterprise Manager.

  • When checked, the user gains access to create, modify, and manage outbound email functionality for system events and alerts.

JDBC/ODBC Connection Pools (Create, View, Modify)
  • When unchecked, the user cannot access the JDBC/ODBC Connection Pools configuration panel, and is restricted from viewing, creating, or modifying any JDBC or ODBC connection pool definitions within the Enterprise Manager environment.

  • When checked, the user is granted full access to the JDBC/ODBC Connection Pools section, including the ability to view existing pool configurations, create new pools, and modify or update connection parameters for database integration via JDBC and ODBC.

Online Copy Jobs (Create, View, Modify)
  • When unchecked, the user is restricted from accessing, initiating, or modifying any Online Copy Jobs within the Enterprise Manager environment.

  • When checked, the user is granted permission to create, view, and modify Online Copy Jobs, enabling asynchronous data duplication tasks across configured BBj databases.

Open Files (View ONLY)
  • When unchecked, the user cannot access the Open Files interface in Enterprise Manager and is restricted from viewing file lock details or file usage sessions.

  • When checked, the user gains view-only access to currently open files, including filename, user, session ID, and lock information, but cannot perform actions such as unlocking or modifying files.

Open Files (View, Force Close)
  • When unchecked, the user is restricted from accessing the Open Files interface and cannot view or forcibly close any active file handles managed by the BBjServices server.

  • When checked, the user is authorized to view a list of open files across the system and forcibly close any of those file handles through Enterprise Manager, which is a high-level administrative action typically used for terminating locked or hung resources.

Remove A Database
  • When unchecked, the user is restricted from removing any registered SQL database entries within Enterprise Manager. The Remove option is disabled in the Databases panel, ensuring no accidental or unauthorized deletions occur.

  • When checked, the user is permitted to delete existing database configurations from the system. This action unregisters the database from Enterprise Manager, but does not delete the physical database files from disk.

Remove Users
  • When unchecked, the current user lacks permission to delete existing user accounts from the Enterprise Manager system. The Remove operation remains disabled in the user management interface.

  • When checked, the current user gains permission to permanently delete user accounts via the Users panel in the EM interface, subject to system constraints and authentication requirements.

Replication Jobs (View, Create, Modify)
  • When unchecked, the user cannot access the Replication Jobs interface or view, create, or modify any replication jobs within the Enterprise Manager.

  • When checked, the user is granted permission to access and interact with the Replication Jobs interface, allowing them to view existing replication jobs, create new ones, and modify configuration settings for replication tasks.

 

SQL Connections (View, Terminate)
  • When unchecked, access to view or terminate active SQL Connections through the Enterprise Manager interface is restricted for the associated user or role.

  • When checked, permission is granted to monitor all active SQL Connections and forcefully terminate them if necessary.

Scheduling Jobs (View, Create, Modify)
  • When unchecked, access to view, create, or modify job scheduling configurations is restricted. The user cannot interact with the scheduling interface in the Enterprise Manager, including the creation of new job entries or editing existing schedules.

  • When checked, grants full access to the Job Scheduling interface, enabling the user to create new scheduled jobs, view job details, and modify job properties within the BBj Services environment through the EM interface.

Server Configuration
  • When unchecked, access to the Server Configuration panel is denied. The user cannot view or modify any server-related settings such as BBj services, server ports, memory settings, or security configurations. All interactive elements on this page remain inaccessible.

  • When checked, grants full access to the Server Configuration section. The user is permitted to view and modify server-level settings, including network configurations, JVM memory parameters, server logging, and BBj Services.

Set Passwords
  • When unchecked, prevents the user from modifying or assigning passwords for any user accounts through the Enterprise Manager interface. Access to the password-setting functionality in the Users panel is disabled.

  • When checked, grants the user explicit permission to set or change passwords for existing user accounts via the Users management section of Enterprise Manager.

Set System Permissions
  • When unchecked, access to assign, modify, or revoke system-level permissions for Enterprise Manager users is disabled. The user cannot configure or manage role-based access controls or permission group settings.

  • When checked, grants the ability to assign and manage system permissions, including editing permission group mappings, controlling feature-level access, and configuring user roles in Enterprise Manager.

Table Analysis Queue (View, Terminate)
  • When unchecked, access to view or terminate table analysis queue jobs is restricted in Enterprise Manager, preventing the user from monitoring or interrupting any ongoing table analysis operations.

  • When checked, enables the user to view the status of active and queued table analysis jobs and terminate them as needed for performance or administrative control.

Triggers(Create, View, Modify)
  • When unchecked, prevents access to all trigger-related functions in the Enterprise Manager. The user cannot view existing triggers, create new ones, or modify any trigger configurations associated with database tables or events.

  • When checked, grants permission to access the Triggers section. The user can view existing trigger definitions, create new triggers to automate specific database behaviors, and modify current trigger settings, including execution timing and event conditions.

View Metrics Results
  • When unchecked, access to the Metrics Results section in Enterprise Manager is restricted. The user cannot open or view any collected metrics data, including historical performance summaries or diagnostic reports generated by the Metrics Engine.

  • When checked, grants permission to open and review metrics output, including system health indicators, query performance metrics, and resource usage analytics. This access is strictly read-only and does not include any options to modify metrics definitions or collection behavior.

Group Members

The Group Members panel enables administrators to assign specific users to a security group by launching a user selection dialog by clicking the icon. Users added through this interface, such as admin or guest gain the group’s defined permissions, ensuring precise access control within the BBj Services environment.

Settings Description
admin Grants full administrative privileges within the Enterprise Manager environment, including permission to modify security settings, users, and system-level configurations.
guest Assigns minimal access limited to viewing permissions, without authorization to alter settings or perform administrative tasks.

See Also

BBjAdminBase

Users