Role Based Authorization scenario

The Big Data team uses Control-M for Hadoop and Application Integrator, spread across several Control-M/Agents. The team has been granted the Full access level to Control-M/Agents with the tag big_data. On these Control-M/Agents, the team is granted the permission to view and manage specific Application Plug-ins and do not have access to any other. In addition, the team is granted access to Hadoop and Application Integrator connection profiles, but only if the connection profile name starts with BIGDATA. The team does not have access to AWS and Azure.

The Cloud team uses Control-M for AWS and Control-M for Azure spread across several Control-M/Agents. The team has been granted the Full access level to Control-M/Agents with the tags AWS and Azure. On these Control-M/Agents, the team is granted the permission to view and manage specific Application Plug-ins and do not have access to any other. In addition, the team is granted access to AWS and Azure connection profiles, but only if the connection profile name starts with AWS or Azure. The team does not have access to BIGDATA.

The following tables illustrate the authorization differences between the two teams:

Agents

Application Plug-ins

Local Connection Profiles

Local connection profiles can use the tags that appear in the following example because they can be mapped to specific local connection profiles that reside on the Control-M/Agents.

Centralized Connection Profiles

Centralized connection profiles are deployed to all Control-M/Agents. Therefore, you need to verify that the Control-M and Agent Tag fields are set to *.