IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Use role-based authorization policies
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Work with multiple domains
You can use the Authorization Policy Server to manage policies for multiple hub monitoring server environments, also called domains.
A domain is defined as a collection of IBM Tivoli Monitoring components such as portal servers, monitoring servers, monitoring agents, and Warehouse Proxy agents that are centered around a particular hub monitoring server. Each domain has its own name space for situations, take actions, managed systems names, managed system groups, queries, workflow policies, and any other IBM Tivoli Monitoring object.
An authorization policy that is created without specifying a domain name (or with a domain name of 'any') is applied across all IBM Tivoli Monitoring domains that are being managed by the Authorization Policy Server. Domain names are the same as the dashboard data provider ID and are in the format itm.hub_monitoring_server_name. You can create a more user-friendly string to use in place of the hub monitoring server name when you configure the portal server and enable the dashboard data provider.
To list your domains use the tivcmd CLI> listdomains command. For example:
tivcmd listdomains itm.HUB_DOMAIN1 itm.HUB_DOMAIN2 itm.HUB_DOMAIN3
The tivcmd CLI> listdomains command returns the list of dashboard data providers for which a connection is defined in the Dashboard Application Services Hub that the Authorization Policy Server is installed with. The command also returns any domain names that were specified when creating a permission. Typically, there is a single dashboard data provider connection defined per Dashboard Application Services Hub.
To determine the hub names for each of your domains, use one of the following methods:
- Run the tacmd listsystems command against each hub monitoring server to determine the hub monitoring server's managed system name. Monitoring servers use the EM product code.
- Alternatively, you can log into the Dashboard Application Services Hub for each domain and display the dashboard data provider connection information. In a typical environment, you might see that the provider ID has been set to ITMSD instead of the hub name. However, the connection name is the hub name if it was not customized when the connection was created.
Once you know your the name of the hub monitoring server then your domain name is itm.hub_monitoring_server_name, for example itm.HUB_server1.
- Deployment scenarios
The deployment scenarios in this topic can help you make decisions in your environment.
- Create policies for specific IBM Tivoli Monitoring domains
In a multi-domain deployment, best practice is to create policies for users through roles that differentiates access by the domain.
Parent topic:
Use role-based authorization policies