In order to gain access to the Live Map Portal, generally we required access to the Live Maps Portal Group. This group allows us to find the Operations Manager and DW databases. It also gives us access to certain information needed for Static URLs, and Savision Live Maps Global settings. One of the objects we look at for the database information is the Operations Manager Management Group. This object does allow users to have access to several objects in SCOM.
While this is fine in many cases, there are some companies that wish to share out the information, but want tighter controls to what objects an individual can see. This article will assist you in reducing the number of objects a user can have access to, while still allowing access to the Live Maps Portal.
Note: In order for this to work, it will require changes to the Live Maps Portal installation. Also creating a new group in SCOM. Attached to this KB article is an unsealed MP that will add the group for you. I will still give instructions so you under stand what objects are used in the group.
Live Maps Portal
1. Locate the web.config file for the Live Maps Portal. Saving this later on will most likely require Administrative rights so make sure you have them. This is typically located in "c:\inetpub\Live Maps Unity Portal".
2. Open the web.config file and locate the <connectionStrings> tag. Should be near the top as you open up the web.config file.
3. Look for the following entries.
4. Remove the comment lines at the beginning and end of the bottom 2 rem-ed out lines.
5. On the line that begins with - <add name="operationalDatabaseOverride" connectionString="Data Source=OM SQL Server; Initial Catalog=OperationsManager;
Change the "Data Source=<your sql server instance>
If your Operations Manger database name is NOT OperationsManager, then change that also.
6. On the line that begins with - <add name="dwDatabaseOverride" connectionString="Data Source=OM SQL Server; Initial Catalog=OperationsManagerDW;
Change the Data Source=<your sql server instance>
If your DW database is not OperationsManagerDW, then change that also.
The result should look like this.
<add name="operationalDatabaseOverride" connectionString="Data Source=sa-sql01\opsmgr; Initial Catalog=OperationsManager; Integrated Security=true;Connection Timeout=300" providerName="System.Data.SqlClient" />
<add name="dwDatabaseOverride" connectionString="Data Source=sa-sql01\opsmgr; Initial Catalog=OperationsManagerDW; Integrated Security=true;Connection Timeout=300" providerName="System.Data.SqlClient" />
Live Maps Portal Restricted Group
Next is to create a restricted group. Now you can skip the steps outlined below and download the unsealed MP, and import it into your SCOM console.
OR - Create a new group in SCOM with the following Dynamic Members. Recommend naming it "Live Maps Portal Restricted Group".
Savision Live Maps Global Setting
Static URL Cryptography Key
Static URL Link
All rules are DisplayName Matches Wildcard *
Granting Access to Portal
Last step is to grant access to the User Role so they can have access to the Portal. Minimum requirments at this stage to give access to the Live Maps portal would be to group scope the user to the following groups.
All Live Maps Licenses
Live Maps Portal Restricted Group ( or if you created your own restricted group)
You can test this and see they have access to the portal, but no information. A look at Computer Health will show up empty. At this point you can continue to edit the User role to add the access you want them to have.