The final step in our three-part sample series illustrating the flexibility of combining the modules and components of System Center 2012 SP1 -Orchestrator with the free portal from ITQ – the EUPSCO (End User Portal for System Center Orchestrator) – we are going to address the added step that we should execute to restrict access to our services to only the group of people with whom the offering is relevant.
(Editor’s note: In case you need to catch up, the other two articles in this sample series are: System Center 2012 SP1 – Orchestrator: Sample Runbook Creation and System Center 2012 SP1 – Orchestrator: Sample Runbook Publishing.)
To implement the restrictions, we are going to use a regular security group from Active Directory.
In my sample environment I have created a group called “!HR Team” and added the user which we created while validating the scenario in our last post as a member of this group.
Next, open your browser and log into the EUPSCO portal, with administrative credentials
Still logged in as Administrator, we will check to see if we still have access to the service. In my environment the Administrator is not a member of the !HR Team group, so I expect that the service should not be available to select
Neat! At this point, it appears that we have at least hidden the service from users who do not fall within the access scope
Log into a workstation with the credentials of a member of the HR team, then launch their browser, and connect to the EUPSCO portal. You will be presented with a subset of the options that were available while you connected with administrative credentials.
We don’t need to continue, as now we know that the service is indeed available for us to select and use.
As you can appreciate, the flexibility of our new portal is amazing, there is very little configuration required, and with the simple process of just assigning a security group to a service to control its access, this portal will provide a very simple and seamless interface for users to integrate with our runbooks until such time as we get our service manager online and configured.
Note: I should point out, that during testing I did have some initial problems with saving the security group to the service while using IE 10, but switching over to Chrome instantly resolved that issue. These appear to be little issues with the parsing of HTML 5.0