Permissions determine the BMC Atrium Orchestrator components that you can access.
To manage permissions, you must create your permission groups in two places: BMC Atrium Orchestrator and BMC Atrium Single Sign On. Use the same group names in both places. Create the groups in BMC Atrium Orchestrator first and then create the groups in BMC Atrium Single Sign On (this sequence is not required). Next, assign user accounts to their respective groups.
For information about creating groups and user accounts in Atrium Single Sign On, see Creating user accounts and groups, assigning user accounts to groups in BMC Atrium SSO.
You manage permissions to the grid through the Grid Manager Administration:Grid Permissions tab. Likewise, you manage permissions to the repository and to the repository content through the Repository Manager Manage Permissions tab.
By default, BMC Atrium Orchestrator provides the AoAdmin and Default permission groups. Both the groups have full access to the repository and to the grid. AoAdmin is a hard-coded group and is not used to administer the system.
In Grid Manager and Repository Manager, permissions are assigned using groups. If a user is a member of more than one group, the user is granted the most permissive permissions. If a user is not assigned to any group, that user is automatically a member of the Default group and is granted the default permissions.
BMC recommends the following:
- No user be a member of the AoAdmin group except the AoAdmin default user and that this group be used only to unlock the grid if you accidentally remove all the permissions.
- After installing the primary CDP, remove the following permissions from the Default group: Development Studio, Grid Administration, and Grid Management.
This section includes the following pages: