Assigning grid permissions

Use the BMC Atrium Orchestrator Grid Manager Administration tab to manage permissions. Before getting started, review the permissions overview in Managing permissions.

Note

The tab uses the term "group." Group names must align with your authentication entity as follows:

  • Role in Remedy Single Sign-On (Remedy SSO or RSSO). Group names this tab must align with your Remedy SSO role names.
  • Group in LDAP. Group names in this tab must align with your LDAP group names.
  • Group in Atrium Single Sign-On (ASSO). Group names in this tab must align with your ASSO group names.

    Important

    BMC Atrium Single Sign-On is not supported for use with BMC Atrium Orchestrator Platform 7.9.01 and later versions.

This documentation uses "role" to represent role/group in the authentication system.

In the Grid Manager Administration tab you can

  • Create groups.
  • Assign group access for workflow execution or grid administration.

This topic provides the following information:

In the Grid Manager, you can assign permissions to the group so that users assigned to the corresponding role/group can:

  • See the Status tab
  • See the Manage tab
  • See the Admin tab
  • Use BMC Atrium Orchestrator Development Studio with this grid and execute workflows
  • Use a selected Operations Actions Management module
  • Run a workflow in BMC Atrium Orchestrator Development Studio

Note

If a user is a member of more than one group, the user is granted the most permissive permissions. 

Default grid permissions

The following table describes the default permissions available in Grid Manager.

Permission

Description

View Grid Status

Users assigned to the role can see the Status tab to check the grid status

Grid Management

Users assigned to the role can see the Manage tab and manage content. Members can add adapters, remove adapters, activate content on the grid. If you select the Grid Management check box, the View Grid Status check box is selected by default and is disabled. Members can manage content and see the status of the grid.

Grid Administration

Users assigned to the role can perform grid administration activities, which includes managing content, adding groups, removing groups, and copying groups. If you select the Grid Administration check box, the Grid Management and View Grid Status check boxes are selected by default and are disabled.

Development Studio

Users assigned to the role can access the BMC Atrium Orchestrator Development Studio and run workflows.

Workflow execution permissions

When you activate a module on a grid, it is added to the Grid Permissions tab. All workflows inside the module appear in the permissions list. You can assign workflow execution permissions to the appropriate groups.

Note

When you create a new module, you must activate the module and set execute permissions for the new modules. Workflows must be exposed for the Operator Control Panel (OCP) or SOAP as required.

When you create a new workflow inside an existing module, you must set permissions for that workflow. Workflows do not inherit permissions from their parent modules.

To create a group

Each group that you create must have a matching role (in Remedy SSO) or group (in LDAP or ASSO) of the same name.

  1. In the BMC Atrium Orchestrator Grid Manager application, select the Administration tab, and then select the Grid Permissions tab.
  2. Click Add Group.
  3. Enter the name of the group and click Save.

You can now assign permissions to the group.

To assign permissions to a group or remove them from a group

  1. Select the check box of each permission that you want to assign to the group or deselect it to remove a permission from a group.
    You cannot modify permissions for the AoAdmin group.
    See Default grid permissions table for details. 
    For example
    To assign Grid Management permission for the TestA group, in the Grid Management row, select the option under TestA group.
    To remove Grid Management permission for the TestA group, in the Grid Management row, deselect the option under TestA group.
  2. Click OK to save the permission assignments.

To copy permissions from one group to another

  1. In the BMC Atrium Orchestrator Grid Manager application, select the Administration tab, and then select the Grid Permissions tab.
  2. In Copy From Existing Group, select the group from which you want to copy permissions, and then in Copy To Group Name enter the group name where you want the permissions to be copied.
    You cannot a group's permissions to the AoAdmin group; in other words, you cannot overwrite the AoAdmin group.
  3. Click Save.

To delete a group

  1. In the BMC Atrium Orchestrator Grid Manager application, select the Administration tab, and then select the Grid Permissions tab.
  2. Click Delete Group.
    You cannot delete the AoAdmin group.
  3. Select the group that you want to delete from the list and click Delete.

Related topics

Managing permissions
Assigning repository permissions

Creating and managing local users and roles in Remedy Single Sign-On

Creating user accounts and assigning user accounts to groups in BMC Atrium Single Sign-On