This topic provides a general overview of authentication and authorization and introduces BMC Atrium Orchestrator's (BAO) authentication and authorization system.
- Authentication is the mechanism used to securely identify users. It relates to how users sign into BMC Atrium Orchestrator.
- Authorization is the mechanism used to grant users access to BMC Atrium Orchestrator components and content and control what users are allowed to do with components and content.
Authentication is the method used to securely identify users. A user is the entity signing into the system (BMC Atrium Orchestrator). Authentication for BMC Atrium Orchestrator does the following:
- Identifies BAO users.
The authentication system stores information about users to identify them. A user name, login name, and password is associated with a user.
- Determines if the user attempting to sign into BAO is a valid user who is allowed to sign into BAO.
Authentication systems may use other entities to organize users, including the following:
- Groups are ways of combining users in a way that is meaningful to an organization.
- Organizations are ways of combining users and groups in a meaningful way. An organization might be a group of users in a company, an entire company, a consortium, society, or some other institution.
BMC Atrium Orchestrator authentication options
For information about the authentication options available with BAO Platform, see Installing an authentication service. If you are upgrading from an earlier version of BAO, refer to the appropriate upgrade section in Upgrading and the authentication information for that upgrade.
The way that you set up and use authentication varies based on the authentication option your organization uses. This wiki provides instructions for each option. Ensure that you use the instructions for your authentication type.
Authorization is the system used to control access to resources. In BMC Atrium Orchestrator authorization controls access to components and content. BMC Atrium Orchestrator uses a role-based access control (RBAC) to control access to components and content.
In a typical RBAC system
- Roles are created that align with job functions or tasks typically performed by users.
- Permissions are set up to control access to resources, such as read, write, execute, delete.
- Permissions are associated with roles, which controls the roles access to resources.
- Users, groups, or organizations (whatever entities used in your authentication system) are assigned to roles, which grants users access to the resources associated with the roles when the users are logged into the system. (BAO 7.9 uses users and they must be assigned to roles.)