×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC Atrium Orchestrator Platform 7.9 ... Administering Managing users, roles, and permissions

Managing permissions

Permission assignments to roles control access to BMC Atrium Orchestrator components and content. Permissions are controlled via two areas in BMC Atrium Orchestrator:

Groups on these tabs are aligned with roles.

To manage permissions, you must assign permissions to roles. Users assigned to the roles will then have permission to use the BAO components associated with their roles.

Note

If a user is associated with more than one role, the user is granted the most permissive permissions. If a user is not associated with a role, that user is automatically assigned the Default role and is granted the default permissions.

By default, BMC Atrium Orchestrator provides the AoAdmin and Default permission groups. Both the groups have full access to the repository and to the grid. AoAdmin is a hard-coded group and is not used to administer the system.

Recommendation

BMC recommends that you not associate any users with the AoAdmin role (the default aoadmin user is assigned to that role) and only use this role  to unlock the grid if you accidentally remove all the permissions.

To manage permissions for Remedy Single Sign-On (Remedy SSO or RSSO)

  • In Remedy SSO you should have already completed the following tasks (described in Creating and managing local users and roles in Remedy Single Sign-On for details).
    • Create roles, then create local users and assign them to roles.
      or...
    • Set up LDAP configuration for your LDAP groups.
  • In BAO Grid Manager and Repository Manager complete the following tasks (described in this section).
    • Create groups that have the same names as your RSSO roles or LDAP groups. 
    • Assign repository and grid permissions to the groups.

After completing these tasks, users assigned to the Remedy SSO roles or LDAP groups have permission to use the BMC Atrium Orchestrator components associated with their roles/groups. 

To manage permissions for BMC Atrium Single Sign On (ASSO)

Note

BMC Atrium Single Sign-On is not supported for use with BMC Atrium Orchestrator Platform 7.9.01 and later versions.

  • In ASSO, you should have already completed the following tasks (described in Creating user accounts and assigning user accounts to groups in BMC Atrium Single Sign-On).
    • Create groups, then create user accounts and assign them to the appropriate ASSO groups.
      or...
    • Set up LDAP configuration for your LDAP groups.
  • In BAO Grid Manager and Repository Manager complete the following tasks (described in this section).
    • Create groups that have the same names as your ASSO or LDAP groups.
    • Assign repository and grid permissions to the groups.

After completing these tasks, users assigned to the groups in ASSO or LDAP now have permission or to use the BMC Atrium Orchestrator components associated with their groups.

Related topics

Assigning repository permissions

Assigning grid permissions

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Last modified by Dorothy Poole on Mar 08, 2017
users roles overview administration recommendation best_practices asso

Comments

Log in or register to comment.

Creating user accounts and assigning user accounts to groups in BMC Atrium Single Sign-On
Assigning repository permissions
© Copyright 2016-2017 BMC Software, Inc.
© Copyright 2016-2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.