Managing permissions

Permission assignments to roles control access to BMC Atrium Orchestrator components and content. Permissions are controlled via two areas in BMC Atrium Orchestrator:

Groups on these tabs are aligned with roles.

To manage permissions, you must assign permissions to roles. Users assigned to the roles will then have permission to use the BAO components associated with their roles.

Note

If a user is associated with more than one role, the user is granted the most permissive permissions. If a user is not associated with a role, that user is automatically assigned the Default role and is granted the default permissions.

By default, BMC Atrium Orchestrator provides the AoAdmin and Default permission groups. Both the groups have full access to the repository and to the grid. AoAdmin is a hard-coded group and is not used to administer the system.

Recommendation

BMC recommends that you not associate any users with the AoAdmin role (the default aoadmin user is assigned to that role) and only use this role  to unlock the grid if you accidentally remove all the permissions.

 Remedy Single Sign-On: managing permissions overview

To manage permissions for Remedy Single Sign-On (Remedy SSO or RSSO)

  • In Remedy SSO you should have already completed the following tasks (described in Creating and managing local users and roles in Remedy Single Sign-On for details).
    • Create roles, then create local users and assign them to roles.
      or...
    • Set up LDAP configuration for your LDAP groups.
  • In BAO Grid Manager and Repository Manager complete the following tasks (described in this section).
    • Create groups that have the same names as your RSSO roles or LDAP groups. 
    • Assign repository and grid permissions to the groups.

After completing these tasks, users assigned to the Remedy SSO roles or LDAP groups have permission to use the BMC Atrium Orchestrator components associated with their roles/groups. 

 Atrium Single Sign-On: managing permissions overview

To manage permissions for BMC Atrium Single Sign On (ASSO)

Note

BMC Atrium Single Sign-On is not supported for use with BMC Atrium Orchestrator Platform 7.9.01 and later versions.

  • In ASSO, you should have already completed the following tasks (described in Creating user accounts and assigning user accounts to groups in BMC Atrium Single Sign-On).
    • Create groups, then create user accounts and assign them to the appropriate ASSO groups.
      or...
    • Set up LDAP configuration for your LDAP groups.
  • In BAO Grid Manager and Repository Manager complete the following tasks (described in this section).
    • Create groups that have the same names as your ASSO or LDAP groups.
    • Assign repository and grid permissions to the groups.

After completing these tasks, users assigned to the groups in ASSO or LDAP now have permission or to use the BMC Atrium Orchestrator components associated with their groups.

Related topics

Assigning repository permissions

Assigning grid permissions

Was this page helpful? Yes No Submitting... Thank you

Comments