Managing users

This topic was edited by a BMC Contributor and has not been approved.  More information.

You can manage users that have been granted access to BMC Helix Cloud Security, choose Configure icon > Users. The Manage Users page lists the name and email addresses of all current users who have been granted access to the service and the roles they have been granted. This enables collaboration between multiple users for a specific Tenant, and enables the Tenant to determine the permission levels of all users who access Cloud Security.

Note

To be on this list you must have already onboarded a tenant by providing a Company and Work Email Address when you created the Policy account.

To access the latest information about this topic and all Cloud Security releases, check out the Release Notes.

Adding a user

When you add users in Cloud Security, you also determine the roles that those users are granted within the service.

  1. From the Users screen, click Add Users.
  2. On the Invite Users dialog, type the email address of the user to whom you want to send an invitation. Select the relevant role for the user.
  3. From “Organization Unit” Drop down, Select the Name of the Organization that you wish to associate this user to and click Add User button to add the user to the list of users to be invited to use  Cloud Security.

    If you are Associating Users to any Sub-Organization of that Tenant, then Invite Users Dialog will Only show available Roles as “Operator” & “View Only” & “Security Auditor”, for all other cases, it will list all the Available Roles. 

  4. Only Admin can add users.

    For more details about privileges available to each role, see Permissions Mapping.

          If no data is displayed on the Dashboard, users are notified to contact the Cloud Security Administrator, who can perform all the operations in Cloud Security.

      5. Click Send Invitation.

         A message appears indicating the invitation has been sent, and emails are sent to the addressees inviting them to accept the invitation. Upon clicking Sign Up on the invitation       email, the addressee can register for the same Cloud Security tenant account. Once registered, the new account is registered and the user can sign in to Cloud Security with permissions that were granted by the Admin. 


The roles assigned to each user is displayed in the Role column on the Users screen.

If the user is invited but registration is still pending, it shows that user as “invited” in the last column and it will not show Name column value. Once registration is completed, it starts showing Name value and removes “invited” value for that row. 

Also, if the invited user is already registered, User gets an email to Login.

For more information about user registration, see Registering.

Note

If Single Sign On is enabled for a tenant then user entries are created on first login of the users. Users are assigned Read Only view to the tenant. Admin can then modify roles and permissions later.

Editing role and organization of a user

Administrator can modify role and organization of the users, from user management page. 

  1. As an Admin, choose Configure icon > Users.
  2. On the Users page, click on the user from the user's list you want to edit.

  3. User info window launches. Admin can select from the drop down.
  4. Admin can assign organisation to the user from the Assign Organization link in the user info window.

Roles that cannot be assigned to a use in an organization are as below:

Operations Admin
Security Engineer
Security Architect
Cloud Security Admin
Admin

To provide a higher role to the user in an organization, the user needs to be first assigned to the tenant.

Deleting a user

Admin can delete users if they are no longer a member of the Tenant, or for any other reason. (For example, the contract for an employee that was invited to join an organization might have ended, and that contractor should no longer have access to Cloud Security and the user data.) This functionality is not enabled for other roles.

Users that are deleted can no longer log in to that Tenant again. Users that are members of multiple Tenants can log in only to the Tenant or Tenants for which they are still active. Users that have been deleted from all Tenants can no longer access Cloud Security; however, they can be invited later to re-join the organization as a new user.

  1. As an Admin, choose Configure icon > Users.
  2. On the Users page, select the user or users you want to delete and click Delete Users.

    Note

    You cannot delete all users. At least one user must be associated with the organization. So, in the above example, David MSP (an MSP Admin) cannot be deleted after Alice Contractor is deleted.


  3. On the confirmation message that displays, click OK, Delete.

    Note

    You cannot undo this action. Deleting a user has no impact on user data.

    For more information about creating a Policy user account and completing the registration process, see Registering.

Permissions 

Features

Security Architect

Security Engineer

Operator

Operations Admin

Security Auditor

Cloud Security Admin

Admin

View-only

Connector

View

Map and Evaluate Now

Evaluate Now

Manage

Evaluate Now

Manage

Manage

View

Policy

Manage

Manage

View

View

View

Manage

Manage

View

Exceptions

Manage

Manage

View

View

View

Manage

Manage

View

Users

View

View

View

View

View

View

Manage

View

Remediation

View

Manage

Invoke

View

View

Manage

Manage

View

Organization

Switch

Switch

Switch

Switch

Switch

Manage

Manage

View

Transaction

Export

Export

Export

Export

Export

Export

Export

Export

Reports

Manage Own Report

Manage Own Report

Manage Own Report

Manage Own Report

Manage Own Report

Manage All Reports

Manage All Reports

View


Was this page helpful? Yes No Submitting... Thank you

Comments