×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
Helix Automation Console 19.11 Getting started

User roles and permissions

Automation Console provides role-based access to the application. Users access the Automation Console based on the role assigned to them in the endpoint manager, such as Server Automation. 

When you log in, the security group that you currently belong to appears in the top-right corner of the user interface. If you are assigned multiple roles in Server Automation, you can change the security group to view the application as per your defined role. For instructions about changing the security groups, see Logging in – Changing the security group Open link .

Based on their roles, users can perform these tasks for an efficient and automated patch management process:

User role

Permissions required in TrueSight Server Automation

Tasks

Administrator

  • By default, the BLAdmins role in Server Automation has administrative permissions in the Automation Console. Users in the BLAdmins role have access to any entity (such as policies, operations, and catalogs) created by other administrative or non-administrative users.
  • The BLAdmin user in Server Automation has administrative permissions to Automation Console.
  • Configure a service account to enable data refresh between Automation Console and Server Automation
  • Manage security groups to provide role-based access to the application
  • Define Service Level Agreements that determine the period within which missing patches must be remediated
  • Import patch catalogs from Server Automation. These catalogs are used to create policies for scanning assets.

Operator

(Non-administrative user)

  • If using Authorization Profiles in Server Automation, users with roles that have access to the Manages Patching Job profile have non-administrative access to the Automation Console.
  • If not using Authorization Profiles, ensure that Server Automation roles have access to the following authorizations:
    • BatchJob
    • BLPackage
    • DeployJob
    • DepotGroup
    • JobFolder
    • JobGroup
    • NSHScript
    • PatchCatalog
    • PatchingJob
    • PatchSmartGroup
    • Server
    • ServerGroup
    • Roles.Read
  • Provide permissions to the assets or catalogs to be used by the operator.
  • To ensure that administrators in the BLAdmins role have permissions to delete artefacts created by operators, do these steps:
    • Create an access control list (ACL) policy and assign BLAdmins permission to the policy
    • Create an ACL template using this policy
    • Assign the ACL template to the non-administrative or operator role
    For details, see

    Error rendering macro 'link-window'

    Failed to transform the HTML macro template for display. Nested message: The XML content could not be parsed. There is a problem at line 4, column 114. Parser message: Duplicate attribute 'acl'. at [row,col {unknown-source}]: [4,114]

    in Server Automation documentation.
  • Create patch policies that run according to a schedule to identify missing patches on assets
  • Monitor the list of missing patches and assets
  • Create remediation operations to install missing patches on assets
  • Monitor the Dashboard to view patch compliance results and other metrics, such as the remediation trend, top 10 missing patches, and missing patches by SLAs, severity, and age.
  • Import vulnerability scan files
Was this page helpful? Yes No Submitting... Thank you
Last modified by Adlapalli sunil kumar Achary on Jan 17, 2020

Comments

Log in or register to comment.

Overview
End-to-end use cases
© Copyright 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.