Roles and permissions
This topic describes the roles assigned to the user accounts for authentication and how those roles authorize access to the product and product features:
BMC Network Automation roles
All users must have a valid user name and password to access the system. During installation, the administrator specifies whether users are authenticated locally (default), or authenticated through a Microsoft Active Directory, OpenLDAP, RADIUS, or TACACS+ server. The authentication method is also extended to the URL in-context launches and web services APIs. Independent of the authentication method, each user is assigned one or more roles that grant or deny system and network rights. Network rights are assigned to realms. The system includes a set of default roles. The system administrator can modify these roles and create new roles. The default set of roles include:
- Viewer: Can view reports and database information, but cannot modify the database or device configurations.
- Manager: Same as Viewer, but can also manage jobs.
- Planner: Same as Manager, but can also manage network-related components (for example devices, groups, policies).
- Administrator: Including all system administration tasks on the Admin tab. All rights are granted to this user.
Essential user activity is logged to the Event log, including log on and log off, database management, and device configuration management.
The following table provides a list of the common types of users who use BMC Network Automation, and how they interact with the product.
Interaction with BMC Network Automation
Responsible for certifying and maintaining the BMC Network Automation application (sizing, database backup, purging, and so forth)
BMC Network Automation Administrator
Responsible for defining rules, user roles within the product, policies, custom actions, and device adapters
Specific to BMC Cloud Lifecycle Management; responsible for network pod and container design
BMC Network Automation User – Network Admin/Ops
Prescriptive operations and break/fix remediations of routers and switches
BMC Network Automation User – Server Admin/Ops
Prescriptive network path provisioning in support of server provisioning
BMC Network Automation User – Security Ops
Responsible for monitoring and managing firewalls
BMC Network Automation Super User
BMC Network Automation user with access to multiple sites and/or realms
Viewing Priority, Status, Activity, and Support reports
BMC Network Automation must be installed by an administrator on Microsoft Windows or by a root user on Linux.
If you are using an external database (rather than the embedded PostgresSQL database included with BMC Network Automation), you will also need database system administrator credentials during installation. See Preparing for installation for more information.
After installation, the BMC Network Automation administrator can set the user roles, rights, and privileges of users of BMC Network Automation. These users can be ordinary users of the underlying operating system. See Managing access.