Managing security groups for BMC Network Automation

A security group is a group of users that inherit a set of restrictions and permissions. A security group has a one-to-one mapping to a realm in BMC Network Automation. After a security group is created in SecOps Response and mapped to a realm, all users that are granted access to that realm in BMC Network Automation can log on to SecOps Response with their existing BNA credentials.

The onboarding procedure designates a role used for endpoint administration. This group, known as the endpoint administrator group, is mapped to a realm in BMC Network Automation (typically the Default realm). Users granted access to the specified realm can log in and manage SecOps Response.

This topic includes the following sections:

Importing realms to function as security groups

Before creating new security groups, the endpoint administrator can import realms and their associated users from BMC Network Automation. When you import a realm, it is automatically converted into a security group in SecOps Response.

When you create a security group by importing a realm, the security group is is given the same name as the realm being imported.  

After performing this procedure, you can still add new security groups in the future. You can also repeat this procedure to allow users associated with other realms to use SecOps Response.

To import a realm

  1. As an endpoint administrator, click the drop-down menu by your user name (at top right). Then, select Administration.
    The Administration page opens.
  2. Click the Security Groups tab, if it is not already selected.
    A list of security groups opens.
    Click Import security groups  .
    The Import Security Groups page opens.

  3. Using the list of BMC Network Automation realms, check the realms you want to import. 
    Click select all to select all realms in the list, or click clear to deselect all realms. 
    To search for realms by name, enter a text string in the search box and click Filter the realm names . SecOps Response lists only realms with names that include the string you entered.
  4. Click Import.
    The selected realms are imported into SecOps Response and mapped to a security group with the same name. Users of BMC Network Automation who are granted access to a realm that you have imported are now able to log on to SecOps Response by using their BMC Network Automation credentials.

Adding new security groups

In addition to importing security groups, you can also create new groups.

Currently, only one security group can be mapped to a realm in BMC Network Automation.

SecurityGroupsOverview

To add a new security group

  1. As an endpoint administrator, click the drop-down menu by your user name (at top right). Then, select Administration
    The Administration page opens.
  2. Click the Security Groups tab, if it is not already selected.
    A list of security groups opens.
  3. Select the Add a new security group icon .
    The Create Group page opens.
  4. Enter the following information.

    Option Description
    Group Name Name of the security group.
    Group Description Optional descriptive text for the security group.
    BNA Connector Read only:

    Specifies the BMC Network Automation server to which this security group has access. 

    See Viewing information about the BMC Network Automation connection for more information.

    BNA Realm Name

    The realm in BNA that determines which user authorizations are assigned to this portal security group. 

    Asset Groups


    The Asset Groups option lets you grant this security group access to asset groups that are defined in a vulnerability management system. 

    If you do not grant access to any asset groups, the security group is granted access to all assets.

    To make options available in the Asset Groups option, you must import an asset group file using SecOps Response > Import.

    Click here for a description of the full process for assigning asset groups to security groups.


  5. Click Create Group.
    The security group is created. Users of BMC Network Automation who are granted access to the realm to which this group is mapped are now able to log on to SecOps Response using their BMC Network Automation credentials.

    For some settings to take affect, you must log out and then log back into SecOps Response.

Modifying security groups

  1. As an endpoint administrator, click the drop-down menu by your user name (at top right). Then, select Administration
    The Administration page opens.
  2. Click the Security Groups tab, if it is not already selected.
    A list of security groups opens.
  3. Select a security group and click Edit the current security group .
    The Update Group page opens.
  4. Modify the settings for the security group by changing any of the following options:
    Option Description
    Group Name Name of the security group.
    Group Description Optional descriptive text for the security group.
    BNA Connector Read only:

    Specifies the BMC Network Automation server to which this security group has access. 

    See Viewing information about the BMC Network Automation connection for more information.

    BNA Realm Name

    The realm in BNA that determines which user authorizations are assigned to this portal security group. 

    Asset Groups


    The Asset Groups option lets you grant this security group access to asset groups that are defined in a vulnerability management system. 

    If you do not grant access to any asset groups, the security group is granted access to all assets.

    To make options available in the Asset Groups option, you must import an asset group file using SecOps Response > Import.

    Click here for a description of the full process for assigning asset groups to security groups.


  5. Click Update Group.
    For some settings to take effect, you must log out and then log back into SecOps Response. 

Deleting security groups

  1. As an endpoint administrator, click the drop-down menu by your user name (at top right). Then, select Administration
    The Administration page opens.
  2. Click the Security Groups tab, if it is not already selected.
    A list of security groups opens.
  3. Select a security group and click Delete the current security group  .
    A dialog box asks you to confirm the deletion.

Was this page helpful? Yes No Submitting... Thank you

Comments