×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Server Automation 8.2 ... Configuring after installation Administering security Managing access

Limiting access through components

This topic was edited by a BMC Contributor and has not been approved.  More information.

While the configuring of roles, object permissions, and agent ACLs provide a BMC Server Automation administrator many ways to limit access to a server, there are times when these tools do not provide the right amount of flexibility for granting server access. Using components, an administrator can grant end users access to specific server objects, while maintaining agent-side Administrator or root mapping. The following steps describe how to grant access to a server through the use of a component template.

Before you begin

Create a component template that includes the parts to which you want to limit access. Using that component template, create components for each server where you want to provide limited access.

Granting access to a server through the use of a Component Template

Below is an example component template with several parts defined. Note the objects listed in the Browse tab, as these will be the objects shown when someone browses any components for this component template. Refine the list as necessary.


Note

Includes or excludes do not take effect when the end user is using the live browse section of any components created by this template.

  1. For each component, grant <ROLE> Component.Read and <ROLE> Component.Browse permissions where <ROLE> is the role that should have limited server access through the component. Similarly, grant permission for any other actions that you would like the role to perform using the component.

  2. For each server where you have created a component, add <ROLE> Server.Read permissions to ensure that ACLs are created on the target server to allow browse access. Ensure that the role only has Read access and not Browse access.
  3. Push ACLs to the servers where the new component has been discovered.
  4. Log in as a user who is a member of the role with limited access.

  5. Using the Components or Component Templates folder, locate and browse the component with limited access.


    Note that when you browse the server where you limited browse access, you can only see the components.


    Also note that this user can now perform only certain actions against this server, and can only see certain portions of the file system and a limited number of server objects.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Yechezkel Schatz on Jan 30, 2013
rbac component_template component howto permissions access promotion_ready bmc_contributor contributor_unapproved

Comments

Log in or register to comment.

Authorization overview
How to deny NSH access
© Copyright 2017 BMC Software, Inc. © Copyright 2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.