Walkthrough: Restricting permissions for a Compliance officer
This topic walks you through the process of setting up a Compliance officer, who is in charge of performing compliance analyses, and limiting permissions so that this user cannot perform other types of actions in BMC BladeLogic Server Automation (BSA). Although this process is not essential for compliance analysis, BMC always recommends that you grant users the minimum set of permissions needed to perform actions. If you do not set up a Compliance officer with a limited set of permissions, a superuser such as the BLAdmins role must perform compliance analysis.
This topic includes the following sections:
This topic is intended for system administrators who manage data center authorizations. The goal of this topic is to grant the minimum set of permissions to the role and user who performs compliance analysis.
What are roles and users?
BSA manages data center access through a system of role-based access controls (RBAC). Each role defines a set of permissions. Typically roles correspond to jobs performed in an organization, such as QA testers or application developers. A user can be assigned to one or more roles, but a user can only assume one role at a time.
What does this walkthrough show?
This walkthrough shows how to:
- Create an authorization profile, which is a collection of authorizations to perform certain tasks — in this case to perform compliance analysis.
- Create a role for a Compliance officer.
- Create a Compliance user who is assigned to the Compliance officer role and thus is granted the permissions available to the Compliance officer.
What do I need to do before I get started?
For this walkthrough, you need to log in as the RBAC administrator for BSA (typically RBACAdmin or a user with equivalent permissions)
How to restrict permissions for a Compliance officer
Create an authorization profile for compliance analysis. An authorization profile is a collection of all authorizations needed to perform all compliance analysis tasks.
Still logged on as the RBAC administrator, create a role for Compliance management. Assign the authorization profile you just created to the role.
Still logged on as the RBAC administrator, create a Compliance user. Assign this user to the role you just created.
Wrapping it up
Congratulations. You have set up a role for Compliance officers and created a Compliance user.