Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

User accounts

This topic was edited by a BMC Contributor and has not been approved.  More information.

The BMC Server Automation product (formerly known as BladeLogic) creates various user accounts during component installation:

Account NameComponentPurposeTypePrivilegesDefault PasswordPassword Change ForcedPassword EncryptionNotes

BladeLogicRSCD

On a domain controller, starting with 8.5.01.005:
BladeLogicRSCDDC

Windows RSCD AgentRun RSCD service on Windows SystemsOSLog on as Batch Job

Random since 8.1.00

16 alpha-numeric and special characters

NoWindows encryption

Password can be changed using the chapw command. The password is stored in the registry using the CryptProtectData function.

If an Automation Principal is used exclusively, you can remove this user account using chapw.

If the RSCD agent is installed on a domain controller, a default password is used, because the account is shared across all domain controllers in the domain.

The password of the RSCD agent on a domain controller can be changed using the chapw command or (as of 8.5.01.005) the agentctl utility, as discussed in Changing the BladeLogicRSCD account password on domain controllers.

bladminApplication Server on Solaris and LinuxRun Application Server and spawner processesOSOwns application filesNA (locked on install)NANAAccount is created with a locked password. The Application Server init scripts run a 'su - bladmin' to drop privileges.
bladelogicOracle DatabaseAll Application Server to database communication happens as this accountDatabase

Schema owner for Bladelogic

configurable during install by dbadependent on Database password policydatabase default 
BLAdminBladeLogic ApplicationInitial Application Administrator accountApplicationFull access to all resources granted via Role. Implicit Read on all objectsnoConfigurable in application settings (blasadmin / link)non-reversible Hash stored in databaseDuring install the BLAdmin account is created and a password is set. Because BladeLogic assigns permissions via the role (RBAC) this account can be locked or disabled (as long as there are other accounts in this role) and there is nothing inherently 'special' about this account.
RBACAdminBladeLogic ApplicatoinInitial Application Security Administrator accountApplicationFull access to all RBAC objects. Implicit Read and ModifyAcls on all objectsnoConfigurable in applications settings (blasadmin / link)non-reversible Hash stored in databaseDuring install the BLAdmin account is created and a password is set. Because BladeLogic assigns permissions via the role (RBAC) this account can be locked or disabled (as long as there are other accounts in this role) and there is nothing inherently 'special' about this account.

BMC Server Automation uses various accounts during operation:

Account NameComponentPurposeTypePrivilegesDefault PasswordPassword Change ForcedPassword EncryptionNotes
rootRSCD Agent on UNIX RSCD Agent runs as this userOSrootNANANARSCD service must run as root for UPM as discussed in Impersonation and privilege mapping. Password is not stored or used by the agent.
Automation PrincipalBSA ApplicationAgent installation, Target Server Access, Active Directory User SyncOS

Log on As Batch Job

NANAAES 128 BitThe Automation Principal account is created by the user on the target server or Windows domain and the credentials are stored in the BladeLogic database and used when the application is configured to use an AP for the noted purposes.
Local server accountRSCD / UPMActions performed via BSA act as this account on the target serverOSWhatever is required to perform the desired functions via BladeLogicNANANAThe User Impersonation function is used (link) and BSA does not know the account password.
bladelogicSqlServer Database userAll Application Server to database communication happens as this accountDatabase

dbo for BladeLogic Database

configurable during install by dbadependent on Database password policydatabase default 
Application UsersBladeLogic ApplicationApplication User accountsApplicationDefined by RBAC AdministratorsnoConfigurable in applications settings (blasadmin / link)Variable - SRP, AD, etcAuthentication is available with the built-in SRP authentication type or configurable to external authentication sources such as LDAP, Active Directory, PKI, and RSA.
Was this page helpful? Yes No Submitting... Thank you

Comments