Using server properties to map automation principals for Windows user mapping

Typically, after you define an automation principal for Microsoft Windows user mapping, you map a role to that automation principal. In this way, when a role connects to an agent on a Windows server, the role is automatically mapped to the user defined in the automation principal.

You can also map a role to an automation principal by using a server property. By doing this, you can assign automation principals on a server-by-server basis, even while the same role is accessing those servers.

The video at right demonstrates the steps in mapping automation principals for Windows user mapping, and also shows how to verify that the automation principal is being used in connections to the agent.

  https://youtu.be/DbzgSJyUsX0

To use server properties to map automation principals

  1. Create an automation principal. Your Application Server must be configured to use an NSH Proxy in order for jobs to use the automation principal when communicating with target servers. For details on this procedure, see Creating automation principals. If your system is set up to use default permissions, you must be logged on as RBACAdmin to perform this step.
  2. Using the Property Dictionary, create a property in the Server property class. The property can be named anything. The property must be of the type Property Class, and the property must reference the property class called AutomationPrincipal.
    If your system is set up to use BMC Server Automation's default set of permissions, you must be logged on as BLAdmin to perform this step. For more information about creating properties, see Adding or modifying properties.
  3. In the Servers folder, select the servers where you want to map automation principals. On each server, right-click and select Set Property. The Set Role Property dialog box opens. (To select multiple servers, you must display them using the Group Explorer option.) Set the value of the property to the name of the automation principal you created in the first step.
    For more information about setting property values, see Changing property values for one or more system objects.
  4. Associate a role with an automation principal by mapping the role to the server property you defined in earlier in this procedure. Use the Agent ACL tab of the role definition to perform this mapping.
    For more information about mapping roles to properties, see Role - Agent ACL. If your system is set up to use default permissions, you must be logged on as RBACAdmin to perform this step.
Was this page helpful? Yes No Submitting... Thank you

Comments