Assigning object-based permissions
BMC Server Automation offers flexibility when assigning permissions to system objects.
The following topics describe aspects of object-based permissions:
- Defining permissions for a system object
- Updating permissions for one or more system objects
- Viewing an ACL summary
- Common issues while using permissions
You can define the permissions of an object when you first create it or modify those permissions later (see Defining permissions for a system object). You can also modify permissions for multiple system objects (described in Updating permissions for one or more system objects).
Using object-based permissions, you can delegate authority for managing different objects within BMC Server Automation. For example, a web administrator might be granted permission to run jobs relating to web servers while database administrators might be granted permission to run jobs relating to database servers. In the same manner, you can use permissions to define access to servers and server groups.
Assigning permissions to objects in the RBAC Manager folder is the same as assigning permissions to other system objects. Because you can grant permissions for roles, users, access control list (ACL) templates, and authorization profiles in the RBAC Manager folder, you can delegate authority for managing RBAC functionality to multiple roles.
Several mechanisms exist for granting permissions to an object, including ACL policies and maintenance windows. Because of this, it can be difficult to grasp the permissions that are granted to an object at any given time. To view a summary of all permissions granted to an object, see Viewing an ACL summary.
See Common issues while using permissions for information about common issues users encounter when defining permissions for system objects.