Important

   

Starting version 8.9.03, BMC Server Automation is renamed to TrueSight Server Automation. This space contains information about BMC Server Automation 8.9.02 and previous versions. For TrueSight Server Automation 8.9.03 and later releases, see TrueSight Server Automation 8.9.

How to set up a time-based ACL policy

This topic was edited by a BMC Contributor and has not been approved.  More information.

Contributor content

This topic was created by a BMC Contributor and has not been approved. More information.

The following example procedure illustrates the creation of an ACL policy (named acl-pol1) that normally has a limited set of permissions, based on role1 and authorization profile ap2. However, at certain scheduled times, the ACL policy has a more extensive set of permissions, based on role1 and authorization profile ap1.

Click the thumbnails to enlarge figures.

To set up a time-based ACL policy

  1. Create and save an authorization profile (named ap1 in this example) with a relatively extensive set of permissions that allows you to create and execute BLPackages.
  2. Create and save another authorization profile (named ap2) with a minimal set of permissions.
  3. Create and save a role (named role1) and assign both authorization profiles (ap1 and ap2) to it. Step through the wizard panes as in the following series of figures.

  4. Create a user (named rbac-user1) and assign role1 to it.
  5. Create an ACL policy (named acl-pol1). Associate it by default to role1 and ap2, and schedule a time window during which it will be associated with role1 and ap1.
    1. Define a name for the ACL policy (and optionally also a description).
    2. Click + to add the role and the default authorizations from the ap2 authorization profile.
    3. Click Add under Time Window for scheduling additional time-based authorizations.
    4. Set scheduling name, date and time as per your requirements.
    5. Click the Permissions tab and then click + to select the app1 authorization profile for this scheduled time. Click OK after selecting the app1 authorization profile and then click OK again to save your settings on the Permissions tab.
    6. Click Next and then Finish to complete the creation of the ACL policy.
  6. Apply permissions (ACL and ACL policy) on the relevant objects.

    Repeat this process for all yours items (including, for example, depot groups, job groups, and servers).
  7. Log on as BLAdmin (or switch role to BLAdmins) and push Acl-Agents on the Target Machine.

    Repeat this process for all other relevant targets.

    Related video

    The following video demonstrate the basic process.

      https://www.youtube.com/watch?v=dcvmXQivPs8&feature=youtu.be

Was this page helpful? Yes No Submitting... Thank you

Comments