Role-based access
This topic provides an overview of authorization profiles and the components that compose them.
Overview of the RBAC process
To configure access control, you must complete the following steps:
Step | Task | Resource |
---|---|---|
1 | Set up users and user groups in Remedy Single Sign-On. | |
2 | Create or modify the components that compose an authorization profile. You can create or modify these components in any order. | |
3 | Modify the default authorization profiles or create new ones. | Managing authorization profiles |
Tenants or realms segment users in Remedy Single Sign-On and enable multitenancy support. In TrueSight Operations Management, each realm represents a tenant.
The * tenant (realm),
with default user groups and users
, is created in Remedy Single Sign-On when you install the TrueSight Presentation Server component.
For information about supported versions of BMC Remedy Single Sign-On, see System requirements for Presentation Server.
Authorization profile structure
The following diagram illustrates the basic structure of an authorization profile. Each profile is associated with one or more realms and comprises user groups, roles and permissions, and objects. You can use each default authorization profile as is, you can modify any of its elements, or you can create your own authorization profiles.
The Superadmin in the * tenant (realm) can create and modify authorization profiles and apply them to multiple tenants. Authorization profiles created by tenant administrators apply to users of that tenant. For more information about tenant user administration, see
Access control for SaaS administrators
.
See the following topics for more information about modifying and creating the required elements:
Default authorization profiles
The following persona-based authorization profiles are created in the TrueSight Presentation Server for the * tenant (realm) during the installation of the TrueSight Presentation Server component:
- API-Only User
- Application Specialist–Applications
- Application Specialist–Services
- Capacity Administration
- Capacity Planning
- Capacity View
- Cloud Cost Control
- Cloud Cost Control Consumer
- Executive
- IT Operations User
- Service Manager
- Solution Administrator
- Technology Specialist
The following table shows the user groups, roles and permissions, and objects the compose the Solution Administrator authorization profile. However, you must note the following restrictions:
- The Solution Administrator profile has unrestricted access to all realms, all features, and all objects in the TrueSight Operations Management solution.
- A non-Solution Administrator user belonging to the * (default) realm do not have an unrestricted access to objects in other realms.
Solution Administrator | ||||||
* tenant (realm) | ||||||
User Groups | Roles and Permissions | Objects | ||||
Administrators | Super Admin | All Permissions Assigned | Category | Types | Sources | Objects |
TrueSight Presentation | Monitoring Policy Configuration Types PATROL Solutions PATROL Agent ACLs Devices Event Groups Groups Applications Services Shared Dashboards (available from version 11.3.03) | TrueSight Presentation Server | All Object Access | |||
TrueSight Infrastructure | Views Monitor Groups CIs Component Folders Event Folders | Not applicable | All Object Access |
Predefined user groups and users
When you install TrueSight Presentation Server, the following out-of-the-box user groups and users are created in your Remedy Single Sign-On (SSO) server for the default * tenant. Not all out-of-the-box user groups contain out-of-the-box users. The out-of-the-box user groups have default permissions. You can enable the out-of-the-box user group and provide an out-of-the-box user group name to it. After checking the authorization profile associated with the user group, you will be permitted to login.You can enable the out-of-the-box user group and give it a name using the tssh CLI command. For more information see tssh commands.
Out-of-the-box user groups | Out-of-the-box users | Description |
---|---|---|
Administrators | admin | Out-of-the-box administrator user |
bppmws_internal | Internal user that supports:
| |
csm_user | Internal user that supports:
| |
API Group | apiuser | Internal user that supports TrueSight Capacity Optimization Integration
|
Capacity_Administration | None | |
Capacity_View | None | |
Capacity_Planning | None | |
Cloud_Cost_Control | None | |
Cloud_Cost_Control_Consumer | None | |
Central Monitoring Administrators | None | NA |
Model Administrators | service_admin | Default service model administration user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
Monitoring Administrators | event_admin | Default event administration user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
Operators | oper | Default operator user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
Supervisors | user | Default supervisor user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
Viewers | None | NA |
WS Full Access | None | NA |
After you register an App Visibility portal in the TrueSight console, a new user, App_Visibility_Internal_<tspsHostID>, is automatically added to Remedy Single Sign-On. This is an internal user with a randomly generated password and should not be changed.
For more information about default users and passwords, see
Default users and user groups
.
Default authorization profiles and menu access
The following table lists the default authorization profiles and the default
user groups
and roles that compose them. To help you determine whether the default authorization profiles meet the access requirements of your organization, the last column in the table shows the menu options available to users in each default authorization profile.
Profile | User groups | Roles | Menu access |
---|---|---|---|
Solutions Administrator | Administrators | Super Admin | Dashboards Monitoring
Configuration
Administration
|
Application Specialist–Services | Central Monitoring Administrators Monitoring Administrators Service Model Administrators Supervisors WS Full Access | Blackout Administrator Data Collection Administrator Deployment Administrator Event Administrator Event Supervisor Monitoring Administrator Service Administrator Service Supervisor Web Services Access | Dashboards Monitoring
Configuration
Administration
|
Application Specialist–Applications | Central Monitoring Administrators Monitoring Administrators Service Model Administrators Supervisors WS Full Access | Application Operator Application Supervisor Blackout Administrator Data Collection Administrator Deployment Administrator Event Administrator Event Supervisor Monitoring Administrator Service Administrator Service Supervisor Web Services Access
| Dashboards Monitoring
Configuration
Administration
|
Technology Specialist | Central Monitoring Administrators Monitoring Administrators Supervisors WS Full Access | Blackout Administrator Data Collection Administrator Deployment Administrator Event Administrator Event Supervisor Monitoring Administrator Service Supervisor Web Services Access | Dashboards Monitoring
Configuration
Administration
|
IT Operations User | Operators | Application Operator Data Collection Operator Event Operator Service Operator | Dashboards Monitoring
|
Service Manager | Central Monitoring Administrators Model Administrators Monitoring Administrators Supervisors WS Full Access | Event Administrator Service Administrator Event Supervisor Service Supervisor Data Collection Administrator Web Services Access Blackout Administrator Deployment Administrator Monitoring Administrator | Dashboards Monitoring
Configuration
Administration
|
Executive | Viewers | Read Only | Dashboards Monitoring
|
Capacity Administration | Capacity_Administration | Capacity Administrator | Dashboards Administration
|
Capacity View | Capacity_View | Capacity Operator | Dashboards Capacity Views
|
Capacity Planning | Capacity_Planning | Capacity Planner | Dashboards Capacity Views
|
Cloud Cost Control | Cloud_Cost_Control | Cloud Planner | Dashboards Cloud Cost Control |
Cloud Cost Control Consumer | Cloud_Cost_Control_Consumer | Cloud Consumer | Dashboards Cloud Cost Control |
Comments
Log in or register to comment.