Managing authorization profiles
Authorization profiles provide role-based access control by associating users who belong to one or more user groups with specific roles and objects. The default authorization profiles are created during the installation of the TrueSight Presentation Server component.By default, any user who is a member of the Administrators user group can create, edit, and delete authorization profiles.
The easiest way to edit an authorization profile is to modify one or more of its components.
For example, you might grant access permission to Central Monitoring Administration for the Event Administrator role. Any of the authorization profiles that included that role are affected by the change in permissions.
Authorization profile components
Authorization profiles comprise user groups, roles, and objects, which you specify or select when creating or editing the profile. You cannot create or modify these required components when creating or modifying an authorization profile.
Default authorization profiles and authorization profiles created in the * tenant are accessible to other tenants.
The following diagram and table describe the required components and show their relationship to an authorization profile.
A named collection of users. You can associate multiple user groups with an authorization profile. You can also associate a user group to more than one authorization profile.
For environments with multiple tenants, an authorization profile can contain user groups from multiple tenants, but each user group must contain users from a single tenant.
If an authorization profile contains only one user group and if that user group is deleted in Remedy Single Sign-On, actions on the authorization profile fail. You have to edit the authorization profile to add a different user group or delete the authorization profile.
Modified User groups
Whenever you modify the user groups from the Remedy Single Sign-On, you must edit the authorization profile and re-associate the modified user groups. If not updated, it will result in an authentication failure of all the users who are associated with the modified user groups.
|Roles||Roles comprise collections of permissions that permit or deny a user to access features or perform actions in Operations Management product components.|
|Objects||(Optional) Administrators can choose from a list of objects present in Operations Management and then associate the selected objects with the authorization profile.|
You can create or configure the authorization profile components in any order, but you cannot create an authorization profile without them.
Default authorization profiles
During the installation of TrueSight Presentation Server, the following persona-based authorization profiles are created in the TrueSight Presentation Server for the * tenant (realm):
- API-Only User
- Application Specialist–Applications
- Application Specialist–Services
- Capacity Administration
- Capacity View
- IT Operations User
- Service Manager
- Solution Administrator
- Technology Specialist
From the Authorization Profiles page in the TrueSight console, you can add new authorization profiles by accessing the action menu from the page heading. You can modify or delete an existing authorization profile by selecting its action menu.