Consult the following topics to learn about the product.
Authentication and authorization
This topic provides a general overview of authentication and authorization and introduces 's authentication and authorization system.
- Authentication is the mechanism used to securely identify users. It relates to how users sign into .
- Authorization is the mechanism used to grant users access to components and content and control what users can do with components and content.
Authentication is the method used to securely identify users. A user is the entity signing into the system (). Authentication for does the following:
- Identifies users.
The authentication system stores information about users to identify them. A user name, login name, and password is associated with a user.
- Determines if the user attempting to sign into is a valid user who is allowed to sign into .
Authentication systems may use other entities to organize users, including the following:
- Groups are ways of combining users in a way that is meaningful to an organization.
- Organizations are ways of combining users and groups in a meaningful way. An organization might be a group of users in a company, an entire company, a consortium, society, or some other institution.
For information about the authentication options available with Platform, see Installing external Remedy SSO using the wizard. If you are upgrading from an earlier version of , refer to the appropriate upgrade section in Upgrading and the authentication information for that upgrade.
The way that you set up and use authentication varies based on the authentication option your organization uses. This wiki provides instructions for each option. Ensure that you use the instructions for your authentication type.
Authorization is the system used to control access to resources. In authorization controls access to components and content. uses a role-based access control (RBAC) to control access to components and content.
In a typical RBAC system:
- Roles are created that align with job functions or tasks typically performed by users.
- Permissions are set up to control access to resources, such as read, write, execute, delete.
- Permissions are associated with roles, which controls the roles access to resources.
- Users, groups, or organizations (whatever entities used in your authentication system) are assigned to roles, which grants users access to the resources associated with the roles when the users are logged into the system. ( 7.9 uses users and they must be assigned to roles.)
The documentation often refers to the AO_HOME directory. AO_HOME represents the directory in which you installed one of the following components on a server:
- Configuration Distribution Peer (CDP)
- High-availability CDP (HA-CDP)
- Activity Peer (AP)
- Lightweight Activity Peer (LAP)
- Development Studio
- Operator Control Panel (OCP)
AO_HOME represents the actual installation directory. For example, AO_HOME may represent the following installation directories for a CDP installation:
- Windows: C:\Program Files\BMC Software\AO\CDP
- Linux: /opt/bmc/AOP/CDP
The descriptions of the tasks and procedures required to operate an IT environment are typically maintained in a document called a runbook. Runbook automation, also called IT process automation, improves operational efficiency by automating the manual tasks in a run book. The following list includes the types of tasks that you can automate:
- Verification, diagnosis, and remediation of IT infrastructure failures
- Routine tasks, such as provisioning and decommissioning physical and virtual assets and IT services
- Synchronizing information between Service Desk and other IT management systems
- Orchestrating disaster recovery routines
- Automatically recording configuration operations with change management systems
By automating manual and repetitive IT tasks, run book automation can reduce operational costs and ensure that you remain in compliance and that your best-practice standards are met 100% of the time.
Run book automation with
implements run book automation with workflows that can automatically trigger the required IT operations with no or little human interaction.
Built on a high-availability and high-performance grid architecture, offers out-of-the-box workflows, leveraging your existing systems (monitoring, service desk, BMC Atrium Configuration Management Database, and others) to accelerate IT service execution across your enterprise.
System adapters are available out-of-the-box with Platform. These adapters are installed when you install Platform and cannot be manually configured by administrators. System adapters are not uploaded to the repository. By default, system adapters are enabled on the Grid Manager. You can see the status of the adapters on the Grid Manager. In Development Studio, you can select a system adapter in the Call adapter activity.
Unlike the application or base adapters available in Content, system adapters provide direct interface with applications with no manual configuration. By default, system adapters are enabled on all peers in your environment.
BMC provides the XPath/XSLT 2.0 system adapter for transforming XML input to the desired output. For more information, see Using XSLT/XPath 2.0.