Managing permissions in TrueSight Orchestration
uses role-based authentication system (RBAC). Access to the product is based on groups or roles rather than individual users.
Platform uses BMC Remedy Single Sign-On (Remedy SSO or RSSO) as an authentication system. Groups or roles are added in Remedy SSO and by using the same group names, administrators control the permissions to be provided for accessing the components and the modules and workflows in the product.
You must ensure that the groups created in the repository or the grid match the groups or roles in Remedy SSO. Administrators manually create groups in the repository and the grid.
Permissions are controlled via two areas in :
- You manage permissions to the grid through the Grid Manager.
For example, using the grid permissions, you can choose whether users belonging to a particular group can access the Grid Administration tab.
- You manage permissions to the repository and repository content through the Repository Manager.
For example, if you want to restrict a group from accessing the repository, update the permissions for that group in the Repository Manager.
When you install TrueSight Orchestration Platform, two default groups – AoAdmin and Default are created in the repository and the grid. A default user – aoadmin is assigned to the AoAdmin group in Remedy SSO.
BMC recommends that you not associate any other users with the AoAdmin role. If you accidentally remove all the permissions, use this role to unlock the grid. For default credentials, see Accessing and navigating the Grid Manager.
If a user is associated with more than one role, the user is granted the most permissive permissions. If a user is not associated with a role, that user is automatically assigned to the Default group and is granted the permissions assigned to the group.