Managing portal security groups for BMC Network Automation

A portal security group (PSG) is a group of users that inherit a set of restrictions and permissions. A PSG has a one-to-one mapping to a realm in BMC Network Automation. After a PSG is created in the portal and mapped to a realm, all users that are granted access to that realm in BMC Network Automation can log on to the portal with their existing BNA credentials.

The installation procedure automatically creates a portal security group for portal administration. This group is called the portal administrator group. During the installation process, you identify a realm in BMC Network Automation (typically the Default realm). Users granted access to the specified realm are automatically mapped to the portal administrator group, and those users can log on to the portal and manage the portal environment.

As an administrator, when you are connected to BMC Network Automation, you can create additional sites for BMC Server Automation even though only one site is possible for BMC Network Automation. See Managing-portal-security-groups-for-BMC-Server-Automation for more information about creating additional sites for BSA.

This topic includes the following sections:

Portal-level restrictions

Restrictions set at the portal level provide a thin layer of control that prevents members of portal security groups from accessing certain features and functions of the portal environment.

Portal-level restrictions are optional and do not supersede the underlying permissions set up in your BMC Network Automation environment. The intent of portal-level restrictions is to provide a very simple security mechanism for those organizations who have not implemented or do not require the more elaborate sets of permissions possible in BMC Server Automation or BMC Network Automation.

Currently, there is only one portal-level permission for a BNA implementation of the portal. That portal-level permission grants access to Threat Director.

Importing realms to function as portal security groups

Before creating new portal security groups, the portal administrator can import realms and their associated users from BMC Network Automation. When you import a realm, it is automatically converted into a portal security group in the portal.

When you create a portal security group by importing a realm, the security group is is given the same name as the realm being imported.

After performing this procedure, you can still add new portal security groups in the future. You can also repeat this procedure to allow users associated with other realms to use the portal.

To import a realm

At top right, click the drop-down menu by your user name. Then, select Administration.
The portal displays the Administration page.
Click the Security Groups tab, if it is not already selected.
A list of portal security groups opens.
Click Import security groups .
The Import Security Groups page opens.
Using the list of BMC Network Automation realms, check the realms you want to import.
Click select all to select all realms in the list, or click clear to deselect all realms.
To search for realms by name, enter a text string in the search box and click Filter the realm names . The portal lists only realms with names that include the string you entered.
Click Import.
The selected realms are imported into the portal and mapped to a portal security group with the same name. Users of BMC Network Automation who are granted access to a realm that you have imported are now able to log on to the portal by using their BMC Network Automation credentials.

Adding new portal security groups

In addition to importing portal security groups, you can also create new groups.

Currently, only one portal security group can be mapped to a realm in BMC Network Automation.

To add a new portal security group

At top right, click the drop-down menu by your user name. Then, select Administration.
The portal displays the Administration page.
Click the Security Groups tab, if it is not already selected.
A list of portal security groups opens.
Select the Add a new security group icon .
The Create Group page opens.

Enter the following information.

Option	Description
Group Name	Name of the portal security group.
Group Description	Optional descriptive text for the portal security group.
BNA Site	The name of the BNA site. You cannot modify this option.
BNA Realm Name	Specifies the realm in BMC Network Automation that determines which user authorizations are assigned to this portal security group.
Portal Level Permission	The Portal Level Permissions option specifies the types of operations this portal security group can perform. Currently, when connected to BMC Network Automation, the only available permission is Threat Director. It lets users perform actions using the tools available in the Threat Director menu. Many of the actions that you can perform require servers to be licensed for Threat Director.
Asset Groups	The Asset Groups option lets you grant this portal security group access to asset groups that are defined in a vulnerability management system. If you do not grant access to any asset groups, the portal security group is granted access to all assets. To make options available in the Asset Groups option, you must import an asset group file using Vulnerability Manager > Import or Threat Director > Import. Click here for a description of the full process for assigning asset groups to portal security groups.

Click Create Group.
The portal security group is created. Users of BMC Network Automation who are granted access to the realm to which this group is mapped are now able to log on to the portal by using their BMC Server Automation credentials.
For some settings to take affect, you must log out and then log back into the portal.

Modifying portal security groups

At top right, click the drop-down menu by your user name. Then, select Administration.
The portal displays the Administration page.
Click the Security Groups tab, if it is not already selected.
A list of portal security groups opens.
Select a portal security group and click Edit the current security group .
The Update Group page opens.

Modify the settings for the portal security group by changing any of the following options:

Option	Description
Group Name	Name of the portal security group.
Group Description	Optional descriptive text for the portal security group.
BNA Site	The name of the BNA site. You cannot modify this option.
BNA Realm Name	Specifies the realm in BMC Network Automation that determines which user authorizations are assigned to this portal security group.
Portal Level Permission	The Portal Level Permissions option specifies the types of operations this portal security group can perform. Currently, when connected to BMC Network Automation, the only available permission is Threat Director. It lets users perform actions using the tools available in the Threat Director menu. Many of the actions that you can perform require servers to be licensed for Threat Director.
Asset Groups	The Asset Groups option lets you grant this portal security group access to asset groups that are defined in a vulnerability management system. If you do not grant access to any asset groups, the portal security group is granted access to all assets.To make options available in the Asset Groups option, you must import an asset group file using Vulnerability Manager > Import or Threat Director > Import.Click here for a description of the full process for assigning asset groups to portal security groups.

Click Update Group.
For some settings to take affect, you must log out and then log back into the portal.

Deleting portal security groups

At top right, click the drop-down menu by your user name. Then, select Administration.
The portal displays the Administration page.
Click the Security Groups tab, if it is not already selected.
A list of portal security groups opens.
Select a portal security group and click Delete the current security group .
A dialog box asks you to confirm the deletion.