Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Managing portal security groups for BMC Network Automation


A portal security group (PSG) is a group of users that inherit a set of restrictions and permissions. A PSG has a one-to-one mapping to a realm in BMC Network Automation. After a PSG is created in the portal and mapped to a realm, all users that are granted access to that realm in BMC Network Automation can log on to the portal with their existing BNA credentials.

The installation procedure automatically creates a portal security group for portal administration. This group is called the portal administrator group. During the installation process, you identify a realm in BMC Network Automation (typically the Default realm). Users granted access to the specified realm are automatically mapped to the portal administrator group, and those users can log on to the portal and manage the portal environment.

As an administrator, when you are connected to BMC Network Automation, you can create additional sites for BMC Server Automation even though only one site is possible for BMC Network Automation. See Managing-portal-security-groups-for-BMC-Server-Automation for more information about creating additional sites for BSA.

This topic includes the following sections:

Portal-level restrictions

Restrictions set at the portal level provide a thin layer of control that prevents members of portal security groups from accessing certain features and functions of the portal environment.

Portal-level restrictions are optional and do not supersede the underlying permissions set up in your BMC Network Automation environment. The intent of portal-level restrictions is to provide a very simple security mechanism for those organizations who have not implemented or do not require the more elaborate sets of permissions possible in BMC Server Automation or BMC Network Automation.

Currently, there is only one portal-level permission for a BNA implementation of the portal. That portal-level permission grants access to Threat Director. 

Importing realms to function as portal security groups

Before creating new portal security groups, the portal administrator can import realms and their associated users from BMC Network Automation. When you import a realm, it is automatically converted into a portal security group in the portal.

When you create a portal security group by importing a realm, the security group is is given the same name as the realm being imported.  

After performing this procedure, you can still add new portal security groups in the future. You can also repeat this procedure to allow users associated with other realms to use the portal.

To import a realm

  1. At top right, click the drop-down menu by your user name. Then, select Administration.
    The portal displays the Administration page.
  2. Click the Security Groups tab, if it is not already selected.
    A list of portal security groups opens.
  3. Click Import security groups ImportSecurityGroupsIcon.gif .
    The Import Security Groups page opens.
    ImportBNASecurityGroups.gif
  4. Using the list of BMC Network Automation realms, check the realms you want to import. 
    Click select all to select all realms in the list, or click clear to deselect all realms. 
    To search for realms by name, enter a text string in the search box and click Filter the realm names FilterIcon.gif. The portal lists only realms with names that include the string you entered.
  5. Click Import.
    The selected realms are imported into the portal and mapped to a portal security group with the same name. Users of BMC Network Automation who are granted access to a realm that you have imported are now able to log on to the portal by using their BMC Network Automation credentials.

Adding new portal security groups

In addition to importing portal security groups, you can also create new groups.

Currently, only one portal security group can be mapped to a realm in BMC Network Automation.

SecurityGroupsOverview.png

To add a new portal security group

  1. At top right, click the drop-down menu by your user name. Then, select Administration
     The portal displays the Administration page.
  2. Click the Security Groups tab, if it is not already selected.
    A list of portal security groups opens.
  3. Select the Add a new security group icon AddNewIcon.gif.
    The Create Group page opens.
    CreateBNASecurityGroup.gif
  4. Enter the following information.

    Option

    Description

    Group Name

    Name of the portal security group.

    Group Description

    Optional descriptive text for the portal security group.

    BNA Site

    The name of the BNA site. You cannot modify this option.

    BNA Realm Name

    Specifies the realm in BMC Network Automation that determines which user authorizations are assigned to this portal security group. 

    Portal Level Permission

    The Portal Level Permissions option specifies the types of operations this portal security group can perform. 

    Currently, when connected to BMC Network Automation, the only available permission is Threat Director. It lets users perform actions using the tools available in the Threat Director menu. Many of the actions that you can perform require servers to be licensed for Threat Director.

    Asset Groups

    The Asset Groups option lets you grant this portal security group access to asset groups that are defined in a vulnerability management system. 

    If you do not grant access to any asset groups, the portal security group is granted access to all assets.

    To make options available in the Asset Groups option, you must import an asset group file using Vulnerability Manager > Import or Threat Director > Import.

    Click here for a description of the full process for assigning asset groups to portal security groups.

  5. Click Create Group.
     The portal security group is created. Users of BMC Network Automation who are granted access to the realm to which this group is mapped are now able to log on to the portal by using their BMC Server Automation credentials.
    For some settings to take affect, you must log out and then log back into the portal.

Modifying portal security groups

  1. At top right, click the drop-down menu by your user name. Then, select Administration
    The portal displays the Administration page.
  2. Click the Security Groups tab, if it is not already selected.
    A list of portal security groups opens.
  3. Select a portal security group and click Edit the current security group EditIcon.gif.
    The Update Group page opens.
  4. Modify the settings for the portal security group by changing any of the following options:
    Option
    Description
    Group Name
    Name of the portal security group.
    Group Description
    Optional descriptive text for the portal security group.
    BNA Site
    The name of the BNA site. You cannot modify this option.
    BNA Realm Name
    Specifies the realm in BMC Network Automation that determines which user authorizations are assigned to this portal security group. 
    Portal Level Permission
    The Portal Level Permissions option specifies the types of operations this portal security group can perform. Currently, when connected to BMC Network Automation, the only available permission is Threat Director. It lets users perform actions using the tools available in the Threat Director menu. Many of the actions that you can perform require servers to be licensed for Threat Director.
    Asset Groups

    The Asset Groups option lets you grant this portal security group access to asset groups that are defined in a vulnerability management system. If you do not grant access to any asset groups, the portal security group is granted access to all assets.To make options available in the Asset Groups option, you must import an asset group file using Vulnerability Manager > Import or Threat Director > Import.Click here for a description of the full process for assigning asset groups to portal security groups.
  5. Click Update Group.
    For some settings to take affect, you must log out and then log back into the portal. 

Deleting portal security groups

  1. At top right, click the drop-down menu by your user name. Then, select Administration
    The portal displays the Administration page.
  2. Click the Security Groups tab, if it is not already selected.
    A list of portal security groups opens.
  3. Select a portal security group and click Delete the current security group DeleteIcon.gif .
    A dialog box asks you to confirm the deletion.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*