This documentation refers to a previously released version of BMC Discovery.
See the information on this topic for the latest version (11.1) or version 10.2.

Managing groups

Every user of the BMC Discovery system must be a member of one or more groups. Membership of groups defines the various BMC Discovery modules that a user is entitled to access. For example, users defined as members of the System group can create and edit user details, while members of the Public group cannot access these areas.

To log in, a user must be in a group that has security/user/passwd, appserver/login and appserver/module/home permissions. Only the following default groups have this permission—readonly, public, system, and admin. Every user must be a member of one of these groups, or a member of a custom group that has at least these permissions. For example, a user who is in only the discovery group cannot login. You should put a user who requires access to discovery commands into the discovery and public groups.

The BMC Discovery Administrator is responsible for setting up details of all user groups in the BMC Discovery system.

Each group is a collection of permissions. Permissions control granular access to BMC Discovery modules and are described in Group Permissions.

The default security groups

The default user groups and their security access rights are as follows:

  • admin—These users have the highest level of customer access to the system.
  • appmodel—These users can write and edit patterns, and create nodes to model business applications. They cannot view credentials but can run discovery (in order to test patterns).
  • discovery—These users have access to all of the discovery-related data. They can start and stop discovery, add and remove credentials, and enable or disable audit logging.
  • cmdb-export-administrator—These users have access to all of the export-related data.  They can build, modify, delete and run Exporters.
  • public—These users have read/write access to all of the system although they cannot access the discovery credentials.
  • readonly—These users have read only access to the system. They cannot view the credentials for logging into target hosts.
  • system—These users have full access to the system.
  • unlocker—These users are able to unlock and unblock user accounts which have been locked or blocked after exceeding the number of permitted authentication failures. For more information, see Managing security policies.

Listing all current groups

  1. From the main menu, click the Administration icon 
    The Administration page opens.
  2. In the Security section, click Groups.
    The Groups page lists all the current groups and allows you to edit details, delete groups, or create a new group.

To create a new group

  1. From the Groups page, click Add at the bottom of the page.
    The Add Group page is displayed. The page is arranged into functional areas, and then subdivided into columns. The arrangement of the columns from left to right is as follows:
    • Wildcard—Contains items which when checked, select a number of permissions. When you mouse over a wildcard permission, it and the permissions it applies are highlighted.
    • Read—Read permissions relating to the functional area.
    • Write—Write permissions relating to the functional area.
    • Misc—Miscellaneous permissions relating to the functional area, such as appliance reboot.
  2. In Group name, enter a name for the new group.
  3. Select the check boxes that indicate the BMC Discovery modules that members of this user group are allowed to access.
    The * wildcard matches anything, so selecting this check box will give unrestricted access to everything in the system.
  4. to save the changes, click OK.
    After the group is set up, you can add users. For more information, see Managing system users.

To amend group details

You can change a group name and the modules that group members can access. The access defined by the group membership will apply the next time users in this group log in.

  1. From the Groups page, click Edit next to the user.
    The page is redisplayed showing editable fields.
  2. Amend or overwrite the Name field.
  3. Select one or more check boxes corresponding with the BMC Discovery modules that members of this group can access.
  4. To save the changes, click OK.

To delete a group

You can delete any group provided you have created it initially. You cannot delete either the public or the system groups.

From the Groups page, click Delete next to the group to be deleted.

The group is deleted, and the system does not display any confirmation.

Group permissions

The following table lists the permissions assigned by default to each group in BMC Discovery. The individual permissions are described in System Group Permissions by Category.

Group Name

Permissions

admin

*

appmodel

admin/category/createmodify
admin/log/info
admin/log/read
reasoning/events/read
reasoning/events/write
reasoning/pattern/config
reasoning/pattern/execute
reasoning/pattern/write
reasoning/ranges/read
reasoning/ranges/write
reasoning/start
reasoning/startstop
reasoning/stop
ui/report/admin
vault/open

cmdb-export-administrator

cmdb_sync
vault/close
vault/credential_types/read
vault/credential_types/write
vault/credentials/read
vault/credentials/write
vault/open

discovery

consolidation/consolidation/write
consolidation/discovery/write
consolidation/read
discovery/credentials/test
discovery/filters/read
discovery/filters/write
discovery/kslave/read
discovery/kslave/write
discovery/options/read
discovery/options/write
discovery/platforms/read
discovery/platforms/write
discovery/port/settings
reasoning/events/read
reasoning/events/write
reasoning/pattern/config
reasoning/pattern/write
reasoning/ranges/read
reasoning/ranges/write
reasoning/start
reasoning/startstop
reasoning/stop
vault/credential_types/read
vault/credential_types/write
vault/credentials/read
vault/credentials/write
vault/open

maintenance

appliance/maintenance

public

appserver/login
appserver/module/*
model/datastore/main/read
model/datastore/main/write
model/datastore/partition/Audit/read
model/datastore/partition/Conjecture/read
model/datastore/partition/Conjecture/write
model/datastore/partition/DDD/read
model/datastore/partition/DDD/write
model/datastore/partition/Default/read
model/datastore/partition/Default/write
model/datastore/partition/Taxonomy/read
model/datastore/partition/_System/read
model/datastore/partition/_System/write
model/taxonomy/nodekind/read
model/taxonomy/relkind/read
model/taxonomy/rolekind/read
reasoning/events/read
reasoning/events/write
reasoning/status
reports/read
reports/write
security/user/passwd
ui/dashboard/admin
ui/report/admin
ui/taxonomy/admin

readonly

appserver/login
appserver/module/*
model/datastore/main/read
model/datastore/partition/Audit/read
model/datastore/partition/Conjecture/read
model/datastore/partition/DDD/read
model/datastore/partition/Default/read
model/datastore/partition/Taxonomy/read
model/datastore/partition/_System/read
model/datastore/partition/_System/write
model/taxonomy/nodekind/read
model/taxonomy/relkind/read
model/taxonomy/rolekind/read
reports/read
reasoning/status
security/user/passwd
ui/report/admin

system

*

unlocker

security/group/read
security/options/read
security/user/activate
security/user/read

System group permissions by category

The system group security permissions are shown by category in the following tables.

There are no permissions that restrict access to patterns. All logged-in users can view patterns.

Security permissions

The following table lists the current group permissions relating to the security operations.

Permission

Definition

security/group/read
security/group/write

Enables the user to view and configure group membership to a user.
security/group/read—View the user group names and the corresponding permissions.
security/group/write—View, edit, delete, and create new groups.
You can manage user groups from the Groups page of the UI.

To navigate to the page:

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Security section, click Groups.

security/https/admin

Enables the user to configure the HTTPS settings, which include:

• generating server keys and certificate signing requests
• Uploading and sign server certificates
• Uploading or downloading a CA certificate bundle
• Enabling and disabling HTTP or HTTPS web access to the appliance
You can manage the HTTPS configuration from the HTTPS Configuration page of the UI.

To navigate to the page:

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Security section, click HTTPS.
    For more information, see Configuring HTTPS settings.

security/options/read
security/options/write

Enables the user to view and configure the security options which include accounts and passwords, login page, and UI security page.
security/options/read—View the security options for the appliance.
security/options/write—Configure the security options settings for the appliance.
You can manage the options from the Security Policy page of the UI.

To navigate to the page:Click Administration.

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Security section, click Security Policy.
    For more information, see the Managing security policies page.

security/user/activate

Enables the user to unlock and reactivate accounts for other users from the Users page of the UI.

To navigate to the page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Security section, click Users.
    For more information, see Accounts and passwords.

security/user/passwd

Enables the user to change her or his own BMC Discovery password from the UI.
For more information, see changing your password.

security/user/read
security/user/write

Enables the user to view and configure the user security information related to system users, groups, security policies, HTTPS settings, LDAP, Web authentication settings, active sessions, appliance audit, and so on.
security/user/read—View the user security information.
security/user/write—Configure the user security information.
For more information, see the Managing users and security page.

security/sessions/view

Enables viewing the discovery session log file.

Credential vault permissions

BMC Discovery stores all passwords used to access customer devices in a credential vault that can be secured. The contents of the vault can be encrypted and secured using a passphrase.

The following table lists the current group permissions relating to the vault operations.

Permission

Definition

vault/open
vault/close
vault/passphrase

Enables the user to open, close, and set the passphrase for the credential vault from the Vault Management page of the UI.

To navigate to the page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Discovery section, click Vault Management.
    All three permissions are required to use the Vault Management page.

vault/credential_types/read

Enables the user to manage the following types of credentials which are based on the system to access:
• Device—To log on to hosts running a Unix, Linux OS, or Windows OS, or any SNMP enabled device such as routers and switches.
• Database—To query databases.
• Middleware—To query middleware such as web and application servers, and so on.
• Management System—For vCenter, vSphere, and mainframe credentials.
You can view and manage the credentials types from the Credentials page of the UI.

To navigate to the page, from the main menu, select Manage > Credentials. For more information, see the Credentials page.

vault/credentials/read
vault/credentials/write

Enables the user to view and manage credentials (For example, Windows proxies, vSphere credentials, and so on).
vault/credentials/read—View the credentials.
vault/credentials/write—Manage the credentials.
You can view and manage credentials from the Credentials page of the UI:

From the main menu, click Manage > Credentials. For more information, see the Credentials page.

Discovery permissions

The following table lists the current group permissions relating to the discovery operations.

Permission

Definition

discovery/options/read
discovery/options/write

Enables the user to read the discovery options. These are separate from the main system settings.

discovery/credentials/test

Enables the user to test discovery credentials. For example, from the UI, you can test

• Discovery credentials from the Credential Tests tab.
• Mainframe credentials from the Mainframe Credential Tests tab.

For more information about Discovery and Mainframe Credentials, see Testing credentials.

discovery/platforms/read
discovery/platforms/write

Enables the user to view and amend the platform discovery commands from the Discovery Platforms page.
discovery/platforms/read—View the platform discovery commands.
discovery/platforms/write—Amend the platform discovery commands.
You can view and amend the platform discovery commands from the Discovery Platforms page of the UI.

To navigate to the page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Discovery section, click Platforms.
    For more information, see Managing the discovery platform scripts.

discovery/host/access

Enables the user to query a host on the network. For more information, see Query Builder.

discovery/filters/read
discovery/filters/write

Enables the user to view and modify sensitive data filters from the Sensitive Data Filters page of the UI.

To navigate to the page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Discovery section, click Sensitive Data Filters.
    For more information, see Masking sensitive data.

discovery/kslave/read
discovery/kslave/write

Enables the user to view and modify the Windows proxies.
You can manage Windows proxies from the Windows proxy management page of the UI.

To navigate to the page:

  1. From the main menu, click Manage > Credentials.
  2. Click Windows Proxies.
    The Device Credentials page for Windows proxies (Windows proxy management page) is displayed.
    For more information, see Managing Windows proxies.

discovery/port/settings

Enables the user to configure the port settings that Discovery uses.
You can manage the port settings from the Discovery Configuration page on the UI.

To navigate to the page:

  1. From the main menu, click the Administration iconThe Administration page opens. 
  2. In the Discovery section, click Discovery Configuration.
    For more information, see port settings.

Consolidation permissions

The following table lists the current group permissions relating to configuring consolidation and scanning appliances.

Permission

Definition

consolidation/consolidation/write

Enables the user to change the configuration on the consolidation appliance (set as consolidation appliance and approve scanning appliances).
You can manage consolidation from the Discovery Consolidation page on the UI.

To navigate to the page:

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Discovery section, click Discovery Consolidation.
    For more information about consolidation, see the Consolidation page.

consolidation/discovery/write

Enables the user to add new consolidation targets to a scanning appliance from the Discovery Consolidation page on the UI.

consolidation/read

Enables the user to view the consolidation setup page from the Discovery Consolidation page on the UI.

Datastore permissions

These permissions are a subsystem of the model. The following table lists the current group permissions relating to the datastore operations.

Permission

Definition

model/datastore/main/read
model/datastore/main/write

Enables the user to read or write the datastore through the main user interface (UI).

model/datastore/partition/*/read
model/datastore/partition/*/read

Enables the user to read or write to any partition which support user interaction.
For more information, see the Partitions and history page.

model/datastore/partition/name/read
model/datastore/partition/name/write

Enables the user to read or write to the given partition. The name is one of:

• Audit
• Conjecture
• DDD
• Default
• Taxonomy
• _System
For more information, see the Partitions and history page.

model/datastore/internal/cluster

An internal permission. Do not use this.

Audit permissions

These permissions are a subsystem of the model. The following table lists the current group permissions relating to the audit operations.

Permission

Definition

model/audit/read

Enables the user to read the audit log.
Audit logs are stored in /usr/tideway/log. The files can be accessed directly from the appliance command line or in the log viewer from the UI. Logs can be downloaded from the appliance through the Support Services administration page.

model/audit/write

Enables the user to write to the audit log.

model/audit/purge

Enables the user to purge the audit log.
You can purge the audit log of all events that are over one month old (events less than one month old cannot be deleted) from the Audit Purge page.

To navigate to the Audit Purge page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Security section, click Audit.
  3. Click Purge.
    For more information, see purging audit logs .

model/audit/admin

Enables the user to administer the audit service.
You can configure the reporting on audit events from the Audit Logs page.

To navigate to the Audit Logs page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Security section, click Audit.
  3. Click Audit Logs.
    For more information, see the Auditing the appliance page.

Reasoning permissions

These permissions are a subsystem of the model. The following table lists the current group permissions relating to the reasoning operations.

Permission

Definition

reasoning/start

Enables the user to start reasoning.
You can start reasoning by using the tw_scan_control utility. For more information, see tw_scan_control.

reasoning/startstop

Enables the user to start and stop reasoning.
You can start and stop reasoning by using the tw_scan_control utility. For more information, see tw_scan_control.

reasoning/stop

Enables the user to stop reasoning.
You can stop reasoning by using the tw_scan_control utility. For more information, see tw_scan_control.

reasoning/status

Enables the user to view the reasoning status information.
You can view the reasoning status by using the The tw_reasoningstatus utility. Typically this utility is used by Customer Support as a troubleshooting tool for investigating possible problems. For more information, see tw_reasoningstatus.

reasoning/provider

An internal permission. Do not use this.

reasoning/ranges/read

Enables the user to view the Discovery Status page.
The status of the discovery process displays on the Home tab in the Discovery Status summary. This page also displays the current status of the reasoning process.
For more information, see Viewing discovery status page.

reasoning/ranges/write

Enables the user to cancel consolidations or local scans.
You can cancel consolidation or local scans from the Discovery Status page.

To navigate to the Discovery Status page:

  1. Click Discovery.
  2. Click Discovery Status.
    For more information, see Viewing discovery status.

reasoning/events/read
reasoning/events/write
reasoning/events/state

An internal permission. Do not use this.

reasoning/internal

An internal permission. Do not use this.

reasoning/pattern/config

Enables the user to configure patterns. For more information, see Pattern Configuration.

reasoning/pattern/execute

Enables the user to execute patterns. For more information, see Manual pattern execution.

reasoning/pattern/write

Enables the user to write patterns using pattern templates from the appliance.
The pattern templates can be downloaded from the Pattern Management page:

  1. Click Discovery.
  2. Click Pattern Management.
    For more information, see using pattern templates.

Search permissions

These permissions relate to listing and cancelling searches using the Search Management Page.

To navigate to the Search Management page:

  1. Click Administration.
  2. In the Model section, click Search Management.

For more information about viewing and cancelling searches, see Using the Search service.

Permission

Definition

model/search/list

Enables the user to view searches submitted by all users.

model/search/cancel

Enables the user to cancel searches submitted by all users.

Taxonomy permissions

These permissions are a subsystem of the model. The following table lists the current group permissions relating to the taxonomy operations.

Permission

Definition

model/taxonomy/nodekind/read

Enables the user to read node kind information.

model/taxonomy/nodekind/write

Enables the user to write node kind information.

model/taxonomy/relkind/read

Enables the user to read relationship kind information.

model/taxonomy/relkind/write

Enables the user to write relationship kind information.

model/taxonomy/rolekind/read

Enables the user to read role kind information.

model/taxonomy/rolekind/write

Enables the user to write role kind information.

Application server permissions

The following table lists the current group permissions relating to the application server operations.

Permission

Definition

appserver/login

Enables the user to log in to the appserver.

appserver/debug

Enables the user to debug the appserver.

appserver/module/name

Enables the user to access the given module. The name is one of the following:

• Application
• Discovery
• Home
• Infrastructure
• Reports
• Setup
• System

appserver/module/*

Enables the user to access any module.

appserver/sessionaccess

The user is allowed to see sessions.

Specific UI permissions

The following table lists the current group permissions relating to specific user interface operations.

Permission

Definition

ui/dashboard/admin

Enables the user to administer the dashboard.
You can use the tw_config_dashboards utility to configure and customize dashboards in BMC Discovery. For more information, see tw_config_dashboards.

ui/datastore/admin

Enables the user to administer the datastore.

ui/taxonomy/admin

Enables the user to administer the taxonomy.

ui/report/admin

Enables the user to access the Generic Search Query page and enter search queries.

To navigate to the Generic Search Query page:

  1. Click the Search icon to the left of the Search box at the top right of the User Interface.
    The Search Options in the drop down panel is displayed.
  2. Click the Generic Search Query link.
    For more information, see Using the Search service.
    By default, all admin users get this permission.

Appliance administration permissions

The following table lists the current group permissions relating to the appliance administration operations.

Permission

Definition

admin/category/createmodify

Enables the user to create and modify categories from the Custom Categories page.

To navigate to the Custom Categories page:

  1. From the main menu, click the Administration iconThe Administration page opens. 
  2. In the Model section, click Custom Categories.
    For more information, see Setting up standard data categories.

Appliance admin operations

 

appliance/info/read

Enables the user to view appliance information (identity, support information, read-only information about the appliance software and hardware configuration, and so on) from the Appliance Configuration page.

To navigate to the Appliance Configuration page:

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Appliance section, click Configuration.
    For more information, see Configuring appliance settings.

appliance/info/write

Enables the user to configure appliance information from the Appliance Configuration page.
To navigate to the Appliance Configuration page:

  1. Click Administration.
  2. In the Appliance section, click Configuration.
    For more information, see Configuring appliance settings.

appliance/maintenance

Enables the user to put the appliance into maintenance mode from the Appliance Control page.

To navigate to the Appliance Control page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Control.
    For more information, see Using maintenance mode.

appliance/reboot

Enables the user to reboot the appliance from the Appliance Control page.

To navigate to the Appliance Control page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Control.
    For more information, see Rebooting or shutting down the appliance.

appliance/reportsusage/reset

Enables the user to reset the report usage statistics.

appliance/restart

Enables the user to restart the appliance from the Appliance Control page.

To navigate to the Appliance Control page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Control.
    For more information, see Rebooting or shutting down the appliance.

appliance/shutdown

Enables the user to shut down the appliance from the Appliance Control page.

To navigate to the Appliance Control page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Control.
    For more information, see Rebooting or shutting down the appliance.

Baseline

 

baseline/admin

Enables the user to change the baseline configuration (such as the recipients of automatic emails, and the messages to be included) from the Appliance Baseline page.

To navigate to the Appliance Baseline page:

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Appliance section, click Baseline Status.
    For more information, see Baseline configuration.

baseline/read

Enables the user to view the baseline configuration from the Appliance Baseline page.

To navigate to the Appliance Baseline page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Baseline Status.
    For more information, see Baseline configuration.

baseline/update

Enables the user to update the baseline configuration after changes have been seen from the Appliance Baseline page.

To navigate to the Appliance Baseline page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Baseline Status.
    For more information, see Baseline configuration.

Cluster

 

cluster/file_distribution

An internal permission. Do not use this.

cluster/management

Enables the user to use cluster management operations from the Cluster Management page.

To navigate to the Cluster Management page: 

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Cluster Management.
    For more information, see Managing clusters.

cluster/monitored_operation

An internal permission. Do not use this.

Logging

 

admin/log/info

Enables the user to view log information.
As each BMC Discovery component and script runs, it outputs logging information. Logs are all stored in /usr/tideway/log.
You can access the files directly from the appliance command line or in the log viewer in the UI.

admin/log/read

Enables the user to read log files.
Logs are all stored in /usr/tideway/log.
You can access the files directly from the appliance command line or in the log viewer in the UI.

admin/log/delete

Enables the user to delete log files.
You can delete the log files from the Logs page.

To navigate to the Logs page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Logs.
    For more information, see view and delete logs .

admin/loglevel/read

Enables the user to read the appliance log level from the Logs page.

To navigate to the Logs page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Logs.
    For more information, see view log levels .

admin/loglevel/write

Enables the user to change the service log levels at runtime from the Logs page.

To navigate to the Logs page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Logs.
    For more information, see Changing log levels at runtime.

Import

 

admin/import/ciscoworks

Enables the user to import data using the CiscoWorks importer.
You can use the tw_imp_ciscoworks utility to import CiscoWorks network device data from the command line. For more information, see tw_imp_ciscoworks.

admin/import/csv

Enables the user to import CSV data from the Import CSV Data page.

To navigate to the CSV Data page:

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Model section, click CSV Import.
    For more information, see Importing CSV data.

admin/import/hrd

Enables the user to import Hardware Reference data (HRD) from the Import Hardware Reference Data page.

To navigate to the Hardware Reference Data page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Model section, click HRD Import.
    For more information, see Importing Hardware Reference Data.

Interface

 

admin/interface/read

Enables the user to view interface information from the Appliance Configuration page for network interfaces.

To navigate to the Appliance Configuration page for network interfaces:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Configuration > Network Interfaces.
    For more information, see Viewing network interface and routing settings.

admin/interface/write

This permission is not used.

Routing

 

admin/routing/read

Obsolete permission.

admin/routing/write

Obsolete permission.

DNS

 

admin/dns/read

Enables the user to read DNS information.
You can view the DNS (Name Resolution) information from the Appliance Configuration page for name resolution.

To navigate to the page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Configuration.
  3. Click Name Resolution.
    For more information, see Configuring name resolution settings.

admin/dns/write

The user is allowed to write DNS information.
You can configure the DNS (Name Resolution) information from the Appliance Configuration page for name resolution.

To navigate to the page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Configuration.
  3. Click Name Resolution.
    For more information, see Configuring name resolution settings.

Email Configuration

 

admin/mail/read

Enables the user to view email configuration information from the Appliance Configuration page for mail settings.

To navigate to the page:

  1. From the main menu, click the Administration icon 
    The Administration page opens. 
  2. In the Appliance section, click Configuration.
  3. Click Mail Settings.
    For more information, see Configuring mail settings.

admin/mail/write

Enables the user to configure the mail settings from the Appliance Configuration page for mail settings.

To navigate to the page:

  1. From the main menu, click the Administration icon.
    The Administration page opens. 
  2. In the Appliance section, click Configuration.
  3. Click Mail Settings.
    For more information, see Configuring mail settings.

System

 

system/configuration/read

Enables the user to read system configuration from the command line utilities and from the UI.

system/configuration/write

Enables the user to write system configuration from the command line utilities and from the UI.

system/settings/read

Enables the user to read system settings from the command line utilities and from the UI.

system/settings/write

Enables the user to write system settings from the command line utilities and from the UI.

The 'all' permission (*) allows the user to perform any tasks in BMC Discovery. Each user has a token which is assigned by the security system and whenever a privilege is requested by a user, the security service checks the database to see if that particular user has permission to carry out that particular task.

However, the first check that BMC Discovery carries out is to see if the user has the * permission. If the answer is yes, no further privilege checks will be carried out.

 

  • No labels

© Copyright 2003-2017 BMC Software, Inc.
Legal notices