Adding and managing roles

A role is a set of activities that a user can perform. A user can have one or more roles, and every role is assigned one or more activity.

To manage and assign roles for user accounts from the TrueSight Capacity Optimization Console, go to Administration > Users > Roles. The Roles page shows a summary table listing the currently defined user roles, their description, and the associated LDAP groups, if applicable. From this page you can add, edit, or delete user roles.

Each user can have different activities (access rights) associated with his account. An activity can be, for example, the ability to create a new model or analysis, or the ability to configure a domain. As single users may need to perform several activities, all privileges can be aggregated into custom groups called roles.

Related topics

Configuring user authentication

Adding and managing access groups

Configuring user authentication

Security considerations for TrueSight Capacity Optimization

Available roles

User accounts may have one or more of the following roles:

administrator	The user is allowed to perform any activity on the BMC TrueSight Capacity Optimization Console.
reporter	The user is allowed to create, modify and run standard reports.
analyzer	The user is allowed to create, modify and run analyses of system performances and business drivers.
configurator	The user is allowed to configure domains and systems and business drivers.
modeler	The user is allowed to create, modify and run models.
enterprise reporter	The user is allowed to create, modify, upload and run enterprise reports.

To view details of a role

Select Administration > Users > Roles.
The Roles page shows a summary table listing the currently defined user roles, their description, and the associated Atrium SSO or LDAP groups (external names), if applicable.
Click the role name whose details you want to view.
The detail page for the selected role is displayed in the working area, listing all activities assigned to the role.

To add a role

Select Administration > Users > Roles.

In the Roles page, click Add role and enter the following information:

Field	Description
Name	Type unique name for the role.
Description	Type description for the role.
Role Assignment	Select any one: Assign this role by default to all users: To assign this role to all users on their login. Assign this role automatically to external users having external group names matching the below list: To assign this role on login to the external users that have external names matching with the names specified in the External names box. Users are assigned this role on their login. When you select this option, the External names box is enabled.
External names	If you have external authentication (Atrium SSO or LDAP), you can specify the names of Atrium SSO or LDAP groups to associate with this role, separated by a semi-colon (";").
Activities	From the list of Available activities, select one or more (Click, Ctrl+click or Click+drag) activities to associate with the role, and then click . The activities you selected are added to Selected. When you add the User accounts - Edit or User access groups - Edit to the Selected list, the User roles/access groups edit restrictions field is displayed. The User roles/access groups edit restrictions field enables you to control the creation of users based on roles and/or access groups. To control the creation of users, you can: Allow user creation/edit with any role (default):Click to toggle to Restrict user creation/edit based on the following roles, and select one or more roles (Click, Ctrl+click or Click+drag) which will be allowed to create users, and click . Allow user creation/edit with any access group (default): Click to toggle to Restrict user creation/edit based on the following access groups, and select one or more access groups (Click, Ctrl+click or Click+drag) which will be allowed to create users, and click .

Click Save.
The Activities table is displayed that lists all activities you selected, and a description for each one of them. See Out-of-the-box roles and Built-in roles and activities for more information on all available activities.
You can also Edit or Delete your current role.

To edit or delete a role

You can edit a role to change the activities associated with it, or delete a role.

To edit a role

Select Administration > Users > Roles.
The Roles page is displayed.
To edit a role, do one of the following:
- In the Roles page, click the role name that you want to edit.
- In the Roles page, click edit this role corresponding to the role you want to edit.
In the Edit role page, edit the required properties and click Save.

To delete a role

Select Administration > Users > Roles.
The Roles page is displayed.
To delete a role, do one of the following:
- In the Roles page, click the role name that you want to delete. The role is deleted.
- In the Roles page, click delete this role corresponding to the role you want to delete. Click Proceed to delete the selected role.

TOP

Out-of-the-box roles

The following table lists the out-of-the-box roles that are available in the TrueSight Capacity Optimization console:

Role	Description
ADMIN	All activities.
API-CLIENT	Provides access to Web service API.
INVESTIGATE-EDITOR	Provides access to Investigate.
REPORTS-READER	Provides read-only access to Reports.
REPORTS-EDITOR	Provides view and edit access to Reports.
RESERVATIONS-ALL	Provides view and edit access to Reservations.
TSPS_Capacity_Administration	Provides access to the Administration section of Capacity Views in TrueSight Presentation Server.
TSPS_Capacity_View	Provides access to Capacity Views in TrueSight Presentation Server.
VIEWS-READER	Provides access to Views.
VIEWS-EDITOR	Provides view and edit access to Views.
VIRTUAL PLANNING-EDITOR	Provides access to Virtual Planner.
WORKSPACE-READER	Provides access to the Workspace area in the Console.
WORKSPACE-EDITOR	Provides view and edit access to the Workspace area in the Console.

For the activities assigned to these roles, see Built-in roles and activities in BMC TrueSight Capacity Optimization.

Built-in roles and activities in TrueSight Capacity Optimization

The following table lists the built-in activities and the built-in roles to which they are assigned:

Built-in activity	Description	Assigned to built-in roles
WEB_ANALYZE	View analyses saved in the Works folder	ADMIN WORKSPACE-READER WORKSPACE-EDITOR
WEB_MODEL	View models saved in the Works folder	ADMIN WORKSPACE-READER WORKSPACE-EDITOR
WEB_CONFIGURE	View active systems and business drivers associated with one or more domains	ADMIN WORKSPACE-READER WORKSPACE-EDITOR
WEB_RM	Access the Resource Monitor node in Administration	ADMIN WORKSPACE-READER WORKSPACE-EDITOR
WEB_EVENTS	Access the Event Manager node in Administration	ADMIN WORKSPACE-READER WORKSPACE-EDITOR
WEB_MODEL_EDIT	Add, edit and delete models	ADMIN WORKSPACE-EDITOR
WEB_ANALYZE_EDIT	Add, edit and delete analyses	ADMIN WORKSPACE-EDITOR
WEB_CONFIGURE_EDIT	Add, edit and delete domains, systems and business drivers	ADMIN WORKSPACE-EDITOR
WEB_RM_EDIT	Add, edit and delete monitors and alert rules in Resource Monitor	ADMIN WORKSPACE-EDITOR
WEB_EVENTS_EDIT	Add, edit and delete event rules in Event Manager	ADMIN WORKSPACE-EDITOR
WEB_REPORT	View reports saved in Works	ADMIN REPORTS-READER REPORTS-EDITOR
WEB_REPORT_SEC	Access Reports	ADMIN REPORTS-READER REPORTS-EDITOR
WEB_REPORT_EDIT	Add, edit and delete reports	ADMIN REPORTS-EDITOR
WEB_REPORT_PUBLISH	Publish or unpublish reports	ADMIN REPORTS-EDITOR
WEB_DASHBOARD	Access the Console Views tab	ADMIN VIEWS-READER VIEWS-EDITOR
WEB_ADMIN_DASHBOARD	Have administrator privileges to views	ADMIN VIEWS-EDITOR
WEB_ADMIN_GM_VIEW	View General Manager	N/A
WEB_ADMIN_GM_EDIT	Make changes using General Manager	N/A
WEB_ADMIN_EDIT	Edit the following Administration properties: System > Configuration System > Maintenance Data warehouse Scheduler > Instances Data hub Template management	ADMIN
WEB_ADMIN_TASKS_EDIT	Edit the following Administration properties: Scheduler > Task groups Scheduler > System tasks Scheduler > ETL tasks	ADMIN
WEB_ADMIN_BENCHMARKS_EDIT	Edit the following Administration property: Benchmark management	ADMIN
WEB_ADMIN_REPORTING_EDIT	Edit the following Administration properties: Tag management > Tagging rules Advanced reporting	ADMIN
WEB_ADMIN	Access the Administration section	ADMIN
WEB_ANALYZE_TEMPLATE_EDIT	Add, edit and delete analysis templates	ADMIN
WEB_CALENDAR_EDIT	Modify the Administration calendar	ADMIN
WEB_CONFIGURE_ALL	Access the All Systems and Business Drivers node (inactive, dismissed or newly discovered entities)	ADMIN
WEB_GLOBAL_FILTER_EDIT	Allow user to add/edit global filters	N/A
WEB_ADMIN_USERS_ACGROUPS_ASSIGNABLE	Manage user access groups from the Administration section	ADMIN
WEB_ADMIN_USERS_ASSIGNABLE	Manage user accounts from the Administration section	ADMIN
WEB_ADMIN_USERS_ROLES_ASSIGNABLE	Manage user roles from the Administration section	ADMIN
API_CHARGEBACK	Access the Chargeback section	ADMIN API-CLIENT
API_DATA	Access the data section	ADMIN API-CLIENT
API_RESERVATION	Enable access to Reservation API	ADMIN
API_SEARCH	Access the search section	ADMIN API-CLIENT
API_TF_MODEL	Enable access to Time forecasting model API	ADMIN API-CLIENT
WEB_ADMIN_AUTENTICATION_EDIT	Edit the following Administration section: Authentication	ADMIN
WEB_ADMIN_ETL	Access to administration ETL	ADMIN
WEB_ADMIN_TASK	Have administration privileges to task	ADMIN
WEB_CONFIGURE	Access to Configuration tab	ADMIN
WEB_REPORT_GLOBAL_CREATOR	Access to Report Global Creator	ADMIN
WEB_VP	Access to the Virtual Planner	ADMIN

Note

Apart from roles and activities assigned by the administrator, access to items in any Works folder is also controlled by access modes configured by the owner.

TOP

Page tree