As an administrator, you can control access permissions to the BMC TrueSight IT Data Analytics (or IT Data Analytics) product based on the user roles and permissions assigned to users.
Note that you can use various options to authenticate users into IT Data Analytics. However, regardless of the method you use to authenticate users, IT Data Analytics uses the access permissions described in this topic to authorize users.
Access permissions can be of two kinds – role-based access (or feature-level access) and data-level access. The role-based access permissions and data-level access permissions together determine the actions that a user can perform related to viewing, creating, modifying, or deleting data.`
This topic contains the following information:
Related topics
Role-based access
Role-based access refers to access to various features (tabs) in the product, depending on the user role and responsibility. Thus, this kind of access is enabled at the feature-level. As an administrator, you can apply this kind of access by assigning user groups to roles.
The following roles are available in IT Data Analytics:
- Super Admin
- App Admin
- Troubleshooter
For more information about roles, see Managing roles.
The following table provides an illustration of the feature-level access permissions available to different roles. Note that the 'X' symbol in the table indicates the access permissions available to various user roles.
| Main tab | Subtab | Roles | ||
| Super Admin | App Admin | Troubleshooter | ||
| Dashboards | X | X | X | |
| Search | X | X | X | |
| Saved Searches | X | X | X | |
| Administration | Data Collectors | X | X | |
| Data Patterns | X | X | ||
| Notifications | X | X | ||
| Users* | X | |||
| User Groups* | X | |||
| Roles | X | |||
| Components | X | |||
| Credentials | X | X | ||
| Hosts | X | |||
| Content Packs | X | X (Export only access) | ||
| System Settings | X | |||
| External Configurations | X | X (View only access) | ||
| Collection Profiles | X | |||
| Settings | User Settings | X (Specific to individual user) | X (Specific to individual user) | X (Specific to individual user) |
| Change Password | X (Specific to individual user) | X (Specific to individual user) | X (Specific to individual user) | |
If you are using BMC Atrium Single Sign-On for user authentication, then the Users and user Groups pages are not available.
Data-level access
Data-level access refers to access to data emerging from particular data sources or applications.
Data-level access can be implemented by assigning user groups to data collectors. Data collectors are responsible for collecting data from various data sources and making it available for search. By assigning user groups at the time of data collector creation, you can restrict access to the data collected.
Note
Based on the data-access permissions, as a user, you can:
- Perform searches on the event data to which you have been granted access.
- See objects shared with you via saved searches.
This kind of access control is useful when you want to restrict access to application data based on user roles or based on users with certain attributes. You can group users with similar attributes by adding them to a common user group. After doing this, you can use that user group for assigning access permissions to particular application data (or data emerging from particular data sources).
For the data-level access permissions to be applied:
- The user must be a part of the appropriate user group.
- The Enable Data Access Control check box must be selected on the Administration > System Settings page.
For more information about creating data collectors, see Creating data collectors.
Where to go from here
To configure the product for data collection, see Managing data collectors.
To configure user authorization, see Managing user authentication.
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks
2 Comments
Niyati Shah
Priyanka Nanwani