Page tree

Unsupported content


This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

A SaaS administrator is one who is employed by a subscribing customer of a service provider. The extent to which the SaaS administrator handles access control depends on the contractual relationship between the two companies. This topic describes two different scenarios for SaaS administrators. In both scenarios, Calbro represents the service provider company and Acme represents its SaaS subscriber.

Authorization profiles and SaaS administrators

Although tenant users can be assigned to the default authorization profiles, SaaS administrators cannot modify them or the components that they comprise. However, SaaS administrators can create authorization profiles for their users.

Access control maintained by service provider administrator

In this scenario, Calbro maintains the users and user groups for Acme. Access to features and objects is controlled by authorization profiles in the BmcRealm. 

Acme's tenant administrator can view Acme's users and user groups from User Accounts in the TrueSight Operations Management console. However to edit or delete the users and user groups, the Acme administrator must approach the BMC Atrium Single Sign-On administrator at Calbro and request the changes. 

Because BmcRealm authorization profiles apply across all tenants, the authorization profiles maintained by the service provider are also available for use by Acme.

Access control set by Service Provider

In this scenario, tenant administrators do not normally have access to the BMC Atrium Single Sign-On that contains the SaaS users. 

Access control shared by SaaS and service provider administrators

In this scenario, Calbro creates a new tenant in BMC Atrium Single Sign-On. If Acme uses LDAP, then Calbro's administrator configures the LDAP integration for Acme in BMC Atrium Single Sign-On. Acme's administrator maintains the LDAP server for Acme users.

Because Acme's administrator is a member of the BmcTenantAdmin group, he can access Administration menu options and create roles and authorization profiles for his users. These authorization profiles are not accessible by any users or administrators in other tenants.


SaaS administrator responsible for user access

Following the preliminary onboarding activities required to set up a tenant, the tenant administrator performs administrative tasks similar to those of the on-premises administrator. 

To get started with role-based access management, refer to the following topics: