This version of the documentation is not fully supported. However, the documentation is available for your convenience. You will not be able to leave comments.

See information on this topic in the latest version (11.3.01) or versions 11.0, 10.7, and 10.5.

Role-based access (RBAC) to the features and components comprised in TrueSight Operations Management is enabled by persona-based authorization profiles. Each authorization profile is associated with one or more BMC Atrium Single Sign-On realms and comprises user groups, roles and permissions, and objects. Collectively, the authorization profile components determine the features and objects that users can access and monitor. You can use each default authorization profile as is, you can modify its attributes, or you can create your own authorization profiles. 

This topic provides an overview of authorization profiles and the components that compose them.

Overview of the RBAC process

To configure access control, you must complete the following steps:

StepTaskResource
1Set up users and user groups in BMC Atrium Single Sign-On.

Managing users and user groups

2Create or modify the components that compose an authorization profile. You can create or modify these components in any order.

Managing roles

Specifying objects

Creating, editing, and deleting PATROL Agent ACLs

3Modify the default authorization profiles or create new ones.Managing authorization profiles

Realms and tenants

Realms segment users in BMC Atrium Single Sign-On and enable multitenancy support. In Operations Management, each realm represents a tenant.

The BmcRealm, with default user groups and users, is created in BMC Atrium Single Sign-On when you install the Presentation Server component.

For information about supported versions of BMC Atrium Single Sign-On, see Presentation Server system requirements.

Authorization profile structure

The following diagram illustrates the basic structure of an authorization profile. Each profile is associated with one or more realms and comprises user groups, roles and permissions, and objects. You can use each default authorization profile as is, you can modify any of its elements, or you can create your own authorization profiles. 

The Superadmin in the BmcRealm can create and modify authorization profiles and apply them to multiple tenants. Authorization profiles created by tenant administrators apply to users of that tenant, and users from one tenant cannot access data from another. For more information about tenant user administration, see Access control for SaaS administrators.

Authorization Profile components
When creating an authorization profile, you must already know the user groups, roles, and objects required for the new profile. You cannot create or modify components during the creation of the authorization profile. 

See the following topics for more information about modifying and creating the required elements:

Default authorization profiles

The following persona-based authorization profiles are created in the Presentation Server for the BmcRealm during the installation of the TrueSight Presentation Server component:

  • Solution Administrator
  • Technology Specialist
  • Application Specialist–Applications
  • Application Specialist–Services
  • Service Manager
  • IT Operations User
  • Executive
Solution Administrator profile
By default, users in the Solution Administrator profile are associated with the roles, permissions, and objects that enable those users to access all features in the products, including the ability to modify and create authorization profiles. 

The Solution Administrator profile has unrestricted access to all realms and all features and objects in the Operations Management solution. The following table shows the user groups, roles and permissions, and objects the compose the Solution Administrator authorization profile. 

Solution Administrator
BmcRealm
User GroupsRoles and PermissionsObjects
Administrators



Super Admin



All Permissions Assigned



CategoryTypesSourcesObjects
TrueSight Presentation

Monitoring Policy Configuration Types

PATROL Solutions

PATROL Agent ACLs

Devices

Groups

Applications

TrueSight Presentation ServerAll Object Access
TrueSight Infrastructure

Views

Monitor Groups

CIs

Component Folders

Event Folders

Not applicableAll Object Access

Predefined user groups and users

When you install BMC TrueSight Presentation Server, the following default user groups and users are created in your BMC Atrium SSO server for the default BmcRealm tenant. Not all default user groups contain default users. 

Default user groupsDefault users
Administratorsadmin 
bppmws_internal 
csm_user
Central Monitoring AdministratorsNone
Model Administratorsservice_admin
Monitoring Administratorsevent_admin
Operatorsoper
Supervisorsuser
ViewersNone
WS Full AccessNone

For more information about default users and passwords, see Default users and user groups.

Default authorization profiles and menu access

The following table lists the default authorization profiles and the default user groups and roles that compose them. To help you determine whether the default authorization profiles meet the access requirements of your organization, the last column in the table shows the menu options available to users in each default authorization profile. 

ProfileUser groupsRolesMenu access
Solutions AdministratorAdministratorsSuper Admin

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups

Configuration

  • Applications
  • Groups
  • Synthetic Scripts
  • Application Discovery

Administration

  • Components
  • Authorization Profiles
  • Integrations
  • PATROL Agent ACLs
  • Roles
  • User Accounts
  • App Visibility Agents
  • App Visibility Agent Policies

Central Monitoring Administration

Application Specialist–Services

Central Monitoring Administrators

Monitoring Administrators 

Service Model Administrators

Supervisors 

WS Full Access 

Blackout Administrator 

Data Collection Administrator

Deployment Administrator 

Event Administrator 

Event Supervisor 

Monitoring Administrator

Service Administrator 

Service Supervisor 

Web Services Access 


Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups

Configuration

  • Applications
  • Groups
  • Synthetic Scripts
  • Application Discovery

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies

Central Monitoring Administration

Application Specialist–Applications

Central Monitoring Administrators

Monitoring Administrators 

Service Model Administrators  

Supervisors  

WS Full Access  

 

Application Operator 

Application Supervisor 

Blackout Administrator 

Data Collection Administrator

Deployment Administrator 

Event Administrator 

Event Supervisor  

Monitoring Administrator

Service Administrator 

Service Supervisor  

Web Services Access  

 

 

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups

Configuration

  • Applications
  • Groups
  • Synthetic Scripts
  • Application Discovery

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies

Central Monitoring Administration

Technology Specialist

Central Monitoring Administrators

Monitoring Administrators 

Supervisors 

WS Full Access 

Blackout Administrator 

Data Collection Administrator

Deployment Administrator 

Event Administrator 

Event Supervisor 

Monitoring Administrator

Service Supervisor 

Web Services Access 

 

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups

Configuration

  • Applications
  • Groups
  • Synthetic Scripts
  • Application Discovery

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies

Central Monitoring Administration

IT Operations UserOperators

Application Operator

Data Collection Operator 

Event Operator 

Service Operator

Dashboards

Monitoring

  • Devices
  • Events
  • Groups
Service Manager

Central Monitoring Administrators

Model Administrators

Monitoring Administrators 

Supervisors 

WS Full Access 

 

Event Administrator 

Service Administrator 

Event Supervisor 

Service Supervisor 

Data Collection Administrator 

Web Services Access 

Blackout Administrator 

Deployment Administrator 

Monitoring Administrator

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups

Configuration

  • Applications
  • Groups
  • Synthetic Scripts
  • Application Discovery

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies

Central Monitoring Administration

ExecutiveViewersRead Only

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups
Was this page helpful? Yes No Submitting... Thank you
© Copyright 2013-2016 BMC Software, Inc.
© Copyright 2013-2016 BladeLogic, Inc.
Legal notices