• Spaces
  • People
  • Help
    • BMC Support Central BMC Communities BMC.com
    ×
    BMC TrueSight App Visibility Manager 10.7

      Page tree
      Skip to end of metadata
      Go to start of metadata

      Each user must be logged on through an account, and each account is identified by the configuration parameters described in this topic:

      The account policies represent the system default configuration. Users with the Security role can change the default policies.

      User names

      A user name uniquely identifies a single account, according to the account type:

      • Locally managed accounts — The user name must consist of 1 to 64 alphanumeric characters, but cannot contain the @ symbol. 
      • LDAP-managed accounts — The user name must follow the rules of the Lightweight Directory Access Protocol (LDAP) server.

      Roles

      The role associated with a user account defines the level of access that the user has to the features on this device. For example, Administrators can create accounts, but Observers cannot.

       

      User roles and access permissions

      User role

      Description

      Security

      Provides access to sensitive configurations, such as private key management, enabling and disabling the transaction capture, and configuring data confidentiality policies.

      The Security role is given to a system administrator, who could perform the following tasks:

      • Install BMC Application Diagnostics Server (Portal and Collectors), and Agents.
      • Monitor system components status.
      • Manage system configurations.
      AdministratorProvides access to all functions of the system that are not related to security. This role exists primarily for account management purposes.
      Operator

      Provides access to all features that the Administrator role has except for account management. This role exists for device and data management purposes.

      The Operator or Observer role is given to application support personnel or application developers, who could perform the following tasks:

      • Identify which application tier and components are responsible for application outages.
      • Identify which application transactions are slow or not meeting SLA.
      • Identify which application components did a specific transaction traverse.
      • Identify what is causing a slowdown in the application transaction.
      • Determine if any application servers are experiencing performance issues.
      • Identify which users are impacted by the transaction slowdowns or outages.
      Observer

      In BMC Application Diagnostics, the Observer role is the same as the Operator role.

      When integrated with BMC Real End User Experience Monitoring, the Observer role provides access to the web interface, but users with this role cannot make any configuration changes other than to save query settings. The permissions of this role are sufficient to perform day-to-day tasks.

      ExportProvides no access to the web interface and is limited to downloading data via data export APIs.
      The levels of access provided by the roles are cumulative; that is, starting from the most restricted role, access at each successive access level has the preceding level of access, as shown in the following matrix. Throughout this documentation, whenever a product feature or capability is attributed to a role, the feature or capability is also available in the higher access levels.

      Roles and access matrix

       

      Permission →


      Role ↓

      Security
      settings
      access

      Accounts
      access

      Overall
      configuration
      access

      Web
      interface
      access

      Data
      download

      Security

      Administrator

       

      Operator

       

       

      Observer

       

       

       

      Export

       

       

       

       

      Passwords

      Passwords are initially set by an Administrator and can be updated by the account owner. For security protection, users with the Security role can configure the device to force users to change their passwords the first time they log on. Users with the Security role can also configure the device to expire passwords after a specified period of account inactivity. For more information about configuring stronger access policies, see Configuring access management policies and settings on the Analyzer or Collector.

      Note

      Password expiration does not affect the Security account or access to the CLI.

      By default, the system applies simple password validation rules. The system checks such passwords only for length (minimum 6 characters).

      If your organization requires stronger passwords, the Security role can enable the strict password rule. When the strict password rule is enabled, the system prompts users who try to log on with simple passwords to change their password.

      A strict password must have:

      • Minimum of 10 characters
      • Two noncontiguous nonalphabetic characters from the following set:
        0 1 2 3 4 5 6 7 8 9 ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ' | { } ~ `

      Examples of strict passwords

      • mypassword — Invalid; does not have nonalphabetic characters
      • pas$$w#rd — Invalid; has too few characters
      • mypa$$w#rd — Valid

      A password can also contain a "space" character. All passwords are case sensitive.

      Related topics

      Adding or deleting a local account on the Analyzer and Collector

      Configuring access management policies and settings on the Analyzer or Collector

      Using LDAP authentication and authorization for the Analyzer or Collector

       

      © Copyright 2005-2019 BMC Software, Inc.