Infrastructure Management supports a configuration item (CI)-based access control mechanism which determines users' access to resources, as well as the permissions users have to perform certain actions on accessible resources.
CI-based access control is driven by the Read Level Security (RLS) and Write Level Security (WLS) settings on CIs. A CI is accessible to a user group only when the user group name is present in either the BMC Atrium CMDB-defined or Infrastructure Management-defined RLS or WLS fields of the CI.
The final Access Control List (ACL) for a CI is the union of the BMC Atrium CMBD WLS and RLS fields, and the Infrastructure Management WLS and RLS fields. In other words, four attributes define the final ACL for a CI:
If the user group name is present in the WLS field of the CI, then the user group has write access. If the user group name is present in the RLS field of the CI, then the user group has read access. If the user group name is not present in either of these fields of the CI, then the CI is not accessible to the user group. Such a CI is accessible only to admin users or users who have access to all CIs.
Roles determine the permission users have to perform certain actions on accessible CIs. Roles are assigned to user groups, and user groups can have multiple roles. One role can be assigned to multiple user groups, giving identical permissions to different user groups.
The following diagram illustrates CI-based access control.
You can create new users, user groups, and roles. You cannot create new permissions. You can select only from a predefined list of existing permissions.