• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight Operations Management 10.0

    Page tree

    Unsupported content

     

    This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

    A SaaS administrator is one who is employed by a subscribing customer of a service provider. The extent to which the SaaS administrator handles access control depends on the contractual relationship between the two companies. This topic describes two different scenarios for SaaS administrators. In both scenarios, Calbro represents the service provider company and Acme represents its SaaS subscriber.

    Authorization profiles and SaaS administrators

    Although tenant users can be assigned to the default authorization profiles, SaaS administrators cannot modify them or the components that they comprise. However, SaaS administrators can create authorization profiles for their users.

    Access control maintained by service provider administrator

    In this scenario, Calbro maintains the users and user groups for Acme. Access to features and objects is controlled by authorization profiles in the BmcRealm. 

    Acme's tenant administrator can view Acme's users and user groups from User Accounts in the TrueSight Operations Management console. However to edit or delete the users and user groups, the Acme administrator must approach the BMC Atrium Single Sign-On administrator at Calbro and request the changes. 

    Because BmcRealm authorization profiles apply across all tenants, the authorization profiles maintained by the service provider are also available for use by Acme.

    Access control set by Service Provider

    In this scenario, tenant administrators do not normally have access to the BMC Atrium Single Sign-On that contains the SaaS users. 

    Access control shared by SaaS and service provider administrators

    In this scenario, Calbro creates a new tenant in BMC Atrium Single Sign-On. If Acme uses LDAP, then Calbro's administrator configures the LDAP integration for Acme in BMC Atrium Single Sign-On. Acme's administrator maintains the LDAP server for Acme users.

    Because Acme's administrator is a member of the BmcTenantAdmin group, he can access Administration menu options and create roles and authorization profiles for his users. These authorization profiles are not accessible by any users or administrators in other tenants.

    SaasScenario2

    SaaS administrator responsible for user access

    Following the preliminary onboarding activities required to set up a tenant, the tenant administrator performs administrative tasks similar to those of the on-premises administrator. 

    To get started with role-based access management, refer to the following topics: 

    Related topics

    Access control for administrators of service providers

    BMC TrueSight Operations Management service provider and tenant deployment

    2 Comments

    1. Melody Locke

       

      1. Melody Locke

         

    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.