Page tree
Skip to end of metadata
Go to start of metadata

Authorization profiles provide role-based access control by associating users who belong to one or more user groups with specific roles and objects. The default authorization profiles are created during the installation of the Presentation Server component.This topic contains the following information about authorization profiles:

By default, any user who is a member of the Administrators user group can create, edit, and delete authorization profiles. 

Tip

The easiest way to edit an authorization profile is to modify one or more of its components.

For example, you might grant access permission to Central Monitoring Administration for the Event Administrator role. Any of the authorization profiles that included that role are affected by the change in permissions.


Authorization profile tasks

From the Authorization Profiles page, you can complete the following tasks:

Create authorization profiles

Edit and delete authorization profiles

Authorization profile components

Authorization profiles comprise user groups, roles, and objects, which you specify or select when creating or editing the profile. You cannot create or modify these required components when creating or modifying an authorization profile. 

Default authorization profiles and authorization profiles created in the BmcRealm are accessible to other tenants. 

The following diagram and table describe the required components and show their relationship to an authorization profile. 

 

 

ComponentDetails
User groups

A named collection of users. You can associate multiple user groups with an authorization profile. You can also associate a user group to more than one authorization profile.

For environments with multiple tenants, an authorization profile can contain user groups from multiple tenants, but each user group must contain users from a single tenant.

If an authorization profile contains only one user group and if that user group is deleted in BMC Atrium Single Sign-On, actions on the authorization profile fail. You have to edit the authorization profile to add a different user group or delete the authorization profile.

RolesRoles comprise collections of permissions that permit or deny a user to access features or perform actions in Operations Management product components.
Objects(Optional) Administrators can choose from a list of objects present in Operations Management and then associate the selected objects with the authorization profile.

You can create or configure the authorization profile components in any order, but you cannot create an authorization profile without them.

Default authorization profiles

The following persona-based authorization profiles are created in the Presentation Server for the BmcRealm during the installation of the TrueSight Presentation Server component:

  • API-Only User
  • Application Specialist–Applications
  • Application Specialist–Services
  • Capacity Administration
  • Capacity View
  • Executive
  • IT Operations User
  • Service Manager
  • Solution Administrator
  • Technology Specialist
  • TsSaaSInternalAuthProfile

Editing options

From the Authorization Profiles page in the TrueSight console, you can add new authorization profiles by accessing the action menu from the page heading. You can modify or delete an existing authorization profile by selecting its action menu. 

Related topics

Managing users and user groups

Managing users and access control

Role-based access

Creating, editing, and deleting PATROL Agent ACLs

Unauthorized error in the console