Authorization profiles comprise user groups, roles, and objects, which you specify or select when creating or editing the profile. You cannot create or modify these required components when creating or modifying an authorization profile.
Default authorization profiles and authorization profiles created in the BmcRealm are accessible to other tenants.
The following diagram and table describe the required components and show their relationship to an authorization profile.
A named collection of users. You can associate multiple user groups with an authorization profile. You can also associate a user group to more than one authorization profile.
For environments with multiple tenants, an authorization profile can contain user groups from multiple tenants, but each user group must contain users from a single tenant.
If an authorization profile contains only one user group and if that user group is deleted in BMC Atrium Single Sign-On, actions on the authorization profile fail. You have to edit the authorization profile to add a different user group or delete the authorization profile.
|Roles||Roles comprise collections of permissions that permit or deny a user to access features or perform actions in Operations Management product components.|
|Objects||(Optional) Administrators can choose from a list of objects present in Operations Management and then associate the selected objects with the authorization profile.|
You can create or configure the authorization profile components in any order, but you cannot create an authorization profile without them.
The following persona-based authorization profiles are created in the Presentation Server for the BmcRealm during the installation of the TrueSight Presentation Server component: