Date: Thu, 28 Mar 2024 05:02:54 -0500 (CDT) Message-ID: <1314164365.24724.1711620174486@bmc1-rhel-confprod1.managed.contegix.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_24723_498045066.1711620174485" ------=_Part_24723_498045066.1711620174485 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A SaaS administrator is one who is employed by a subscribing customer of= a service provider. The extent to which the SaaS administrator handles acc= ess control depends on the contractual relationship between the two compani= es. This topic describes two different scenarios for SaaS administrators. I= n both scenarios, Calbro represents the service provider company = and Acme represents its SaaS subscriber.
Although tenant users can be assigned to the default authorization profi= les, SaaS administrators cannot modify them or the components that they com= prise. However, SaaS administrators can create authorization profiles for t= heir users.
In this scenario, Calbro maintains the users and user groups for Acme. A= ccess to features and objects is controlled by authorization profiles in th= e BmcRealm.
Acme's tenant administrator can view Acme's users and user groups from User Accounts= in the TrueSight Operations Management console. However to edit or de= lete the users and user groups, the Acme administrator must approach the BM= C Atrium Single Sign-On administrator at Calbro and request the changes.&nb= sp;
Because BmcRealm authorization profiles apply across all tena= nts, the authorization profiles maintained by the service provider are also= available for use by Acme.
In this scenario, tenant administrators do not normally have acces= s to the BMC Atrium Single Sign-On that contains the SaaS users.
In this scenario, Calbro creates a new tenant in BMC Atrium Single Sign-= On. If Acme uses LDAP, then Calbro's administrator configures the LDAP inte= gration for Acme in BMC Atrium Single Sign-On. Acme's administrator maintai= ns the LDAP server for Acme users.
Because Acme's administrator is a member of the BmcTenantAdmin group, he= can access Administration menu options and create roles and authorization = profiles for his users. These authorization profiles are not accessibl= e by any users or administrators in other tenants.
|
Following the preliminary onboarding activities required to set up a ten= ant, the tenant administrator performs administrative tasks similar to thos= e of the on-premises administrator.
To get started with role-based access management, refer to the following= topics: