Default user roles and permissions

BMC Helix Continuous Optimization uses the default user roles in BMC Helix Portal to manage access to various functionality.

Each role has default permissions that are assigned to it. You cannot edit the default user roles. You can create custom roles and assign permissions. For details, see Roles and permissions Open link .

All permissions in BMC Helix Continuous Optimization are part of the capacity_optimization application. The objects to which you want to provide permissions are grouped as Resources. The following table lists the default user roles and permissions in BMC Helix Continuous Optimization. For details about the permissions in a resource group, see Permissions available for a resource.

Role	Description	Resource and Permissions
Capacity Administrator	Users in this group have access to to all the sections in BMC Helix Continuous Optimization. They can perform all the administrative activities.	Has all the permissions in the following resource groups: capacity_optimization application: admin analysis api capacity_views migration_simulation domains events models reports time_filters whatif_simulation
Capacity Planner	Users in this group can perform all activities related to capacity planning. The users in this group have access to Views and the Workspace section. In the Administration section, they can edit and view the optimizer rules.	Has all the permissions in the following resource groups: capacity_optimization application: analysis api capacity_views migration_simulation domains events models time_filters whatif_simulation Has specific permissions in the following resource groups: admin optimizer_rule_edit optimizer_rule_read reports edit read
Capacity Operator	Users in this group can access the Views section. The users cannot perform administrative activities such as creating custom views.	Has specific permissions in the following resource groups: capacity_optimization application: analysis read capacity_views read tags_edit tags_read models read reports read whatif_simulation read
Capacity ETL Client	Users in this group can ingest data. The API user should be assigned the Capacity ETL Client role to install the Remote ETL Engine.	Has specific permissions in the following resource groups: capacity_optimization application: data_ingestion edit
Cloud Planner	Users in this group can define the on-premise cost and migration strategy, simulate the migration, and view the Views section. The users cannot perform administrative activities such as creating custom views. The Cloud Planner role is available only if you have installed Migration Simulation.	Has specific permissions in the following resource groups: capacity_optimization application: analysis read capacity_views edit read tags_edit tags_read migration_simulation edit read

If you want to create and edit Events you must explicitly provide the following permissions to the core application and the events resource. To use events, along with the default permissions, you need to provide the following permissions to the user roles. For details about the permissions in a resource group, see Permissions available for a resource.

Role	Resource and Permissions
Capacity Administrator	Has all the permissions in the following resource group: core application: events
Capacity Planner	Has all the permissions in the following resource group: core application: events
Capacity Operator	Has specific permissions in the following resource group: core application: events view
Capacity ETL Client	Has specific permissions in the following resource group: core application: events ingest
Cloud Planner	Has specific permissions in the following resource group: core application: events view

User groups in the Single Sign-On console are associated with the corresponding roles in BMC Helix Continuous Optimization.

Permissions available for a resource

The following image displays the out-of-the-box permissions in BMC Helix Continuous Optimization:

This table describes the default permissions that are available when you add a new role. All permissions in the following table are part of the capacity_optimization application. To learn how to add permissions to a role, see Setting up roles and permissions Open link .

Resource	Permissions	Description
admin	access_all_entities	Add, edit, and delete domains, systems, and business drivers.
	auth_profile_edit	Edit authorization profiles from the Administration tab.
	admin_section_edit	Edit the Data Warehouse and System sections in the Administration tab. Create, edit, or delete custom data marts.
	admin_section_read	View the Data Warehouse and System sections in the Administration tab.
	benchmarks_edit	Edit the Benchmarks data in the Administration tab.
	etls_read	View the ETL logs and ETL run history.
	general_manager_edit	Add, edit, and delete Gateway Servers and Agent Lists in the Gateway Manager section of Administration tab.
	general_manager_read	View the Gateway Servers, Agent Lists, and Manager runs.
	optimizer_rule_edit	Create, edit, or delete thresholds. View metrics and indicators for a threshold. Create, edit, or delete optimizer rules and run alerts. View alert logs in the Administration tab.
	optimizer_rule_read	View alert logs in the Administration tab. View metrics and indicators for a threshold.
	tasks_edit	Add, edit, run, and delete System Tasks and ETL tasks in the ETL & System Tasks section in the Administration tab.
	tasks_read	View System Tasks in the ETL & System Tasks section in the Administration tab.
	user_accounts_edit	Manage authorization profiles in the Administration tab.
analysis	edit	Create and edit analysis in the Workspace tab.
	read	View analysis in the Works folder.
	save_template	Create custom analysis templates. Edit and delete existing analysis templates.
api	agent_data_read	Access and view the Agent Data API. For details, see Agent Data API.
	dashboard_views_edit	Edit the Dashboard Views API.
	dashboard_views_read	Access and view the Dashboard Views API.
	data_provider_read	Access and view the Data Provider API. For details, see Data Provider API.
capacity_views	edit	View all the capacity views (out-of-the-box and custom views). Add and modify custom views.
	read	View all capacity views (out-of-the-box and custom views).
	tags_edit	Add tags to resources. Modify and delete tags that are already added to resources.
	tags_read	View tags on resources.
migration_simulation	edit	Manage the settings in Migration Simulation.
migration_simulation	read	View the budget notifications in Migration Simulation.
custom_etl	edit	Edit a custom ETL.
data_ingestion	edit	Used by the Capacity ETL Client role to ingest data.
domains	edit	Add, edit, and delete domains, systems, and business drivers.
	edit_admin_domains	Access all the systems and business driver nodes for inactive, dismissed, or newly discovered entities.
	read	View active systems and business drivers associated to one or more domains.
events	edit	Add and edit events from the Events page in the domain.
events	read	View the events from the Events page in the domain.
models	edit	Add, edit, and delete models.
models	read	View models saved in the Works folder.
reports	edit	Add, edit, and delete reports.
	global_reports_edit	View the report templates available to users.
	read	View reports saved in the Works folder.
time_filters	edit	Add, delete, copy, or move global filters in the Workspace tab.
whatif_simulation	edit	Create, edit, delete, and run a What-if simulation.
whatif_simulation	read	View the results of a What-if simulation.

The table describes the additional permissions that are required to use events. All permissions in the following table are part of the core application. To learn how to add permissions to a role, see Setting up roles and permissions Open link .

Resource	Permissions	Description
events	view	View the events from the Events page in the domain.
	operations	Controls the closing of events on the backend.
	assignee_operations	Used to move events on the backend.
	ingest	Add and edit events from the Events page in the domain.

Default user roles and permissions

Permissions available for a resource

Comments