Default user roles and permissions

BMC Helix Continuous Optimization uses the default user roles in BMC Helix Portal to manage access to various functionality. 

Each role has default permissions that are assigned to it. You cannot edit the default user roles. You can create custom roles and assign permissions. For details, see  Roles and permissions Open link .


The following video (2:46) provides an overview of permissions and how to assign them to roles in BMC Helix Portal:

https://youtu.be/e6Hc8UZpPfg

All permissions in BMC Helix Continuous Optimization are part of the capacity_optimization application. The objects to which you want to provide permissions are grouped as Resources. The following table lists the default user roles and permissions in BMC Helix Continuous Optimization. For details about the permissions in a resource group, see Permissions available for a resource.

RoleDescriptionResource and Permissions
Capacity Administrator

Users in this group have access to to all the sections in BMC Helix Continuous Optimization. They can perform all the administrative activities.




Has all the permissions in the following resource groups:

capacity_optimization application:

  • admin
  • analysis
  • api
  • capacity_views
  • migration_simulation
  • domains
  • events
  • models
  • reports
  • time_filters
  • whatif_simulation
Capacity Planner

Users in this group can perform all activities related to capacity planning. The users in this group have access to Views and the Workspace section. In the Administration section, they can edit and view the optimizer rules.

Has all the permissions in the following resource groups:

capacity_optimization application:

  • analysis
  • api
  • capacity_views
  • migration_simulation
  • domains
  • events
  • models
  • time_filters
  • whatif_simulation

Has specific permissions in the following resource groups:

  • admin
    • optimizer_rule_edit
    • optimizer_rule_read
    • data_mart_edit
  • reports
    • edit
    • read
Capacity Operator

Users in this group can access the Views section. 

The users cannot perform administrative activities such as creating custom views.

Has specific permissions in the following resource groups:

capacity_optimization application:

  • admin
    • data_mart_edit
  • analysis
    • read
  • capacity_views
    • read
    • tags_edit
    • tags_read
  • models
    • read
  • reports
    • read
  • whatif_simulation
    • read
Capacity ETL Client

Users in this group can ingest data.

The API user should be assigned the Capacity ETL Client role to install the Remote ETL Engine.

Has specific permissions in the following resource groups:

capacity_optimization application:

  • data_ingestion 
    • edit
Cloud Planner

Users in this group can define the on-premise cost and migration strategy, simulate the migration, and view the Views section. 

The users cannot perform administrative activities such as creating custom views.

The Cloud Planner role is available only if you have installed Migration Simulation.

Has specific permissions in the following resource groups:

capacity_optimization application:

  • analysis
    • read
  • capacity_views
    • edit
    • read
    • tags_edit
    • tags_read
  • migration_simulation
    • edit
    • read

If you want to create and edit Events you must explicitly provide the following permissions to the core application and the events resource. To use events, along with the default permissions, you need to provide the following permissions to the user roles. For details about the permissions in a resource group, see Permissions available for a resource.

RoleResource and Permissions
Capacity Administrator

Has all the permissions in the following resource group:

core application:

  • events
Capacity Planner

Has all the permissions in the following resource group:

core application:

  • events
Capacity Operator

Has specific permissions in the following resource group:

core application:

  • events
    • view
Capacity ETL Client

Has specific permissions in the following resource group:

core application:

  • events
    • ingest
Cloud Planner

Has specific permissions in the following resource group:

core application:

  • events
    • view

User groups in the Single Sign-On console are associated with the corresponding roles in BMC Helix Continuous Optimization.

Permissions available for a resource

The following image displays the out-of-the-box permissions in BMC Helix Continuous Optimization:

This table describes the default permissions that are available when you add a new role. All permissions in the following table are part of the capacity_optimization application. To learn how to add permissions to a role, see  Setting up roles and permissions Open link .

ResourcePermissionsDescription
admin

access_all_entities

View the domains, systems, and business drivers.
auth_profile_editEdit authorization profiles from the Administration tab.
admin_section_edit
  • Edit the Data Warehouse and System sections in the Administration tab.
  • Create, edit, or delete custom data marts.
  • Edit the Export and Import ETLs API.
admin_section_read
  • View the Data Warehouse and System sections in the Administration tab.
  • Access and view the Export and Import ETLs API.
benchmarks_editEdit the Benchmarks data in the Administration tab.
data_mart_editCreate, edit, or delete data marts. 
etls_read
  • View the ETL logs and ETL run history. 
  • Access and view the Export and Import ETLs API.
general_manager_edit
general_manager_readView the Gateway Servers, Agent Lists, and Manager runs in the UI and by using the APIs. For details, see Agent Data endpoints in the REST API.
optimizer_rule_edit
  • Create, edit, or delete thresholds.
  • View metrics and indicators for a threshold.
  • Create, edit, or delete optimizer rules and run alerts.
  • View alert logs in the Administration tab.
optimizer_rule_read
  • View the Alert logs in the Optimizer section of the Administration tab.
  • View metrics and indicators for a threshold.
  • View the Rules page in the Optimizer section of the Administration tab.

tasks_edit

Add, edit, run, and delete System Tasks and ETL tasks in the ETL & System Tasks section in the Administration tab.
tasks_readView System Tasks in the ETL & System Tasks section in the Administration tab.
user_accounts_editManage authorization profiles in the Administration tab.
analysis

edit

Create and edit analysis in the Workspace tab.
readView analysis in the Works folder.
save_template
  • Create custom analysis templates.
  • Edit and delete existing analysis templates.
api

agent_data_read

Access and view the Agent Data API. For details, see Agent Data API.
dashboard_views_editEdit the Dashboard Views API.
dashboard_views_readAccess and view the Dashboard Views API.
data_provider_readAccess and view the Data Provider API. For details, see Data Provider API.
capacity_views

edit

  • View all the capacity views (out-of-the-box and custom views).
  • Add and modify custom views.
readView all capacity views (out-of-the-box and custom views).
tags_edit
  • Add tags to resources.
  • Modify and delete tags that are already added to resources.
tags_readView tags on resources.
migration_simulation

edit

Manage the settings in Migration Simulation.
readView the budget notifications in Migration Simulation.
custom_etledit
  • Edit a custom ETL.
  • Edit the Export and Import ETLs API.
data_ingestioneditUsed by the Capacity ETL Client role to ingest data.
domains

edit

Add, edit, and delete domains, systems, and business drivers.
edit_admin_domainsAccess all the systems and business driver nodes for inactive, dismissed, or newly discovered entities.
readView active systems and business drivers associated to one or more domains.
events

edit

Add and edit events from the Events page in the domain.
readView the events from the Events page in the domain.
models

edit

Add, edit, and delete models.
readView models saved in the Works folder.
reports

edit

Add, edit, and delete reports.
global_reports_editView the report templates available to users.
readView reports saved in the Works folder.
time_filters

edit

Add, delete, copy, or move global filters in the Workspace tab.
whatif_simulationeditCreate, edit, delete, and run a What-if simulation.
readView the results of a What-if simulation.

The table describes the additional permissions that are required to use events. All permissions in the following table are part of the core application. To learn how to add permissions to a role, see  Setting up roles and permissions Open link .

ResourcePermissionsDescription
events


viewView the events from the Events page in the domain.
operationsControls the closing of events on the backend. 
assignee_operationsUsed to move events on the backend. 
ingestAdd and edit events from the Events page in the domain.


Was this page helpful? Yes No Submitting... Thank you

Comments