Configuring user roles and access groups
As a helix admin, you can manage roles and access groups in the Helix Capacity Optimization Console.
A role is a set of activities that a user can perform. A user can have one or more roles, and every role is assigned one or more activity. Each user can have different activities (access rights) associated with the user account. For example, an activity can be the ability to create a new model or analysis, or the ability to configure a domain. A single user might need to perform several activities. Therefore, all privileges can be aggregated into custom groups called roles.
You can enable access control to specific entities, such as domains, report groups, views, and view groups, by using access groups.
Managing roles
To manage and assign roles for user accounts, from the Helix Capacity Optimization Console, go to Administration > Users > Roles. The Roles page shows a summary table listing the currently defined user roles, their description, and the associated external names. From this page you can add, edit, or delete user roles. You can also use this page to generate an API key that allows you the programmatic access to the BMC Helix Capacity Optimization functionalities. For details, see Generating an API key for programmatic access.
Adding a role
On the Administration > Users > Roles page, click Add role, and do the following:
Specify a unique name and an optional description for the role.
Select one of the role assignments:
- Assign this role by default to all users on their login.
- Assign this role automatically to external users having external group names matching the list. In the External names box, specify the names of external users or user groups. For example, user groups created in the Helix Single Sign-On Server.
From the list of Available activities, select one or more activities to associate with the role, and then click >>.
When you select the User accounts - Edit or User access groups - Edit activities, the User roles/access groups edit restrictions field is displayed. The options in this field enables you to toggle between allowing and restricting the creation of users based on roles and/or access groups as follows.
- Click Save.
Editing a role
On the Administration > Users > Roles page, do one of the following:
- Click the role name that you want to edit, modify the required properties and click Save.
- Click edit this role corresponding to the role you want to edit, modify the required properties and click Save.
Deleting a role
On the Administration > Users > Roles page, do one of the following:
- Click the role name that you want to delete. The role is deleted.
- Click delete this role corresponding to the role you want to delete. Click Proceed to delete the selected role.
Managing access groups
Use the Access groups page in the Helix Capacity Optimization Console to add or delete access groups, view a summary of the currently defined access groups, and to assign access groups to user accounts. From this page, you can configure an access group for domains, report groups, task groups, or cost pools.
To configure an access group for views or view groups, use the Capacity Views page in the Helix Capacity Optimization Dashboard. For more information, see Editing and deleting views.
Adding a new access group
On the Administration > Users > Access groups page, click Add access group, and do the following:
Specify a unique name and an optional description for the access group.
- For access group assignment, select one of the following:
- Assign this access group by default to all users on their login.
- Assign this access group automatically to external users having external group names matching the list. In the External names box, specify the names of external users or user groups to associate with this access group, separated by a semi-colon (";"). For instance, if you specify BMC external users as the external name for an access group, all external users that have external name mapping to BMC external users will be automatically assigned the corresponding access group on logging in to BMC Helix Capacity Optimization.
- Click Save.
Configuring an access group
To configure an access group, follow these steps:
- Click the access group name in the Access groups table.
On the Visible Entities table, click Edit, and select Edit domains, Edit report groups, Edit task groups, or Edit cost pools.
The Edit cost pools option is available only if Cloud Cost Control is installed and at least one cost pool is created.- Depending on the element selection in the previous step, select the specific element values.
- (Only for report groups) Select the Recurse on contained report groups check box if you want to import all the contained domains or report groups respectively.
- Click Save.
Editing or deleting an access group
When editing an access group, you can delete single items or groups. Deleting a group also removes all its descendants. Similarly, if you create a sub-domain under one of the domains allowed by an access group, all members of the group will be able to access it.
- Click an access group to edit or delete from the Access groups table. Alternately, you can also click the buttons to perform these actions directly.
The detail page for the selected access group is displayed in the working area, listing all activities associated with the account. - Click Edit or Delete.
For Edit, the Edit access group page is displayed. Make changes, and click Save.
Clicking Delete will present a confirmation and information (only if you click the buttons directly) box. Click Proceed to delete the selected access group.
Comments
Log in or register to comment.