List of permissions
This topic describes the list of permissions available for BMC Helix Portal.
To provide full permissions to all the integrated products, enable the Full access to all the resources setting.
API users (Tenant-level)
The following table describes the permissions available for managing API users (or tenant-level access keys).
More information:
Permission | Description |
---|---|
List | Console-level access |
Allows you to list all the API users on the Users > API Users page. | |
API-level access | |
Allows you to run all the GET endpoints and the POST endpoint for searching tenant-level access keys with the List or Read permission: | |
Read | Console-level access |
Allows you to access the Users > API Users page. | |
API-level access | |
Allows you to run all the GET endpoints and the POST endpoint for searching access keys with the List or Read permission: | |
Create | Console-level access |
Allows you to create an API user (or tenant-level access key). Requires the Read and List permissions in addition to the Create permission. | |
API-level access | |
Allows you to run the POST endpoints available for creating a tenant-level access key: | |
Modify | Console-level access |
Allows you to modify an API user (or tenant-level access key). Requires the Read and List permissions in addition to the Modify permission. | |
API-level access | |
Allows you to run the PATCH endpoint available for updating a tenant-level access key: | |
Delete | Console-level access |
Allows you to delete an API user (or tenant-level access key). Requires the Read and List permissions in addition to Delete permission. | |
API-level access | |
Allows you to run the DELETE endpoint available for deleting a tenant-level access key: |
Users
The following table describes the permissions available for managing:
- Users that require console access
- API keys (or user-level access keys)
More information:
- Setting up users for console access
- User endpoints in the REST API
- Setting up user-level API keys
- Access key endpoints in the REST API
Permission | Description |
---|---|
List | Console-level access |
Allows you to list all the users on the Users page. | |
API-level access | |
Allows you to run all the GET endpoints and the POST endpoint for searching users with the List or Read permission: | |
Read | Console-level access |
Allows you to access the Users page. | |
API-level access | |
Allows you to run all the GET endpoints and the POST endpoint for searching users with the List or Read permission: | |
Create | Console-level access |
Allows you to create a user. Requires the Read and List permissions in addition to the Create permission. | |
API-level access | |
Allows you to run the POST endpoint available for creating a user: | |
Modify | Console-level access |
Allows you to modify a user. Requires the Read and List permissions in addition to the Modify permission. | |
API-level access | |
Allows you to run the PATCH endpoint available for updating a user: | |
Delete | Console-level access |
Allows you to delete a user. Requires the Read and List permissions in addition to the Delete permission. | |
API-level access | |
Allows you to run the DELETE endpoint available for deleting a user: | |
API key: List | Console-level access |
Allows you to list all the API keys on the API keys page. | |
API-level access | |
Allows you to run all the GET endpoints with the API key: List or API key: Read permission. | |
API key: Read | Console-level access |
Allows you to access the API keys page. | |
API-level access | |
Allows you to run all the GET endpoints with the API key: List or API key: Read permission. | |
API key: Create | Console-level access |
Allows you to create an API key (or user-level access key). Requires the Read and List permissions in addition to the API key: Create permission. | |
API-level access | |
Allows you to run the POST endpoints available for creating an API key: | |
API key: Modify | Console-level access |
Allows you to modify an API key (or user-level access key). Requires the Read and List permissions in addition to the API key: Modify permission. | |
API-level access | |
Allows you to run the PATCH endpoint available for modifying an API key: | |
API key: Delete | Console-level access |
Allows you to delete an API key (or user-level access key). Requires the Read and List permissions in addition to the API key: Delete permission. | |
API-level access | |
Allows you to run the DELETE endpoint available for deleting an API key: |
Permissions (general permissions for applications)
The following table describes the permissions available for viewing and getting details of permissions and resources available for the BMC Helix applications (or integrated products).
More information:
Permission | Description |
---|---|
Unrestricted access | Console-level access |
List of all the integrated products on the Home page | |
API-level access | |
Enables unrestricted access for the following endpoints: | |
List | Console-level access |
Unrestricted access | |
API-level access | |
Allows you to run the following GET endpoints with the List permission only: Allows you to run the following GET endpoint with the List or Read permission: | |
Read | Console-level access |
Unrestricted access | |
API-level access | |
Allows you to run the following GET endpoint with the List or Read permission: | |
Create | Do not use this permission. |
Modify | Do not use this permission. |
Delete | Do not use this permission. |
Roles
The following table describes the permissions available for managing roles.
More information:
Permission | Description |
---|---|
List | Console-level access |
Allows you to list all the roles on the Roles and permissions page. | |
API-level access | |
Allows you to run the following GET endpoints and the POST endpoint for searching roles with the List or Read permission: | |
Read | Console-level access |
Allows you to access the Roles and permissions page. | |
API-level access | |
Allows you to run the following GET endpoint with the Read permission only: Allows you to run the following GET endpoints and the POST endpoint for searching roles with the List or Read permission: | |
Create | Console-level access |
Allows you to create a role. Requires the Read and List permissions in addition to the Create permission. | |
API-level access | |
Allows you to run the POST endpoint available for creating a role: | |
Modify | Console-level access |
Allows you to modify a role. Requires the following permissions in addition to the Modify permission:
| |
API-level access | |
Allows you to run the following PATCH endpoint available for updating a role: | |
Allows you to run the following PATCH and PUT endpoints available for updating the user group associations in a role. Requires the User groups > Read permission in addition to the Roles > Modify permission. | |
Allows you to run the following PATCH and PUT endpoints available for updating the permission associations in a role. Requires the Applications > Read permission in addition to the Roles > Modify permission. | |
Allows you to run the following PATCH endpoint available for updating the role associations in a composite role. Requires the Applications > Read permission in addition to the Roles > Modify permission. | |
Allows you to run the following PUT endpoint available for replacing the role associations in a composite role. Requires the Roles > Read permission in addition to the Roles > Modify permission. | |
Allows you to run the following PUT and POST endpoints available for updating the user associations in a role. Requires the Users > Read permission in addition to the Roles > Modify permission. | |
Allows you to run the following POST endpoint available for updating the user mappings in roles: | |
Delete | Console-level access |
Allows you to delete a role. Requires the Read and List permissions in addition to the Delete permission. | |
API-level access | |
Allows you to run the DELETE endpoint available for deleting a role: |
User groups
The following table describes the permissions available for managing user groups.
More information:
Permission | Description |
---|---|
List | Console-level access |
Allows you to list all the user groups on the User groups page. | |
API-level access | |
Allows you to run all the GET endpoints and the POST endpoint for searching user groups with the List or Read permission: | |
Read | Console-level access |
Allows you to access the User groups page. | |
API-level access | |
Allows you to run all the GET endpoints and the POST endpoint for searching user groups with the List or Read permission: | |
Create | Console-level access |
Allows you to create a user group. Requires the Read and List permissions in addition to the Create permission. | |
API-level access | |
Allows you to run the POST endpoint available for creating a user group: | |
Modify | Console-level access |
Allows you to modify a user group. Requires the following permissions in addition to the Modify permission:
| |
API-level access | |
Allows you to run the following PATCH endpoint available for updating a user group: | |
Allows you to run the following PATCH and PUT endpoints available for updating the user associations in a group. Requires the Users > Read permission in addition to the User Groups > Modify permission. | |
Allows you to run the following POST endpoint available for updating the user mappings in groups: | |
Delete | Console-level access |
Allows you to delete a user group. Requires the Read and List permissions in addition to the Delete permission. | |
API-level access | |
Allows you to run the DELETE endpoint available for deleting a user group: |
LDAP sync agent
The following table describes the permission available for accessing the LDAP sync agent.
More information: Syncing LDAP groups and users
Permission | Description |
---|---|
Access and download | Allows you to access and download the LDAP sync agent from the Configure menu. |
Notification profiles
The following table describes the permissions available for managing notification profiles.
More information:
Permission | Description |
---|---|
List | Console-level access |
Allows you to list all the notification profiles on the Notification Profiles page. | |
API-level access | |
Allows you to run all the GET endpoints for retrieving notifications profiles with the List or Read permission: | |
Read | Console-level access |
Allows you to access the Notification Profiles page. | |
API-level access | |
Allows you to run all the GET endpoints for retrieving notifications profiles with the List or Read permission: | |
Modify | Console-level access |
Allows you to:
Requires the List and Read permissions in addition to the Modify permission. | |
API-level access | |
Allows you to run the following PATCH endpoint available for updating a notification profile: Allows you to run the following DELETE endpoint available for reverting a notification profile to its default settings: | |
Delete | Do not use this permission. |
Related permissions
The following links provide information about permissions available for the integrated products:
-
BMC Helix AIOps permissions
-
BMC Helix Automation Console permissions
-
BMC Helix Cloud Cost permissions
-
BMC Helix Cloud Security permissions
-
BMC Helix Continuous Optimization permissions
-
BMC Helix Dashboards permissions
-
BMC Helix Discovery permissions
-
BMC Helix Intelligent Automation permissions
-
BMC Helix Log Analytics permissions
-
BMC Helix Operations Management permissions
Comments
Log in or register to comment.