List of permissions

This topic describes the list of permissions available for BMC Helix Portal.

To provide full permissions to all the integrated products, enable the Full access to all the resources setting.


Access keys

The following table describes the permissions available for managing access keys.

More information:

PermissionDescription
List


Console-level access

Allows you to list all the access keys on the Users and keys > Access keys page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching access keys with the List or Read permission:

GET /ims/api/v1/access_keys
GET /ims/api/v1/access_keys/{access_key}
POST /ims/api/v1/access_keys/search
Read

Console-level access

Allows you to access the Users and keys > Users page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching access keys with the List or Read permission:

GET /ims/api/v1/access_keys
GET /ims/api/v1/access_keys/{access_key}
POST /ims/api/v1/access_keys/search
Create

Console-level access

Allows you to create an access key.

Requires the Read and List permissions in addition to the Create permission.

API-level access

Allows you to run the POST endpoints available for creating an access key:

POST /ims/api/v1/access_keys
POST /ims/api/v1/access_keys/{id}/access_secret_key
Modify

Console-level access

Allows you to modify an access key.

Requires the Read and List permissions in addition to the Modify permission.

API-level access

Allows you to run the PATCH endpoint available for updating an access key:

PATCH /ims/api/v1/access_keys/{access_key}
Delete

Console-level access

Allows you to delete an access key.

Requires the Read and List permissions in addition to Delete permission.

API-level access

Allows you to run the DELETE endpoint available for deleting an access key:

DELETE /ims/api/v1/access_keys/{access_key}


Users

The following table describes the permissions available for managing:

  • Users that require console access 
  • User-level access keys)

More information:

PermissionDescription
List

Console-level access

Allows you to list all the users on the Users and keys page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching users with the List or Read permission:

GET /ims/api/v1/userinfo
GET /ims/api/v1/users
GET /ims/api/v1/users/{id}
POST /ims/api/v1/users/search
Read

Console-level access

Allows you to access the Users and keys page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching users with the List or Read permission:

GET /ims/api/v1/userinfo
GET /ims/api/v1/users
GET /ims/api/v1/users/{id}
POST /ims/api/v1/users/search
Create

Console-level access

Allows you to create a user.

Requires the Read and List permissions in addition to the Create permission.

API-level access

Allows you to run the POST endpoint available for creating a user:

POST /ims/api/v1/users
Modify

Console-level access

Allows you to modify a user.

Requires the Read and List permissions in addition to the Modify permission.

API-level access

Allows you to run the PATCH endpoint available for updating a user:

PATCH /ims/api/v1/users/{id}
Delete

Console-level access

Allows you to delete a user.

Requires the Read and List permissions in addition to the Delete permission.

API-level access

Allows you to run the DELETE endpoint available for deleting a user:

DELETE /ims/api/v1/users/{id}
User key: List

Console-level access

Allows you to list all the access keys and API keys on the Access keys page.
API-level access

Allows you to run all the GET endpoints with the User key: List or API key: Read permission.

GET /ims/api/v1/users/{user_id}/access_keys
GET /ims/api/v1/users/{user_id}/access_keys/{id}
User key: Read

Console-level access

Allows you to access the Access keys page.
API-level access

Allows you to run all the GET endpoints with the User key: List or User key: Read permission.

GET /ims/api/v1/users/{user_id}/access_keys
GET /ims/api/v1/users/{user_id}/access_keys/{id}
User key: Create

Console-level access

Allows you to create a user-level access key.

Requires the Read and List permissions in addition to the User key: Create permission.

API-level access

Allows you to run the POST endpoints available for creating an access key:

POST /ims/api/v1/users/{user_id}/access_keys
POST/ims/api/v1/users/{user_id}/access_keys/{id}/access_secret_key
User key: Modify

Console-level access

Allows you to modify an access key.

Requires the Read and List permissions in addition to the User key: Modify permission.

API-level access

Allows you to run the PATCH endpoint available for modifying an access key:

PATCH /ims/api/v1/users/{user_id}/access_keys/{id}
User key: Delete

Console-level access

Allows you to delete a user-level access key.

Requires the Read and List permissions in addition to the User key: Delete permission.

API-level access

Allows you to run the DELETE endpoint available for deleting an access key:

DELETE /ims/api/v1/users/{user_id}/access_keys/{id}


Permissions (general permissions for applications)

The following table describes the permissions available for viewing and getting details of permissions and resources available for the BMC Helix applications (or integrated products). 

More information: 

PermissionDescription
List

Console-level access

Unrestricted access
API-level access

Allows you to run the following GET endpoints with the List permission only:

GET /ims/api/v1/applications/{application_id}/resource_types/{resource_type_id}/
GET /ims/api/v1/permissions

Allows you to run the following GET endpoint with the List or Read permission:

GET /ims/api/v1/applications/{application_id}/resource_types/{resource_type_id}/
Read

Console-level access

Unrestricted access
API-level access

Allows you to run the following GET endpoint with the List or Read permission:

GET /ims/api/v1/applications/{application_id}/resource_types/{resource_type_id}/
CreateDo not use this permission.
ModifyDo not use this permission.
DeleteDo not use this permission.


Roles

The following table describes the permissions available for managing roles.

More information: 

PermissionDescription
ListConsole-level access

Allows you to list all the roles on the Roles and permissions page.

API-level access

Allows you to run the following GET endpoints and the POST endpoint for searching roles with the List or Read permission:

GET /ims/api/v1/roles
GET /ims/api/v1/roles/{id}
POST /ims/api/v1/roles/search
Read

Console-level access

Allows you to access the Roles and permissions page.
API-level access

Allows you to run the following GET endpoint with the Read permission only:

GET /ims/api/v1/roles/{id}/permissions

Allows you to run the following GET endpoints and the POST endpoint for searching roles with the List or Read permission:

GET /ims/api/v1/roles
GET /ims/api/v1/roles/{id}
POST /ims/api/v1/roles/search
Create

Console-level access

Allows you to create a role.

Requires the Read and List permissions in addition to the Create permission.

API-level access

Allows you to run the POST endpoint available for creating a role:

POST /ims/api/v1/roles
Modify

Console-level access

Allows you to modify a role.

Requires the following permissions in addition to the Modify permission:

  • To update a role: Roles: List, Read permissions
  • To update the role associations:
    • User group associations: User groups > Read permission
    • User associations: Users > Read permission
    • Application permission associations: Applications > Read permission
API-level access

Allows you to run the following PATCH endpoint available for updating a role:

PATCH /ims/api/v1/roles/{id}

Allows you to run the following PATCH and PUT endpoints available for updating the user group associations in a role.

Requires the User groups > Read permission in addition to the Roles > Modify permission.

PATCH /ims/api/v1/roles/{id}/groups
PUT /ims/api/v1/roles/{id}/groups

Allows you to run the following PATCH and PUT endpoints available for updating the permission associations in a role.

Requires the Applications > Read permission in addition to the Roles > Modify permission.

PATCH /ims/api/v1/roles/{id}/permissions
PUT /ims/api/v1/roles/{id}/permissions

Allows you to run the following PATCH endpoint available for updating the role associations in a composite role.

Requires the Applications > Read permission in addition to the Roles > Modify permission.

PATCH /ims/api/v1/roles/{id}/roles

Allows you to run the following PUT endpoint available for replacing the role associations in a composite role.

Requires the Roles > Read permission in addition to the Roles > Modify permission.

PUT /ims/api/v1/roles/{id}/roles

Allows you to run the following PUT and POST endpoints available for updating the user associations in a role.

Requires the Users > Read permission in addition to the Roles > Modify permission.

PATCH /ims/api/v1/roles/{id}/users
PUT /ims/api/v1/roles/{id}/users

Allows you to run the following POST endpoint available for updating the user mappings in roles:

POST /ims/api/v1/roles/user_mappings
Delete

Console-level access

Allows you to delete a role.

Requires the Read and List permissions in addition to the Delete permission.

API-level access

Allows you to run the DELETE endpoint available for deleting a role:

DELETE /ims/api/v1/roles/{id}


User groups

The following table describes the permissions available for managing user groups.

More information: 

PermissionDescription
List

Console-level access

Allows you to list all the user groups on the User groups page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching user groups with the List or Read permission:

GET /ims/api/v1/groups
GET /ims/api/v1/groups/{id}
POST /ims/api/v1/groups/search
Read

Console-level access

Allows you to access the User groups page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching user groups with the List or Read permission:

GET /ims/api/v1/groups
GET /ims/api/v1/groups/{id}
POST /ims/api/v1/groups/search
Create

Console-level access

Allows you to create a user group.

Requires the Read and List permissions in addition to the Create permission.

API-level access

Allows you to run the POST endpoint available for creating a user group:

POST /ims/api/v1/groups
Modify

Console-level access

Allows you to modify a user group.

Requires the following permissions in addition to the Modify permission:

  • To update a user group: User groups: List, Read permissions
  • To update the user associations in the user group: Users > Read permission
API-level access

Allows you to run the following PATCH endpoint available for updating a user group:

PATCH /ims/api/v1/groups/{id}

Allows you to run the following PATCH and PUT endpoints available for updating the user associations in a group.

Requires the Users > Read permission in addition to the User Groups > Modify permission.

PATCH /ims/api/v1/groups/{id}/users
PUT /ims/api/v1/groups/{id}/users

Allows you to run the following POST endpoint available for updating the user mappings in groups:

POST /ims/api/v1/groups/user_mappings
Delete

Console-level access

Allows you to delete a user group.

Requires the Read and List permissions in addition to the Delete permission.

API-level access

Allows you to run the DELETE endpoint available for deleting a user group:

DELETE /ims/api/v1/groups/{id}


Organizations

The following table describes the permissions available for managing organizations:

  • Users that require console access 
  • User-level access keys)

More information:

PermissionDescription
List

Console-level access

Allows you to list all the organizations on the User access > Organizations page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching organizations with the List or Read permission:

GET /ims/api/v1/organizations
GET /ims/api/v1/organizations/{id}
POST /ims/api/v1/organizations/search
Read

Console-level access

Allows you to access the User access > Organizations page.

API-level access

Allows you to run all the GET endpoints and the POST endpoint for searching organizations with the List or Read permission:

Create

Console-level access

Allows you to create an organization.

Requires the Read and List permissions in addition to the Create permission.

API-level access

Allows you to run the POST endpoint available for creating an organization:

POST /ims/api/v1/organizations
Modify

Console-level access

Allows you to modify an organization.

Requires the Read and List permissions in addition to the Modify permission.

API-level access

Allows you to run the PATCH endpoint available for updating an organization:

PATCH /ims/api/v1/organizations/{id}
Delete

Console-level access

Allows you to delete an organization.

Requires the Read and List permissions in addition to the Delete permission.

API-level access

Allows you to run the DELETE endpoint available for deleting an organization:

DELETE /ims/api/v1/organization/{id}

LDAP sync agent

The following table describes the permission available for accessing the LDAP sync agent.

More information: Syncing LDAP groups and users

PermissionDescription
Access and downloadAllows you to access and download the LDAP sync agent from the Configure menu.


Custom UI Applications

The following table describes the permissions available for managing custom applications.

More information: Making BMC Helix custom applications available from BMC Helix Portal

PermissionDescription
Modify

Allows you to update the custom application when an update is available.

Delete

Allows you to delete a custom application from the BMC Helix Portal console.

Create

Allows you to add and launch custom applications from the BMC Helix Portal console.

Audit Records

The following table describes the permissions available for managing audit records.

More information: 

PermissionDescription
Read

Allows you to view the audit logs for the activities done in BMC Helix Portal.

Notification profiles

The following table describes the permissions available for managing notification profiles.

More information: 

PermissionDescription
List

Console-level access

Allows you to list all the notification profiles on the Notification Profiles page.

API-level access

Allows you to run all the GET endpoints for retrieving notifications profiles with the List or Read permission:

GET /ans/api/v1/profiles
GET /ims/api/v1/profiles/{label}
Read

Console-level access

Allows you to access the Notification Profiles page.

API-level access

Allows you to run all the GET endpoints for retrieving notifications profiles with the List or Read permission:

GET /ans/api/v1/profiles
GET /ims/api/v1/profiles/{label}
Modify



Console-level access

Allows you to:

  • Modify a notification profile on the Notification Profiles page.
  • Revert a notification profile to its default settings when editing the profile.

Requires the List and Read permissions in addition to the Modify permission.

API-level access

Allows you to run the following PATCH endpoint available for updating a notification profile:

PATCH /ans/api/v1/profiles/{label}
Allows you to run the following DELETE endpoint available for reverting a notification profile to its default settings: 
DELETE /ans/api/v1/profiles/{label}
DeleteDo not use this permission.

Related permissions

The following links provide information about permissions available for the integrated products:

  • BMC Helix AIOps permissions Open link
  • BMC Helix Automation Console permissions Open link
  • BMC Helix Cloud Cost permissions Open link
  • BMC Helix Cloud Security permissions Open link
  • BMC Helix Continuous Optimization permissions Open link
  • BMC Helix Dashboards permissions Open link
  • BMC Helix Discovery permissions Open link
  • BMC Helix Intelligent Automation permissions Open link
  • BMC Helix Intelligent Integration permissions Open link
  • BMC Helix Log Analytics permissions Open link
  • BMC Helix Operations Management permissions Open link
  • BMC Helix ITSM Insights roles and permissions Open link
  • Incident management user roles and permissions Open link
Was this page helpful? Yes No Submitting... Thank you

Comments