Managing user groups
BMC products can use the group membership capabilities of the BMC Atrium Single Sign-On system to provide authorization of users as well as authentication. If a BMC product does use the group memberships of the BMC Atrium Single Sign-On system, then that product's documentation must be consulted to determine which groups to privileges mapping.
To access the Group page
BMC Atrium Single Sign-On provides predefined groups to help with the Administrator privileges that some BMC products might require. For example, the BmcSearchAdmin group provides privileges that allow a user to connect to the server to perform identity searches.
Note
Care should be exercised when assigning this group as these elevated privileges allow greater access to BMC Atrium Single Sign-On than is normally provided.
To create a new group
- On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
- Select the Groups tab.
- Click Add.
- Enter a new, unique name for the group.
- From the Available Users list, select a user, click Add.
Alternatively, click Add All to add all of the users to the group. - Click Save.
Normally, BMC products install the groups that they need managed into BMC Atrium Single Sign-On as part of their installation. However, a situation might arise in which a group might need to be created (or re-created).
To delete a group
- On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
- Select the Groups tab.
- Select the check box for the group that you want to delete.
- Click Delete.
If too many groups are visible within the Group list to efficiently find the groups that you want to delete, use the search function to filter out undesired groups. For example, by changing the search filter to "D", the group IDs that start with the letter "d" (case-insensitive) are displayed.
When you delete a group, the group is removed from BMC Atrium Single Sign-On. Users that are members of the group also have their group membership removed.
Important
Deleting groups that have been installed by other BMC products is not recommended. Doing so might cause the product to malfunction or block access to the product itself.
To assign a group membership
- On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
- Select the Groups tab.
- Select a group name.
- Select a user from the Available Users list.
- Click Add. The user is added to the Members list.
Alternatively, click Add All to add all of the users to the group. - Click Save.
Multiple users can be assigned to a group from the Group page. The membership change is immediately put into effect.
Important
Care should be exercised when adding users to a group, such as the Predefined groups, so that elevated privileges are not accidentally assigned to a user. For example, BmcSearchAdmin has privileges to perform searches and BmcAgents has privileges to read configuration information.
To remove users from a group
Users can be removed from a group from the Group page.
- On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
- Select the Groups tab.
- Select the group name.
- Select a user from the Members list and click Remove.
Alternatively, click Remove All to remove all of the users from the group. - Click Save. The membership change is immediately put into effect.
Comments
Log in or register to comment.