Access control for SaaS administrators
A SaaS administrator is one who is employed by a subscribing customer of a service provider. The extent to which the SaaS administrator handles access control depends on the contractual relationship between the two companies. This topic describes two different scenarios for SaaS administrators. In both scenarios, Calbro represents the service provider company and Acme represents its SaaS subscriber.
Although tenant users can be assigned to the default authorization profiles, SaaS administrators cannot modify them or the components that they comprise. However, SaaS administrators can create authorization profiles for their users.
Access control maintained by service provider administrator
In this scenario, Calbro maintains the users and user groups for Acme. Access to features and objects is controlled by authorization profiles in the * tenant.
Acme's tenant administrator can view Acme's users and user groups from User Accounts in the TrueSight console. However to edit or delete the users and user groups, the Acme administrator must approach the Remedy Single Sign-On administrator at Calbro and request the changes.
Because * tenant authorization profiles apply across all tenants, the authorization profiles maintained by the service provider are also available for use by Acme.
In this scenario, tenant administrators do not normally have access to the Remedy Single Sign-On that contains the SaaS users.
Access control shared by SaaS and service provider administrators
In this scenario, Calbro creates a new tenant in Remedy Single Sign-On. If Acme uses LDAP, then Calbro's administrator configures the LDAP integration for Acme in Remedy Single Sign-On. Acme's administrator maintains the LDAP server for Acme users.
Because Acme's administrator is a member of the BmcTenantAdmin group, he can access Administration menu options and create roles and authorization profiles for his users. These authorization profiles are not accessible by any users or administrators in other tenants.
Following the preliminary onboarding activities required to set up a tenant, the tenant administrator performs administrative tasks similar to those of the on-premises administrator.
To get started with role-based access management, refer to the following topics:
Log in or register to comment.