Default users and user groups
When you install TrueSight Presentation Server, the following out-of-the-box user groups and users are created in your Remedy Single Sign-On (SSO) server for the default * tenant. Not all out-of-the-box user groups contain out-of-the-box users. The out-of-the-box user groups have default permissions. You can enable the out-of-the-box user group and provide an out-of-the-box user group name to it. After checking the authorization profile associated with the user group, you will be permitted to login.You can enable the out-of-the-box user group and give it a name using the tssh CLI command. For more information see tssh commands.
| Out-of-the-box user groups | Out-of-the-box users | Description |
|---|---|---|
| Administrators | admin | Out-of-the-box administrator user |
| bppmws_internal | Internal user that supports:
| |
| csm_user | Internal user that supports:
| |
| API Group | apiuser | Internal user that supports TrueSight Capacity Optimization Integration
|
| Capacity_Administration | None | Users in this group have access to the Administration, Capacity, and Cloud Cost Control sections in the TrueSight console. The users can perform all administrative activities and have access to the Administration section in the TrueSight Capacity Optimization console as well. |
| Capacity_View | None | Users in this group can view the Capacity section (Views and Investigate) in the TrueSight console, and Reports section in the TrueSight Capacity Optimization console. The users cannot perform administrative activities such as creating custom views. |
| Capacity_Planning | None | Users in this group can perform all capacity planning related activities. The users have access to the Capacity section (Views and Investigate) in the TrueSight console, and to all sections in the TrueSight Capacity Optimization console, except the Administration section. The users can create and edit views, and view and edit Investigate studies. The users cannot perform administrative activities in the TrueSight Capacity Optimization console. |
| Cloud_Cost_Control | None | Users in this group can view and analyze cloud costs across all dimensions such as cloud provider, cloud service, and so on. The users have access to all pages in the Cloud Cost Control section. Also, the users can access all the entities (such as business services, cost pools, resources). The users cannot perform administrative activities in the TrueSight Capacity Optimization console. |
| Cloud_Cost_Control_Consumer | None | Users in this group can perform limited functions and access only the following pages in the Cloud Cost Control section in the TrueSight console:
The users cannot perform administrative activities. The administrative user needs to configure access groups in the TrueSight Capacity Optimization console to allow the users access to the required entities such as domains, cost pools, and resources. |
| Central Monitoring Administrators | None | NA |
| Model Administrators | service_admin | Default service model administration user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
| Monitoring Administrators | event_admin | Default event administration user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
| Operators | oper | Default operator user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
| Supervisors | user | Default supervisor user for the TrueSight Presentation Server and TrueSight Infrastructure Management |
| Viewers | None | NA |
| WS Full Access | None | NA |
After you register an App Visibility portal in the TrueSight console, a new user, App_Visibility_Internal_<tspsHostID>, is automatically added to Remedy Single Sign-On. This is an internal user with a randomly generated password and should not be changed.
The default password for the default users is "userID12345".
For example, the password for the admin user is admin12345.
You can create users in Remedy SSO in the default * tenant by logging in as the Admin user.
Don'ts
Do not include the "@" symbol in user names or tenant names.
Do not create a username that is same a Remedy Single Sign-On "Admin" user.
To view Remedy SSO requirements for TrueSight Operations Management, see
System requirements for Remedy SSO.
To access information about installing and configuring Remedy SSO, see
Installing Remedy SSO.
Enabling access to TrueSight console users not associated with a user group in Remedy SSO
Users can log in to the TrueSight console by using an authentication mechanism such as local, LDAP, or SAML configured with the Remedy Single Sign-On Server. These users when not assigned a specific user group or groups in Remedy SSO, are not authorized to log in to the TrueSight console.
To authorize such users who are not associated to a user group in Remedy SSO and give access to the TrueSight console, you must create a base user group in Remedy SSO and manually enable the base user group from the TrueSight Presentation Server. Once you enable the base user group, any user belonging to any identity provider such as LDAP or SAML configured with Remedy SSO can easily log in to the TrueSight console without having to be associated with a specific user group. You can also manually disable the base user group from the Presentation Server. Until you manually disable it, the base user group will continue to work as expected.
Note
The base user group is not available out-of-the-box.
You must have administrator privileges to create and enable or disable the base user group authorization.
To create and enable the base user group
Log in to Remedy Single Sign-On as an admin user and create a base user group. For more information, see Setting up local user authentication in Remedy SSO.
Log in to TrueSight console as an admin user and either create or assign a default Authorization Profile to the base user group. For more information, see Creating authorization profiles
From the Presentation Server command line, run the following command to enable the base user group property in the Presentation Server:
tssh properties set tsps.usergroup.base.enabled true reloadRun the following command to set the new user group name as the base user group name to be used by the Presentation Server:
tssh properties set tsps.usergroup.base.name <groupname> reload
To disable and remove the base user group from the Presentation Server
You can temporarily disable or permanently remove the base user group. In either case, only the users who have associated user groups from Remedy SSO are able to log in to the TrueSight console. All other users without associated user groups can no longer log in to the TrueSight console.
From the TrueSight Presentation Server, run the following command to disable the base user group:
tssh properties set tsps.usergroup.base.enabled false reloadNote
In future, if you want to enable the same base user group, you have an option to skip the next two steps. See, To create and enable the base user group.
Continue to step#2 only if you want to permanently remove the authorization profile and the default user group.
- Remove the Authorization Profile defined for base group. For more information, see
Editing and deleting authorization profiles.
- Remove the base user group created from Remedy SSO. For more information, see link
To add users to or remove users from a role.
For TrueSight Capacity Optimization Users
For more information on enabling the non-group users to access the Presentation Server features, see
Enabling the TrueSight features access for non-group users.
Comments
Log in or register to comment.