Important

   

This space contains documentation for TrueSight Server Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Server Automation 8.9.

Using server properties to map automation principals for Windows user mapping

Typically, after you define an automation principal for Microsoft Windows user mapping, you map a role to that automation principal. In this way, when a role connects to an agent on a Windows server, the role is automatically mapped to the user defined in the automation principal.

You can also map a role to an automation principal by using a server property. By doing this, you can assign automation principals on a server-by-server basis, even while the same role is accessing those servers.

Automation principals do not use ACL files. These files are used by User Privileged Mapping (UPM). If both the automation principal and UPM are configured for assuming a user identify and permissions on a remote server, the automation principal takes precedence over UPM.

The video at right demonstrates the steps in mapping automation principals for Windows user mapping, and also shows how to verify that the automation principal is being used in connections to the agent.

  https://youtu.be/DbzgSJyUsX0

To use server properties to map automation principals

  1. Create an automation principal. Your Application Server must be configured to use an NSH Proxy in order for jobs to use the automation principal when communicating with target servers. For details on this procedure, see Creating automation principalsBy default, the members of the BLAdmins and RBACAdmins roles can create automation principals.
  2. Using the Property Dictionary, create a property in the Server property class. The property can be named anything. The property must be of the type Property Class, and the property must reference the property class called AutomationPrincipal. If your system is set up to use TrueSight Server Automation's default set of permissions, you must be logged on as a member of the BLAdmins role or any role that has permissions to edit the property dictionary. For more information about creating properties, see Adding or modifying properties.
  3. In the Servers folder, select the servers where you want to map automation principals. On each server, right-click and select Set Property. The Set Role Property dialog box opens. (To select multiple servers, you must display them using the Group Explorer option.) Set the value of the property to the name of the automation principal you created in the first step.
    For more information about setting property values, see Changing property values for one or more system objects.
  4. Associate a role with an automation principal by mapping the role to the server property you defined in earlier in this procedure. Use the Agent ACL tab of the role definition to perform this mapping.
    For more information about mapping roles to properties, see Role - Agent ACL. If your system is set up to use default permissions, you must be logged on as a member of RBACAdmins role or a role that has permissions to edit the role to be associated.
Was this page helpful? Yes No Submitting... Thank you

Comments