Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Integrating BMC Server Automation with a role other than BLAdmins

By default, the installer uses the BLAdmins role and the BLAdmin user to integrate CLM with BMC Server Automation. If necessary, you can configure a new role (for example, CLAdmins) with a more restrictive set of BMC Server Automation privileges to communicate with CLM. You might find this useful, for example, to:

  • Check if there are problems while starting new services or you make changes to current services. 
  • Import packages from the sandbox to the production environment.
  • Create a new user (for example, CLAdmin) with more restricted privileges than BLAdmin (because BLAdmin is too powerful in your environment).

This topic contains the following information:


To create a new CLAdmins role to connect with BMC Server Automation

  1. Log on to the BMC Server Automation Console as a user in the RBCAdmins role, for example, RBACAdmin.

    You cannot perform this task as a user in the BLAdmins role.

  2. In the RBAC Manager folder, select Roles.
  3. Create a new role by right-clicking and selecting New > Role from the pop-up menu. The Role Creation wizard appears.
    BSANewRole.jpg 
  4. Name the new role and provide a useful description. 
    BSANameDescription2.jpg 
  5. Click the System tab and then add the following roles:
    • BatchJob.*
    • BLPackage.*
    • Component.*
    • ComponentGroup.*
    • ComponentTemplate.*
    • ComponentTemplateFolder.*
    • ComponentTemplateGroup.*
    • DeployJob.*
    • DepotFile.*
    • DepotFolder.*
    • DiscoveryJob.*
    • JobFolder.*
    • NSHScript.*
    • NSHScriptJob.*
    • PropertyClass.*
    • PropertyInstance.*
    • ProvisionJob.*
    • PublishProductCatalogJob.*
    • Server.*
    • SystemPackage.*
    • SystemPackageType.*
    • UpdatePropertiesJob.*
    • VirtualGuestJob.*
    • VirtualGuestPackage.*
  6. Provide information for additional aspects of the role, as described in the following topics in the BMC Server Automation 8.3 documentation:
  7. Click Finish to close the wizard and save your changes.

To create a new CLAdmin user

  1. In the RBAC Manager folder, select Users.
  2. Create a new user by right-clicking and selecting New > User from the pop-up menu. The User Creation wizard appears.
    BSANewUser.jpg 
  3. Name the new user, provide a useful description, and specify a password.
    BSANewUser2.jpg 
  4. Click Next
  5. Select the CLAdmins role that you previously defined. 
    BSANewUser3.jpg 
  6. Provide information for different aspects of the user, as described in the following topics in the BMC Server Automation 8.3 documentation:
  7. Click Finish at any time to close the wizard and save your changes.

Tasks that the CLAdmin role can perform

This new CLAdmin user with the restrictive privileges of the new CLAdmins role can perform the following tasks inside CLM:

  • Onboard a POD
  • Onboard a cluster
  • Create NC
  • Create a Blueprint
  • Create a VGP
  • Deploy a SOI
  • Start/Stop/Decommission a SOI
  • Add CPU
  • Add Disk
  • Deploy a BLPackage

Additional configuration required

Perform the remaining configuration steps with the new CLMAdmins role.

  1. Configure the CLMAdmins role in Cloud Portal. 
    1. As the CLMAdmin user, log on to the Mid Tier and open the Administration Console.
    2. From the Workspaces menu, click Providers.
    3. Select BBSA and click then Edit
    4. Enter the Username, Password, and Role of the new customized CLMAdmins role.
    5. Log on to the computer running the Platform Manager. 
    6. Stop the BMC CSM service and delete the contents of the Platform_Manager\cache folder.
      For example:
      C:\Program Files\BMC Software\BMCCloudLifeCycleManagement\Platform_Manager\cache 
    7. Restart the BMC CSM service. 
  2. Set explicit permissions on the Virtualization and Connection PSIs so that the vCenter is reachable by the new CLAdmin user.
    For more information, see the instructions on setting the Virtualization and Connection instances (in the BMC Server Automation online technical documentation). 
  3. Grant access to the Server property class.
    For more information, see Defining permissions for a system object and Updating-permissions-for-one-or-more-system-objects (in the BMC Server Automation online technical documentation). 
  4. Grant access to all the custom DISA STIG property instances.
    For more information, see the "Properties in the custom DISA property class" section in the  Reviewing properties in Compliance Content custom classes class (in the BMC Server Automation online technical documentation). 
  5. If this is an existing brownfield CLM environment, grant access to the existing CLM BSA objects (VGPs, NSH Scripts, NSH Jobs, and so on).
    For more information, see Object-based permissions (in the BMC Server Automation online technical documentation). 

Related topics

Integrating-BMC-Server-Automation-and-other-brownfield-BMC-products, especially the section on integrating brownfield BMC Server Automation into CLM.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*