Skip to Content

Role user groups and access control user groups

In BMC ProactiveNet, authorization is achieved by combining access control and role. While access control governs access to BMC ProactiveNet components, roles determine permissions.

BMC recommends that you define separate user groups for access control and separate user groups for roles.

The definition of access control user groups must contain only those BMC ProactiveNet components that are visible to users. Such components include configuration items (CIs), reports, views, and so on.

The role user group must be associated with only roles and none of the other BMC ProactiveNet components such as CIs, reports, views, and so on.

The combination of access control and role allows you to create specific functional user groups for access and permissions. A user may be associated with specific access control user groups and role user groups. level. For example, consider the figure below: 

access_control_user.JPG

In the figure, a user is associated with two distinct user groups:

  • Role user group: associated only with roles (set of permissions) indicating the operations a user can perform
  • Access control user group: associated with objects (Austin and Houston servers) that can be accessed
     BMC ProactiveNet components such as reports, views, detailed diagnostics, and so on do not have any relevance outside of BMC ProactiveNet. Therefore, when defining access control user groups, you can choose to define user groups that have access only to the BMC ProactiveNet components and maintain a separate definition for user groups that define access to CIs. This is useful when you integrate BMC ProactiveNet with BMC Atrium CMDB. BMC Atrium CMDB will contain only those user groups that are defined in the Access Control Lists (ACLs) of CIs that belong to BMC Atrium CMDB.

At present, a user group must be defined with at least one role. To define an access control user group, BMC recommends that you define a generic role with only one ubiquitous permission such as "Allow Access to Operations Console". This permission may be applicable to all the users in the system.

Warning

Note

Ensure that BMC Atrium CMDB does not contain any role user groups. This is because role user groups are defined and used only in BMC ProactiveNet, and are not relevant outside of BMC ProactiveNet.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC ProactiveNet 9.6