Roles and permissions
This topic describes the roles assigned to the user accounts for authentication and how those roles authorize access to the product and product features:
Related topics
roles
All users must have a valid user name and password to access the system. During installation, the administrator specifies whether users are authenticated locally (default), or authenticated through a Microsoft Active Directory, LDAP, RADIUS, TACACS+, SAML 2.0, or Helix SSO. The authentication method is also extended to the URL in-context launches and web services APIs. Independent of the authentication method, each user is assigned one or more roles that grant or deny system and network rights. Network rights are assigned to realms. The system includes a set of default roles. The system administrator can modify these roles and create new roles. The default set of roles include:
- Viewer: Can view reports and database information, but cannot modify the database or device configurations.
- Manager: Same as Viewer, but can also manage jobs.
- Planner: Same as Manager, but can also manage network-related components (for example devices, groups, policies).
- Administrator: Including all system administration tasks on the Admin tab. All rights are granted to this user.
Essential user activity is logged to the Event log, including log on and log off, database management, and device configuration management.
The following table provides a list of the common types of users who use , and how they interact with the product.
Title | Skills | Interaction with TrueSight Network Automation |
|---|---|---|
Infrastructure Manager |
| Responsible for certifying and maintaining the application (sizing, database backup, purging, and so forth) |
Administrator |
| Responsible for defining rules, user roles within the product, policies, custom actions, and device adapters |
Network Administrator |
| Specific to BMC Cloud Lifecycle Management; responsible for network pod and container design |
User – Network Admin/Ops |
| Prescriptive operations and break/fix remediations of routers and switches |
User – Server Admin/Ops |
| Prescriptive network path provisioning in support of server provisioning |
User – Security Ops |
| Responsible for monitoring and managing firewalls |
Super User | user with access to multiple sites and/or realms | |
IT Manager | Viewing Priority, Status, Activity, and Support reports |
Permissions
must be installed by an administrator on Microsoft Windows or by a root user on Linux.
If you are using an external database (rather than the embedded PostgresSQL database included with ), you will also need database system administrator credentials during installation. See Preparing-for-installation for more information.
After installation, the administrator can set the user roles, rights, and privileges of users of . These users can be ordinary users of the underlying operating system. See Managing-access.