Managing repository groups and permissions

Repository stores all 

Some content is unavailable due to permissions.

content such as adapters and modules. Using the Repository Manager UI, administrators can add new groups, assign permissions to the groups, or modify them as per the requirement.

Points to consider while working with repository permissions

  • You must ensure that the groups created in the repository match the groups or roles in Remedy Single Sign-On (RSSO or Remedy SSO).
    For more information about how users and groups are handled in

    Some content is unavailable due to permissions.

    , see Creating-and-managing-local-users-and-roles-in-Remedy-Single-Sign-On.
  • When you install the repository with embedded Remedy SSO, an AoAdmin group is created in Remedy SSO and AoAdmin and Default groups are created in the repository. This is a default group with only one default user – aoadmin.
  • In Remedy SSO, if a user is not assigned to any role, the user gets assigned to the Default group/role. BMC recommends that you update the permissions for the Default group to avoid providing permissions to unintended users.
  • You cannot update, copy, or delete the group or edit permissions for the AoAdmin group. You can edit permissions for the Default group, but cannot change the name of the group

Repository permissions overview

Before creating new groups (or roles) and assigning permissions to the groups, take a look at how permissions are implemented in the repository.

Repository permissions enable users in a group to:

  • Import content using the Grid Manager application.
  • Import and export content in 

    Some content is unavailable due to permissions.

    Development Studio.
  • Upload content to the grid by using the content installation program.
  • Upload content to the grid by using the Repository Manager UI.

Using the Repository Manager UI, you can adjust permissions for the groups:
  • Repository permissions are View and Update.
  • Permissions for accessing and navigating the Repository Manager UI are specified using Repository Permissions.
  • Administrators can control permissions for individual adapters and modules using Content Permissions.

In this release, a new Repository Manager UI is introduced. In the new UI, two separate sections represent Repository Permissions and Content Permissions

Repo permissions_view.png

Add new group

Before adding a new group, ensure that a matching role (in Remedy SSO) or group (in LDAP) with the same name exists. 

To add a new group:

  1. Log on to the Repository Manager application, click the Permission tab and click Add group button.png

  2. On the Add New Group page, in the Group Name box, enter a unique group name. 

    Groups/roles in RSSO vs. groups in TSO

    The group name specified in the repository must exactly match the group/role name in Remedy SSO. For example, if you have a group named Development in RSSO, use the same name while adding a group here.

    Group name must be unique and up to 80 characters only.

    Add new group_permissions.png
    You can choose to assign permissions to the group now or save the group and edit permissions later. 

  3. To add permissions for a group, perform any of the following actions: 
    • In the Repository Permissions table, select the check boxes to assign Update or View permissions to groups. 
    • In the Content Permissions table, select the Update or View check boxes to assign content permissions for individual adapters or modules. 
    • To assign all update permissions to a group, select the check box in the Update column header.
      When you select UpdateView permissions are also selected.

    • To assign individual view and update permissions to a group, select the corresponding check box in the View and Update columns.
      If you select Update, then View is also selected.

      The following table describes how permissions are used in TrueSight Orchestration Platform

      Required permissions

      Access to functionality provided

      Manage Content (View)

      View the Manage tab for managing content

      Manage Content (View), Content permissions (View).

      Download content

      Manage Content (Update), Create New Content

      Upload content

      Manage Content, Content permissions (Update)

      Delete content

      Transfer Content (View)

      View the Transfer tab for transferring content

      Transfer Content (View)

      Connect to the remote repository

      Transfer Content (View), Content Permissions (View)

      Export content from the local repository to the remote repository

      Transfer Content (Update), Content Permissions (Update)

      Import content in the local or primary repository from the remote repository

      Manage Permissions (View)

      View Permissions tab for managing permissions in the repository

      Manage Permissions (Update)

      Edit permissions, add groups, copy group, and remove

      Content Permissions (View)

      View content

  4. Click Save
    The new group and the permissions are reflected on the UI as a new column. 

Copy or delete groups

To copy a group:

  1. Log on to the Repository Manager application and click the Permission tab.
  2. From the Actions list, select Copy Group

  3. In Copy From Existing Group Name list, select the group from which you want to copy permissions, and in the Copy To Group Name box, enter the group name (an existing group or a new group) where you want the permissions to be copied.

    Note

    You cannot copy any group to the AoAdmin group; in other words, you cannot overwrite the AoAdmin group.

  4. Click Save.
    If you are copying permissions to an existing group, the Copy Group Permissions prompt asks for a confirmation to overwrite the existing permissions for a group. Click Yes to overwrite the existing permissions.

To delete a group:

  1. Log on to the Repository Manager application and click the Permission tab.

  2. From the Actions list, select Remove Group

    Warning

    You cannot delete the AoAdmin or Default groups.

  3. From the Remove Group dialog box, select the checkboxes against the group names that you want to delete. 
  4. Click Delete and the selected groups are deleted.
    Users assigned to these groups will no longer be able to access the environment. 

Edit permissions for groups

  1. Log on to the Repository Manager application and click the Permission tab.
    All existing groups and the permissions assigned to the groups appear.
  2. From the Actions list, select Edit Permissions

  3. From the Available Groups dialog box, select a group or a list of groups and click Next.

    All the groups that you select appear on the Edit Permissions page. 

  4. On the Edit Permissions page, perform any of the following actions:
    • To assign all view permissions to a group, select the check box in the View column header.
    • To assign all update permissions to a group, select the check box in the Update column header.
      When you select UpdateView permissions are also selected.
    • To assign individual view and update permissions to a group, select the corresponding check box in the View and Update columns.
      If you select Update, then View is also selected.
    • To remove a permission from a group, clear the corresponding check box. To remove all permissions, clear the check box in the View or Update column headers. 
      The following graphic shows the Edit Permissions UI. 

      Edit Permissions page.png
      For more information about how permissions affect role-based access for groups, see the Permissions for roles-based access table.
  5. Click Save

Related topics

Creating-and-managing-local-users-and-roles-in-Remedy-Single-Sign-On

Accessing-and-navigating-the-Repository-Manager

Managing-permissions-in-TrueSight-Orchestration