Skip to Content
Information
Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Portal Level Permissions

The Portal Level Permissions option specifies the types of operations this portal security group can perform. The authorizations that are selected reflect the authorizations granted to the role specified in the BSA Role Name field.

Removing an authorization at the portal level takes precedence over permissions granted to a role in BMC Server Automation. In other words, if a role is granted an authorization in BMC Server Automation but the corresponding check box is not selected here at the portal level, the role cannot perform that operation in the portal.

Requirements for auto-selection

When you select a role in the BSA Role Name field, the portal examines the permissions granted to that role in BMC Server Automation. If the role has been granted a minimum set of permissions needed to perform a type of operation in the portal, such as Compliance operations, the check box for that type of operation is selected automatically. 

Click here to see lists of the minimum permissions required.

The following lists shows the minimum BMC Server Automation permissions that must be granted to a role for a check box to be selected automatically. Be forewarned that these lists are long!

Batch checkbox

BatchJob.Read 

BatchJob.Create 

BatchJob.Modify 

BatchJob.ModifySchedule 

BatchJob.ModifyTargets 

BatchJob.Execute

BLPackage.Read 

BLPackage.Write 

BLPackage.Modify 

BLPackage.ModifyProperties

ApplicationDiscoveryJob.*

AuditJob.Read 

AuditJob.Create 

AuditJob.Modify 

AuditJob.ModifySchedule 

AuditJob.ModifyTargets 

AuditJob.Execute

DeployJob.Read 

DeployJob.Create 

DeployJob.Modify 

DeployJob.ModifySchedule 

DeployJob.ModifyProperties 

DeployJob.ModifyTargets 

DeployJob.Execute

PatchingJob.Read 

PatchingJob.Create 

PatchingJob.Modify 

PatchingJob.ModifySchedule 

PatchingJob.ModifyTargets 

PatchingJob.Execute

PatchRemediationJob.Read 

PatchRemediationJob.Create 

PatchRemediationJob.Modify 

PatchRemediationJob.ModifySchedule 

PatchRemediationJob.ModifyTargets 

PatchRemediationJob.Execute

PatchDownloadJob.Read 

PatchDownloadJob.Create 

PatchDownloadJob.Modify 

PatchDownloadJob.ModifySchedule 

PatchDownloadJob.ModifyTargets 

PatchDownloadJob.Execute

NSHScriptJob.Read

NSHScriptJob.Create 

NSHScriptJob.Modify 

NSHScriptJob.ModifySchedule 

NSHScriptJob.ModifyTargets 

NSHScriptJob.Execute

DiscoveryJob.Read 

DiscoveryJob.Modify 

DiscoveryJob.Modify 

DiscoveryJob.ModifyTargets 

DiscoveryJob.Execute 

DiscoveryJob.Delete

JobFolder.Read 

JobFolder.Write

JobGroup.Read 

JobGroup.Write

DepotFolder.Read 

DepotFolder.Write

ComponentTemplateFolder.Read

ComponentTemplateGroup.Read

ComponentGroup.Read

DepotFolder.Read 

DepotFolder.Write 

DepotFolder.Modify

DepotGroup.Read 

DepotGroup.Write 

DepotGroup.Modify

ComponentTemplate.Read

Component.Read

DepotFile.*

ConfigFile.*

ConfigurationObjectClass.*

DeregisterConfigurationObjects.*

DistributeConfigurationObjects.*

ExecutionTask.*

NSHScript.*

PropertyClass.*

PropertyInstance.*

Repeater.*

Server.Read 

Server.Discover

ServerGroup.*

DiscoveryJob.*

CustomCommand.Read 

CustomCommand.Create 

CustomCommand.Modify

CustomSoftware.Read 

CustomSoftware.Create 

CustomSoftware.Modify

HPUXSoftware.Read 

HPUXSoftware.Create 

HPUXSoftware.Modify

LinuxSoftware.Read 

LinuxSoftware.Create 

LinuxSoftware.Modify

AIXSoftware.Read 

AIXSoftware.Create 

AIXSoftware.Modify

AIXPatchSoftware.Read 

AIXPatchSoftware.Create 

AIXPatchSoftware.Modify

SolarisSoftware.Read

SolarisSoftware.Create 

SolarisSoftware.Modify

WindowsSoftware.Read 

WindowsSoftware.Create 

WindowsSoftware.Modify


 Compliance checkbox

AuditJob.Read 

AuditJob.Create 

AuditJob.Modify 

AuditJob.ModifySchedule 

AuditJob.ModifyTargets 

AuditJob.Execute

DiscoveryJob.Read 

DiscoveryJob.Modify 

DiscoveryJob.Modify 

DiscoveryJob.ModifyTargets 

DiscoveryJob.Execute 

DiscoveryJob.Delete

Component.Read 

Component.Audit 

Component.Create 

Component.ModifyExceptions

ComponentGroup.Read 

ComponentGroup.Write 

ComponentGroup.Modify

ComponentTemplate.Read

ComponentTemplateFolder.Read 

ComponentTemplateFolder.Write

ComponentTemplateGroup.Read 

ComponentTemplateGroup.Write

DepotFolder.Read 

DepotFolder.Write 

DepotFolder.Modify

DeployJob.Read 

DeployJob.Create 

DeployJob.Modify 

DeployJob.ModifySchedule 

DeployJob.ModifyProperties 

DeployJob.ModifyTargets 

DeployJob.Execute

JobFolder.Read 

JobFolder.Write

JobGroup.Read 

JobGroup.Write

Server.Read 

Server.Discover

ServerGroup.Read




Deploy checkbox

DeployJob.Read 

DeployJob.Create 

DeployJob.Modify 

DeployJob.ModifySchedule 

DeployJob.ModifyProperties 

DeployJob.ModifyTargets 

DeployJob.Execute

BLPackage.Read 

BLPackage.Write 

BLPackage.Modify 

BLPackage.ModifyProperties

ApplicationDiscoveryJob.*

JobFolder.Read 

JobFolder.Write

JobGroup.Read 

JobGroup.Write

DepotFolder.Read 

DepotFolder.Write

ComponentTemplateFolder.Read

ComponentTemplateGroup.Read

ComponentGroup.Read

DepotFolder.Read 

DepotFolder.Write 

DepotFolder.Modify

DepotGroup.Read 

DepotGroup.Write 

DepotGroup.Modify

ComponentTemplate.Read

Component.Read

DepotFile.*

ConfigFile.*

ConfigurationObjectClass.*

DeregisterConfigurationObjects.*

DistributeConfigurationObjects.*

ExecutionTask.*

NSHScript.*

PropertyClass

PropertyInstance.*

Repeater.*

Server.Read

ServerGroup.*

DiscoveryJob.*

CustomCommand.Read 

CustomCommand.Create 

CustomCommand.Modify

CustomSoftware.Read 

CustomSoftware.Create 

CustomSoftware.Modify

HPUXSoftware.Read 

HPUXSoftware.Create 

HPUXSoftware.Modify

LinuxSoftware.Read 

LinuxSoftware.Create 

LinuxSoftware.Modify

AIXSoftware.Read 

AIXSoftware.Create 

AIXSoftware.Modify

AIXPatchSoftware.Read 

AIXPatchSoftware.Create 

AIXPatchSoftware.Modify

SolarisSoftware.Read 

SolarisSoftware.Create 

SolarisSoftware.Modify

WindowsSoftware.Read 

WindowsSoftware.Create 

WindowsSoftware.Modify




NSH Script checkbox

NSHScriptJob.Read 

NSHScriptJob.Create 

NSHScriptJob.Modify 

NSHScriptJob.ModifySchedule 

NSHScriptJob.ModifyTargets 

NSHScriptJob.Execute

BLPackage.Read 

BLPackage.Write 

BLPackage.Modify 

BLPackage.ModifyProperties

ApplicationDiscoveryJob.*

JobFolder.Read 

JobFolder.Write

JobGroup.Read 

JobGroup.Write

DepotFolder.Read 

DepotFolder.Write

ComponentTemplateFolder.Read

ComponentTemplateGroup.Read

ComponentGroup.Read

DepotFolder.Read 

DepotFolder.Write 

DepotFolder.Modify

DepotGroup.Read 

DepotGroup.Write 

DepotGroup.Modify

ComponentTemplate.Read

Component.Read

DepotFile.*

ConfigFile.*

ConfigurationObjectClass.*

DeregisterConfigurationObjects.*

DistributeConfigurationObjects.*

ExecutionTask.*

NSHScript.*

PropertyClass.*

PropertyInstance.*

Repeater.*

Server.Read

ServerGroup.*

DiscoveryJob.*

CustomCommand.Read 

CustomCommand.Create 

CustomCommand.Modify

CustomSoftware.Read 

CustomSoftware.Create 

CustomSoftware.Modify

HPUXSoftware.Read 

HPUXSoftware.Create 

HPUXSoftware.Modify

LinuxSoftware.Read 

LinuxSoftware.Create 

LinuxSoftware.Modify

AIXSoftware.Read 

AIXSoftware.Create 

AIXSoftware.Modify

AIXPatchSoftware.Read 

AIXPatchSoftware.Create 

AIXPatchSoftware.Modify

SolarisSoftware.Read 

SolarisSoftware.Create 

SolarisSoftware.Modify

WindowsSoftware.Read 

WindowsSoftware.Create 

WindowsSoftware.Modify




Patch checkbox

PatchingJob.Read 

PatchingJob.Create 

PatchingJob.Modify 

PatchingJob.ModifySchedule 

PatchingJob.ModifyTargets 

PatchingJob.Execute

PatchRemediationJob.Read 

PatchRemediationJob.Create 

PatchRemediationJob.Modify 

PatchRemediationJob.ModifySchedule 

PatchRemediationJob.ModifyTargets 

PatchRemediationJob.Execute

PatchDownloadJob.Read 

PatchDownloadJob.Create 

PatchDownloadJob.Modify 

PatchDownloadJob.ModifySchedule 

PatchDownloadJob.ModifyTargets 

PatchDownloadJob.Execute

PatchCatalog.Read 

PatchCatalog.Write

PatchSmartGroup.Read

ComponentTemplate.Read

ComponentTemplateGroup.Read

Component.Read

ComponentGroup.Read

Server.Read

DeployJob.*

BatchJob.*

ACLTemplate.*

BLPackage.Read 

BLPackage.Write 

BLPackage.Modify

JobFolder.Read 

JobFolder.Write

DepotFolder.Read 

DepotFolder.Write 

DepotFolder.Modify

DepotGroup.Read 

DepotGroup.Write 

DepotGroup.Modify

JobFolder.Read 

JobFolder.Write

JobGroup.Read 

JobGroup.Write

ServerGroup.Read 

ServerGroup.Write

CustomSoftware.Read 

CustomSoftware.Create 

CustomSoftware.Modify

LinuxSoftware.Read 

LinuxSoftware.Create 

LinuxSoftware.Modify

AIXPatchSoftware.Read 

AIXPatchSoftware.Create 

AIXPatchSoftware.Modify

SolarisSoftware.Read 

SolarisSoftware.Create 

SolarisSoftware.Modify

WindowsSoftware.Read 

WindowsSoftware.Create 

WindowsSoftware.Modify


Partial permissions

If a checkbox is not automatically selected, the role you have designated in the BSA Role Name field does not have all the permissions necessary to perform all the capabilities associated with a particular type of operation. You can still select the check box to grant this security group permission to perform the operation, but the security group will be limited by the permissions granted in BMC Server Automation. 

For example, you may specify a role that has permissions to run Compliance jobs in BMC Server Automation but does not have permissions to run remediation operations when a compliance failure is detected. In this situation, the check box for Compliance is not selected automatically. You should select the check box to grant this portal security group the same set of compliance functionality available in BMC Server Automation. If you do not select the check box, this portal security group cannot run any Compliance operations in the portal.

You can view a spreadsheet that lists recommended minimum BMC Server Automation permissions needed to perform certain types of actions, such as Compliance job execution or patch remediation. The list of permissions are recommendations only. You may discover situations that require additional permissions.

Vulnerability Manager permission

The Vulnerability Manager permission lets users perform actions using the tools available in the Vulnerability Manager menu. Vulnerability Manager is a portal-level activity only. There are no corresponding permissions in BMC Server Automation.

Threat Director permission

The Threat Director permission lets users perform actions using the tools available in the Threat Director menu. Many of the actions that you can perform require servers to be licensed for Threat Director.

Threat Director is a portal-level activity only. There are no corresponding permissions in BMC Server Automation.



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC BladeLogic Portal 2.2