Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Role Based Access Control (RBAC) domain

The RBAC domain provides information about role level authorizations, object level authorizations, assigned roles for users, and audit trails for changes to system objects.

You can use this information to build your own custom RBAC reports using your own reporting tool.

This topic contains the following sections:

RBAC domain entity-relationship diagram (ERD)

The following figure provides the ERD for the RBAC domain. It shows the relationships between the dimension, fact, bridge, and generic tables.

To view the detailed expressions that allow you to join tables, you can download the RBAC BDSSA BI Reporting Model Schema Definition.html file.

Tip

To understand the relationships between tables, click the ERD image below and then click the magnifying glass icon to zoom in to the image.

RBAC_ERD.jpg

Tables in the RBAC domain

The following tables comprise the RBAC domain:

  • Dimension tables - Describe the properties of an object that are subject to change. These tables are prefixed with D_, for example, D_JOB.
  • Fact tables - Contain factual information that remains constant and is required for reporting. These tables are prefixed with F_, for example, F_JOB_RUN.

Dimension tables

Table Name/Description

ERD

D_BL_ACL_POLICY

Contains information about ACL polices such as name, description, and the dates on which the policy, user, and role were created or modified.

Note: D_BLUSER is also referenced in the ERD as ACL_POLICY_CREATED_USER.

D_BL_ACL_POLICY-edited.jpg

D_BL_AUTH_PROFILE

Contains information about authentication profiles such as name, description, and the dates on which the policy, user, and role were created or modified.

Note: D_BLUSER is also referenced in the ERD as ACL_POLICY_CREATED_USER, PROFILE_MODIFIER_USER.

Note: BL_SITE is also referenced in the ERD as AUTH_PROFILE_BL_SITE.

D_BL_AUTH_PROFILE.JPG

D_BLGROUP

Contains information about the folder group where the job is stored, such as the group name, the group type (Server, Job, Depot), the fully qualified path to the group, and the parent group details.

Note: D_BLGROUP is referenced in the ERD as D_SMART_BLGROUP.

D_BLGROUP-edited.jpg

D_BLROLE

Contains information about roles such as name, description, whether the role is enabled or not, and the dates on which the policy, user, and role were created or modified.

Note: D_BLUSER is also referenced in the ERD as BL_ROLE_USER.

D_BLROLE-edited.jpg

D_BLUSER

Contains information about users such as name, description, encrypted password, number of failed logins, whether the user is enabled or not, and the dates on which the policy, user, and role were created or modified.

D_BLUSER-edited.jpg

D_CUSTOM_COMMAND

Contains information about custom command such as display name, command and its type, run time arguments, and the dates on which the policy, user, and role were created or modified.

D_CUSTOM_COMMAND-edited.jpg

D_DEPOT_OBJECT

Contains information about the depot objects for each object type, such as name, description, date (created, modified), object type (Patch, Audit, Compliance...) and the dates on object was created or modified.

Note: OBJECT_TYPE is also referenced in the ERD as BLPKG_NSH_OBJECT_TYPE.

D_DEPOT_OBJECT-edited.jpg

D_JOB

Contains job details such as the name, description, and type of job, as well as the dates on which the jobs were created or modified.

D_JOB-edited.jpg

D_SERVER

Contains device details for the job, such as the name and description of a server, and the OS release/version.

D_SERVER-edited.jpg

D_TEMPLATE

Contains template details, such as the name and description of a template, type (Audit, Snapshot, Compliance), and the dates on which it was created or modified.

D_TEMPLATE-edited.jpg

Fact tables

Table Name/Description

ERD

F_AUDIT_TRAIL

Contains details for the audit trail related to user/role changes for any object. It contains the user name, role name, object name, message, and if the action was success or not.

Note:

B_ROLE_USER is also referenced in the ERD as BL_ROLE_USER.

BLAUTH is also referenced in the ERD as AUDIT_TRAIL_BL_AUTH.

F_AUDIT_TRAIL-edited.jpg

F_BLPACKAGE_AUTH

Contains details for package authentication such as name, object type, RBAC method, and date and time.

Note: B_ROLE_USER is also referenced in the ERD as BL_ROLE_USER.

F_BLPACKAGE_AUTH.JPG

F_CONFIG_FILE_AUTH

Contains details for the configuration file authentication such as name, object type, role ID, RBAC method, and date and time.

 

F_CONFIG_FILE_PATH.JPG

F_CUSTOM_COMMAND_AUTH

Contains details for the custom command authentication such as custom command ID, object type, role ID, RBAC method, and date and time.

F_CUSTOM_COMMAND_AUTH.JPG

F_GROUP_AUTH

Contains details for the group authentication such as group name, group type, object type, role ID, RBAC method, and date and time.

F_GROUP_AUTH.JPG

F_JOB_AUTH

Contains details for the job authentication such as job type, object type, role ID, RBAC method, and date and time.

F_JOB_AUTH.JPG

F_SERVER_AUTH

Contains details for the server (device) authentication such as server id, object type, role id, RBAC method date and time.

F_SERVER_AUTH.JPG

F_TEMPLATE_AUTH

Contains details for the template authentication such as template ID, object type, role ID, RBAC method, and date and time.

F_TEMPLATE_AUTH.JPG

Built-in RBAC views

BMC Decision Support for Server Automation provides the following built-in views.

Recommendation

BMC recommends that you apply appropriate filters (such as date duration or bl_site_id) while querying the views. You can also apply other filters based on your requirements. Filtering the data improves performance by decreasing the amount of data being fetched, thereby minimizing the time required to process the views.

Where to go from here

Compliance-domain

Job-Activity-domain   

Patch-Management-domain

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*