Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Object-based permissions

BMC Server Automation offers flexibility when assigning permissions to system objects.

The following topics describe aspects of object-based permissions:

You can define the permissions of an object when you first create it or modify those permissions later (see Defining-permissions-for-a-system-object). You can also modify permissions for multiple system objects (described in Updating-permissions-for-one-or-more-system-objects).

Using object-based permissions, you can delegate authority for managing different objects within BMC Server Automation. For example, a web administrator might be granted permission to run jobs relating to web servers while database administrators might be granted permission to run jobs relating to database servers. In the same manner, you can use permissions to define access to servers and server groups.

Assigning permissions to objects in the RBAC Manager folder is the same as assigning permissions to other system objects. Because you can grant permissions for roles, users, access control list (ACL) templates, and authorization profiles in the RBAC Manager folder, you can delegate authority for managing RBAC functionality to multiple roles.

Several mechanisms exist for granting permissions to an object, including ACL policies and maintenance windows. Because of this, it can be difficult to grasp the permissions that are granted to an object at any given time. To view a summary of all permissions granted to an object, see Viewing-an-ACL-summary.

See Common-issues-while-using-permissions for information about common issues users encounter when defining permissions for system objects.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*