User access and keys

A user refers to an entity or person that can be authenticated into  BMC Helix Portal . Each user is given a unique identity within a tenant. 

Users can be of different types based on how they access BMC Helix Portal:

  • Users that require console access: Tenant administrators and users that are manually created by the tenant administrator require credentials to access the BMC Helix Portal console. External users imported from a supported identity provider (IdP) or synced from another BMC product can access BMC Helix Portal by using their existing credentials. For more information, see User-identities
    A user can access BMC Helix Portal by using their credentials both via the UI and programmatically. However, we recommend that you use the access keys to run APIs. 
  • Users that require programmatic access: Users can generate keys, which includes a key (similar to a user name) and a secret key (similar to a password). The keys can be used for programmatic access to BMC Helix Portal. This key can be generated by the tenant administrator or by an individual user (at a user level).

User_access_22_3.PNG

Console access

  • Create all users.
  • Create groups of users and provide access permissions to individuals users and groups via roles.
  • Create or delete other administrators. 
    However, tenant administrators cannot change the password for any user in the system. Individual users can change their own passwords by clicking the Forgot Password link on the logon screen. 

As an IdP user, can I change the password?

No. As an IdP user, you cannot change the password from the logon screen. The Forgot Password link is available on the logon screen for local users only. Local users include users created manually in BMC Helix Portal and local users synced for cross-product access.

Programmatic access

  • A tenant administrator can create an access key from the Access keys tab section under User access > Users and keys
    The access key can be used by any user with the correct permissions under that tenant. For more information, see Setting-up-access-keys-for-programmatic-access.

  • An individual user can generate the access key from the My profile section.  
    The user-level key can only be used by the user who generated the access key. Because the access key applies to an individual user only, it inherits the individual user's access permissions. For more information, see Setting-up-user-level-access-keys.

Is there a difference between the access keys and user-level access keys?

No, there is no difference.

The access key refers to the key and the secret key generated as a set. The Access user contains the access key. The access user is also a logical representation of a robotic user who needs programmatic access. 

While access keys can be assigned access permissions via roles and are displayed on the User access > Users and keys > Access keys page, the user-level access keys inherit permissions from the individual users and are displayed on the My profile page.