Managing role-based access control in BMC Helix Dashboards

Roles and permissions are essential aspects of managing access to information and resources in any organization or system. They help to define the levels of access and actions that different users can perform depending on their position, responsibilities, and needs. By assigning specific roles and permissions, administrators make sure that users have the correct level of access to perform their jobs while maintaining the security and integrity of the system. 

BMC Helix Dashboards provides the following roles: Viewer, Editor, Admin. As a reporting administrator, configure the role-based access control (RBAC) to delegate access permissions to users. Based on the assigned roles, users can access the complete or specific dashboard content. For more information about roles and permissions, see Roles-and-permissions.

Important

  • From the 24.4 release, you can perform role-based access control tasks only from BMC Helix Dashboards. The existing out-of-the-box system roles assigned to BMC Helix Dashboards users in BMC Helix Portal are not synced to BMC Helix Dashboards. These roles are affected as follows:
    • The Reporting Admin and Reporting Editor roles are removed from BMC Helix Portal. Users to whom these roles were previously assigned are assigned the Admin and Editor roles in BMC Helix Dashboards.
    • The Reporting Viewer role is renamed to the Reporting Access role. Users that have the Reporting Access role are assigned the Viewer role in BMC Helix Dashboards.
  • In BMC Helix Dashboards, an administrator can assign the required system or custom roles to new users or teams that you create in BMC Helix Portal.

The following video (1.2 minutes) explains how to create roles and assign permissions.

https://youtu.be/qXlCwLKjZdQ


To assign custom or out-of-the-box roles to users and teams

  1. On the dashboards Home page, in the main menu click image-2024-3-29_9-21-11.pngand select Administration > Users and access > Roles.
    The available roles are displayed. 
  2. Click the action menuimage-2024-3-29_9-19-47.pngthat corresponds to the out-of-the box role you want to assign to users or teams.
  3. To assign a role to either user or teams:
    1. Select either Manage users or Manage teams.
    2. Search for the required users or teams.
    3. Select the check boxes corresponding to the user names or teams.
  4. Save the changes.


To create a custom role and assign permissions 

As an administrator, create custom roles to assign specific permissions, such as, create, view, or edit. You can assign the following permissions:

Category

Permissions

Details

Dashboard

  • Create
  • View
  • Download
  • Create dashboards
  • View permitted dashboards
  • Download dashboards as pdf, xlsx, or csv

Folders

  • Create 
  • View
  • Create folders, you can also create sub folders within folders
  • View permitted folders

Datasources

  • Explore
  • Use the explore mode for data sources

Calculated Fields

Create

Create and update calculated fields.

Reports

  • Access
  • View history
  • View settings
  • View and create reports
  • View reports history section
  • View and manage report settings

Administration

  • Manage data sources
  • Manage report scheduler
  • View and manage data sources
  • Create, view, and manage all reports

Service management query types

SQL

Edit SQL queries.

Example

You want to create a custom role and assign the permission to schedule reports to the role. Perform the following steps:

  1. On the dashboards Home page, in the main menu click image-2024-3-29_9-21-11.pngand select Administration > Users and access > Roles.
    The available roles are displayed. 
  2. Click New Role.
  3. Enter a name and an optional description for the role, for example, Report_Scheduler_Admin.
  4. Click Create.
  5. Under Administration, select the Manage reports scheduler permission.
    By default, the View permissions under Dashboards and Folders are selected.
  6. Click Save.

The role is created and displayed on the Roles page. A user with this assigned role can perform the following actions:

  • Delete reports
  • View the report history
  • Manage report settings
  • Create a report schedule


To manage folder permissions 

As an administrator, add or update a permission given to users, teams, or system roles to access or modify the content of a folder. You can assign any of the following permissions:

Permission name

What you can do after the permission is granted

View

View the dashboards available in the folder.

Edit

Edit or delete the dashboards and the folder.

Admin

  • Edit or delete the dashboards and the folder.
  • Grant permissions to other users to access the folder content.

Important

  • Folder permissions supersede default permissions assigned to the system roles.
  • Nested folders will inherit the same permissions as their parent folder.
  • A user with Edit permission can use Visual Query Builder to create SQL queries.
Scenario

Jordon is an administrator at Apex Global. He wants to restrict users from editing dashboards in a folder because they contain sensitive data. He grants the View permission to the Editor role by using the folder configuration options. All the users with the Editor role can only view the dashboard content in the folder.

  1. On the Home page, click Dashboards.
  2. Open the folder for which you want to add or update a permission.

    folder_permissions.png

  3. Click Add a permission, and perform these steps:
    1. Scroll down to view the configuration options.

      add_permission_for.png

    2. From the available lists, select one of the following options and the required permission.
      - A user
      - A team
      - A system role
    3. Save the changes.


To manage dashboard permissions 

As an administrator, add or update a permission given to users, teams, or system roles to access or modify a dashboard. You can assign any of the following permissions:

Permission name

What you can do after the permission is granted

View

View the dashboard.

Edit

Edit or delete the dashboard.

Admin

  • Edit or delete the dashboard.
  • Grant permissions to other users to access and modify the dashboard.

Important

Dashboard permissions supersede folder and default permissions assigned to the system roles.

Scenario

Jordon is an administrator at Apex Global. He wants to grant access to a specific user with the Viewer role to modify a custom dashboard. He grants the Edit permission to the user from the dashboard settings. The user can now edit the dashboard content.

  1. On the Home page, click Dashboards.
  2. Open the dashboard for which you want to update permissions.
  3. Click Settings and click Permissions.
  4. Click Add a permission, and perform these steps:
    1. Scroll down to view the configuration options.
    2. From the available lists, select one of the following options and the required permission.
      - A user
      - A team
      - A system role
    3. Save the changes.


To grant permission to edit SQL queries of reports

As a reporting administrator, grant permission to users to edit SQL queries of reports for the Service Management query type. For example, some users might want to edit the SQL queries of migrated reports to update them.

  1. From the navigation navigation menu.pngmenu, select Administration General Default preferences.
  2. Under the Manage service management query types section, make sure that SQL is enabled.

    service mgmt query.png

  3. Create a new role. 
    For details, see Create a custom role.
  4. On the Roles page, click the more button (elipses.png) corresponding to the role that you created, and select Manage permissions.
  5. In the Permissions window, enable the Service management query types option.
  6. Click elipses.pngcorresponding to the role, and select Manage users.
  7. Search for the required users and select them to assign the role.
  8. Save the changes.


To delete a custom role

  1. Make sure to remove all the users associated with the role to be deleted.
  2. On the dashboards Home page, in the main menu click image-2024-3-29_9-21-11.pngand select Administration > Users and access > Roles.
  3. Click the action menuimage-2024-3-29_9-19-47.png corresponding to the role that you want to delete and select Delete.
  4. Click Delete role to confirm deletion.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*