Roles and permissions

As a tenant administrator, you set up role-based access control (RBAC) for all users in BMC Helix Portal. 

By default, the Automation Engineer and Automation Developer roles are available for BMC Helix Intelligent Automation, which cannot be modified.

As an administrator, you can create and edit users, user groups, and roles. You can assign roles to users; however, you cannot create new permissions.

The following video (2:46) provides an overview of permissions and how to assign them to roles in BMC Helix Portal:

Watch this video about How to assign permissions to user roles in BMC Helix Portal

Out-of-the-box roles and permissions

The following table describes the out-of-the-box roles, the capabilities based on the role, and the permissions granted to these roles in BMC Helix Portal:

Role	Capabilities	Permissions assigned in BMC Helix Portal
Tenant administrator	Create roles and users Configure, enable, disable, and delete Proactive Service Resolution and Blackout Policy solutions View and delete automation policy run history	All
Automation Engineer	Configure, edit, disable, and delete connectors View automation requests Create, edit, test, and delete automation policies Copy, publish, and move automation policies to draft View and delete automation policy run history View reports in the Value Dashboard in BMC Helix Dashboards	Core > credential	view manage list
		Core > events	ingest
		intelligent automation > connector	read manage
		intelligent automation > actionlibrary	read manage
		intelligent automation > policy	read manage publish
		intelligent automation > action	read manage execute
		intelligent automation > report	view
		intelligent automation > itsm	read manage
		intelligent automation > remoteplugin	read manage
		Identity Management Service > Users	List
		Identity Management Service > Access Keys	List Read Modify Create Delete
Automation Developer	View configured connectors View automation requests Create, edit, test, and delete automation policies View and delete automation policy run history	Core > credential	view list
		Core > events	ingest
		intelligent automation > action library	read
		intelligent automation > itsm	read
		intelligent automation > remoteplugin	read
		intelligent automation > connector	read
		intelligent automation > policy	read manage
		intelligent automation > action	read manage execute

To assign permissions to users to configure the Proactive Service Resolution solution

By default, only users belonging to the tenant administrator role can successfully configure, enable, disable, or delete the Proactive Service Resolution solution. If you want Automation Engineers to configure the solution, you must assign some additional permissions.

If Automation Engineers try to create, edit, or delete the solution without appropriate permissions, it might cause some unexpected behavior.

If you want Automation Engineers to manage the Proactive Service Resolution solution, perform the following steps: 

1. As a tenant administrator, log on to BMC Helix Portal.
2. Navigate to User access > Roles and permissions page, and click Add role and specify the name, role type, and an optional description.
3. In the permissions area, click Select and assign the following permissions:
   1. core > event_policies:
      • view
      • manage
   2. core > event_classes:
      • view
      • manage
        
4. Click Confirm.
5. Navigate to User Access > Users and keys, and from the list of users, select the user for whom you want to assign the role. 
6. In the Assignments > Roles section, click Select and search for the new role that you created for managing the Proactive Service Resolution solution. 
7. Select the role and click Confirm.
   Users belonging to this role can configure, enable, disable, or delete the Proactive Service Resolution solution. For more information, see Setting up roles and permission  in the BMC Helix Portal documentation.

To assign permissions to users to view the BMC Helix Intelligent Automation Value dashboard

By default, users belonging to the out-of-the-box roles cannot view the BMC Helix Intelligent Automation Value dashboard in BMC Helix Dashboards. 

If you want users with the Automation Engineer role to click the Reports menu and access the dashboard, you must assign them the Reporting Access rule in BMC Helix Portal. Additionally, you must also provide the Viewer permission to the Intelligent Automation folder in BMC Helix Dashboards. 

Perform the following steps to assign the Reporting Access role to users: 

1. As a tenant administrator, log on to BMC Helix Portal. 
2. Navigate to User Access > Users and keys, and from the list of users, select the user for whom you want to assign the role. 
3. In the Assignments > Roles section, click Select and search for the Reporting Access role. 
4. Select the role and click Confirm.
   
   The selected user is assigned the permissions to view the BMC Helix Intelligent Automation Value dashboard. 

Perform the following steps to assign the Viewer role for the Intelligent Automation folder:

1. As a tenant administrator, log on to BMC Helix Dashboards.
2. Navigate to Dashboards > Intelligent Automation folder.
3. From the Folder Actions menu, click Manage Permissions. 
   
4. On the Manage Permissions page, click Add Permission.  
5. From the list, select the following options:
   1. Role
   2. Viewer
      
6. Save changes. 
   Users with the assigned roles can access the BMC Helix Intelligent Automation Value Dashboard in BMC Helix Dashboards. For more information, see Managing role-based access control in BMC Helix Dashboards.