Out of support This documentation supports the 8.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Managing user groups

BMC products can use the group membership capabilities of the BMC Atrium Single Sign-On system to provide authorization of users as well as authentication. If a BMC product does use the group memberships of the BMC Atrium Single Sign-On system, then that product's documentation must be consulted to determine which groups to privileges mapping.

To access the Group page

BMC Atrium Single Sign-On provides predefined groups to help with the Administrator privileges that some BMC products might require. For example, the BmcSearchAdmin group provides privileges that allow a user to connect to the server to perform identity searches.

Note

Care should be exercised when assigning this group as these elevated privileges allow greater access to BMC Atrium Single Sign-On than is normally provided.

To access the Group page, navigate to Access Control > BmcRealm link > Subjects > Group.

To create a new group

  1. Navigate to Access Control > BmcRealm link > Subjects > Group
  2. Click New.
  3. Enter a new, unique name for the group.
  4. Click OK.

Normally, BMC products install the groups that they need managed into BMC Atrium Single Sign-On as part of their installation. However, a situation might arise in which a group might need to be created (or re-created).

To delete a group

  1. Navigate to Access Control > BmcRealm link > Subjects > Group
  2. Select the check box for the group that you want to delete.
  3. Click Delete.

If too many groups are visible within the Group list to efficiently find the groups that you want to delete, use the search function to filter out undesired groups. For example, by changing the search filter to "D", the group IDs that start with the letter "d" (case-insensitive) are displayed.

When you delete a group, the group is removed from BMC Atrium Single Sign-On. Users that are members of the group also have their group membership removed.

Important

Deleting groups that have been installed by other BMC products is not recommended. Doing so might cause the product to malfunction or block access to the product itself.

To assign a group membership

  1. Navigate to Access Control > BmcRealm link > Subjects > Group
  2. Click on the group name link.
  3. Select the User tab.
  4. Select a user from the Available list.
  5. Click Add.
     Alternatively, you can add all of the users by clicking Add All.
  6. Click Save.

Multiple users can be assigned to a group from the Group page. The membership change is immediately put into effect.

Important

Care should be exercised when adding users to a group, such as the Predefined groups, so that elevated privileges are not accidentally assigned to a user. For example, BmcSearchAdmin has privileges to perform searches and BmcAgents has privileges to read configuration information.

To remove users from a group

Users can be removed from a group from the Group page.

  1. Navigate to Access Control > BmcRealm link > Subjects > Group
  2. Click on the group name link.
  3. Select the User tab.
  4. Select a user from the Selected list and click Remove.
     Alternatively, you can remove all of the users from the group by clicking the Remove All button.
  5. Click Save. The membership change is immediately put into effect.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*