Managing authorization profiles and roles


As a helix admin, you can configure authorization profiles and roles in the Helix Capacity Optimization Dashboard. 

Authorization profiles provide role-based access control by associating users who belong to one or more user groups with specific roles. The helix admin and any user who is a member of the Administrators user group can create, edit, and delete authorization profiles. Authorization profiles comprise user groups and roles, which you specify or select when creating or editing the profile. 

Roles comprise collections of permissions that permit or deny a user to access features or perform actions in BMC Helix Capacity Optimization.

Authorization profiles

To access the Authorization Profiles page, log on to the Helix Capacity Optimization Dashboard, and in the navigation pane, select Administration > Authorization Profiles.

hcod_auth_prof.PNG

Creating an authorization profile

On the Administration > Authorization Profiles page, click Create, and follow these steps:

  1. Specify a unique name for the new authorization profile.
  2. Specify the user groups. 
    1. Select the User Groups tab. 
    2. Enter the name of the user group that is created in the Helix Single Sign-On, and click + AddYou can associate multiple user groups with an authorization profile. You can also associate a user group to more than one authorization profile.
  3. Specify the roles:
    1. Select the Roles tab, and select + Add.
    2. Select the roles to include, and click OK.
      The list of roles includes the default roles and user-created roles. 
  4. Click Save.

If an authorization profile contains only one user group and if that user group is deleted in Helix Single Sign-On, actions on the authorization profile fail. You have to edit the authorization profile to add a different user group or delete the authorization profile.

Editing an authorization profile

On the Administration > Authorization Profiles page, do the following:

  1. From the authorization profile action menu, select Edit.
  2. To update the user groups, select Edit from the user group action menu. 
    1. To add user groups, click + Add, select the user groups to add, and click OK.
    2. To delete user groups, clear the check boxes for the user groups that you want to delete.
    3. Save the changes.
  3. To update the roles, select Edit from the roles action menu.
    1. To add roles, click +Add, select roles from the list and click OK.
    2. To delete roles, clear the check boxes for the roles that you want to delete.
    3. Save the changes.

Deleting an authorization profile

On the Administration > Authorization Profiles page, do the following:

From the authorization profile action menu, select Delete.

Roles

To access the Roles page, log on to the Helix Capacity Optimization Dashboard, and in the navigation pane, select Administration > Roles.

hcod_roles.PNG

Creating a role

On the Administration > Roles page, click Create, and follow these steps:

  1. Specify a unique name.
  2. (Optional) Select Allow All Permissions.
    Select this only if you want to create an admin role. For example, a Tenant Administrator role.
  3. Select or clear Enabled from the list of predefined permissions to associate with the role.
  4. Save the role. 

hcod_roles_create.PNG

Editing a role

On the Administration > Roles page:

  1. From the role action menu, select Edit.
  2. (Optional) Select or clear Allow All Permissions.
    Select this option only if you want to create an admin role. For example, a Tenant Administrator role.
  3. Select or clear Enable from the list of predefined permissions to associate with the role.
  4. Save the role.

Viewing the role details

On the Administration > Roles page, do one of the following:

  • Click the role that you want to view.
  • From the role action menu, select View.

Searching for a role

On the Administration > Roles page, search for roles by typing one or more characters. You can search by name or permission. Roles that contain the matching search string are listed in the results. 

Deleting a role

On the Administration > Roles page, select Delete from the role action menu, and click Yes.


Example scenario: Assign view access to vSphere views

Teresa is a vSphere Technology Specialist in an IT organization. She wants to use the BMC Helix Capacity Optimization to monitor the vSphere infrastructure. With vSphere views, Teresa can quickly and easily get the information that she wants.

To provide Teresa the required permissions, the administrators perform the following steps:

  1. Tim, the tenant administrator, creates a user group and add Teresa.

    1. Log in to the Helix Single Sign-On console.
    2. Set up a user credentials for Teresa.
    3. Create a user group (for example, vSphere_operators) and add Teresa to this user group.

    For more information about creating users and user groups, see Setting-up-users-and-user-groups.

  2. Alan, the helix administrator, creates an access group.
    1. Log in to the Helix Capacity Optimization Console.
    2. Click Administration > USERS > Access groups > Add access group.
    3. Specify an access group name and a description.
    4. Assign this access group to external users having external group names matching the list. In the External names field, specify the group name you created in the Helix Single Sign-On console to associate with the access group. For example, vsphere_operators.
    5. Save the changes.
  3. Alan modifies the access rights for vSphere views.
    1. Log in to the Helix Capacity Optimization Dashboard.
    2. Select Administration > Capacity Views.
    3. From the action menu action_menu.pngthat is located next to the vSphere view , click Edit access rights.
    4. In the Grant visibility to access groups dialog box, select the access group you created in the Helix Capacity Optimization Console.
    5. Click Apply.

Teresa can now access the vSphere views.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*