Default user roles and permissions

BMC Helix Continuous Optimization uses the default user roles in BMC Helix Portal to manage access to various functionality. 

Each role has default permissions that are assigned to it. You cannot edit the default user roles. You can create custom roles and assign permissions. For details, see Roles and permissions.


The following video (2:46) provides an overview of permissions and how to assign them to roles in BMC Helix Portal:

icon_play.pnghttps://youtu.be/e6Hc8UZpPfg

All permissions in BMC Helix Continuous Optimization are part of the capacity_optimization application. The objects to which you want to provide permissions are grouped as Resources. The following table lists the default user roles and permissions in BMC Helix Continuous Optimization. For details about the permissions in a resource group, see Permissions available for a resource.

To create and edit Events, you must explicitly provide the following permissions to the core application and the events resource. To use events, you need to provide the following additional permissions to the user roles apart from the default permissions. For details about the permissions in a resource group, see Permissions available for a resource.

User groups in the Single Sign-On console are associated with the corresponding roles in BMC Helix Continuous Optimization.

Permissions available for a resource

The following image displays the out-of-the-box permissions in BMC Helix Continuous Optimization:

default_roles_bhco.png

This table describes the default permissions that are available when you add a new role. All permissions in the following table are part of the capacity_optimization application. To learn how to add permissions to a role, see Setting up roles and permissions.

Resource

Permissions

Description

admin

access_all_entities

View all domains, systems, and business drivers.

auth_profile_edit

Edit authorization profiles from the Administration tab.

admin_section_edit

  • Edit the Data Warehouse and System sections in the Administration tab.
  • Create, edit, or delete custom data marts.
  • Edit the Export and Import ETLs API.

admin_section_read

  • View the Data Warehouse and System sections in the Administration tab.
  • Access and view the Export and Import ETLs API.

benchmarks_edit

Edit the Benchmarks data in the Administration tab.

data_mart_edit

Create, edit, or delete data marts. 

etls_read

  • View the ETL logs and ETL run history. 
  • Access and view the Export and Import ETLs API.

general_manager_edit

general_manager_read

View the Gateway Servers, Agent Lists, and Manager runs in the UI and by using the APIs. For details, see Agent Data endpoints in the REST API.

optimizer_rule_edit

  • Create, edit, or delete thresholds.
  • View metrics and indicators for a threshold.
  • Create, edit, or delete optimizer rules and run alerts.
  • View alert logs in the Administration tab.

optimizer_rule_read

  • View the Alert logs in the Optimizer section of the Administration tab.
  • View metrics and indicators for a threshold.
  • View the Rules page in the Optimizer section of the Administration tab.

tasks_edit

Add, edit, run, and delete System Tasks and ETL tasks in the ETL & System Tasks section in the Administration tab.

tasks_read

View System Tasks in the ETL & System Tasks section in the Administration tab.

user_accounts_edit

Manage authorization profiles in the Administration tab.

analysis

edit

  • Create and edit analysis in the Workspace tab. 
  • Create an entity filter from the Workspace search results page. For details, see Search-in-Workspace.

read

View analysis in the Works folder.

save_template

  • Create custom analysis templates.
  • Edit and delete existing analysis templates.

api

agent_data_read

Access and view the Agent Data API. For details, see Agent Data API.

dashboard_views_edit

Edit the Dashboard Views API.

dashboard_views_read

Access and view the Dashboard Views API.

data_provider_read

Access and view the Data Provider API. For details, see Data Provider API.

capacity_views

edit

  • View all the capacity views (out-of-the-box and custom views).
  • Add and modify custom views.

read

View all capacity views (out-of-the-box and custom views).

tags_edit

  • Add tags to resources.
  • Modify and delete tags that are already added to resources.

tags_read

View tags on resources.

migration_simulation

edit

Manage the settings in Migration Simulation.

read

View the budget notifications in Migration Simulation.

custom_etl

edit

  • Edit a custom ETL.
  • Edit the Export and Import ETLs API.

data_ingestion

edit

Used by the Capacity ETL Client role to ingest data.

domains

edit

Add, edit, and delete domains, systems, and business drivers.

edit_admin_domains

Access all the systems and business driver nodes for inactive, dismissed, or newly discovered entities.

read

View active systems and business drivers associated to one or more domains.

events

edit

Add and edit events from the Events page in the domain.

read

View the events from the Events page in the domain.

models

edit

Add, edit, and delete models.

read

View models saved in the Works folder.

reports

edit

Add, edit, and delete reports.

global_reports_edit

View the report templates available to users.

read

View reports saved in the Works folder.

time_filters

edit

Add, delete, copy, or move global filters in the Workspace tab.

whatif_simulation

edit

Create, edit, delete, and run a What-if simulation.

read

View the results of a What-if simulation.

The table describes the additional permissions that are required to use events. All permissions in the following table are part of the core application. To learn how to add permissions to a role, see Setting up roles and permissions.

Resource

Permissions

Description

events


view

View the events from the Events page in the domain.

operations

Controls the closing of events on the backend. 

assignee_operations

Used to move events on the backend. 

ingest

Add and edit events from the Events page in the domain.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*