Authorizing users to access TrueSight Cloud Cost Control

You can apply role-based access control (RBAC) to TrueSight Cloud Cost Control to allow or restrict viewing and editing of data to a certain user or group of users.

Remedy Single Sign-On provides single sign-on authentication of users. You need to configure users and user groups in the Remedy SSO console. 

Role-based access (RBAC) to the features and components comprised in TrueSight Cloud Cost Control is enabled by persona-based authorization profiles. Each authorization profile is associated with one or more BMC Remedy Single Sign-On realms and comprises user groups, roles and permissions. Collectively, the authorization profile components determine the features that users can access. You can use each default authorization profile as is, you can modify its attributes, or you can create your own authorization profiles. For more information about authorization profiles, see Role-based access

Entity-level access is managed by access groups in the TrueSight Capacity Optimization console.

Overview of the RBAC process

To configure access control, you must complete the following steps:


Default roles and user groups

After you install the product, some user groups and users are available by default.

The following table contains details about the default roles, user groups, authorization profiles, and permissions that are created for TrueSight Cloud Cost Control. 

Example: Providing user access to specific entities

You can use the default Cloud_Cost_Control_Consumer user group to grant restricted page-level access to users, and access groups in the TrueSight Capacity Optimization console to allow restricted access to specific entities such as domains, cost pools, and resources.

Refer to the following example to understand the required steps.

Scenario:

Celine is the new head of the R&D team. She needs visibility into the costs associated with the resources used by the team.

The administrator, Alan, has already created a cost pool, R&D, which includes all the resources that the R&D organization uses.

Solution:

Alan performs the following steps:

  1. In the Remedy SSO console:
    1. Add user — celine.

      adduser.png

    2. Assign the user to the user group — Cloud_Cost_Control_Consumer.
      assigntocccconsumer.png
    3. Create a new user group — R&D Managers.
      This user group will be used to manage specific access control.

      addug.png
    4. Assign the user to this user group (R&D Managers).

      assignuser.png
  2. In the TrueSight Capacity Optimization console:
    1. Add an access group, R&D managers, with the external name as R&D Managers (User group that you added in step 1).
      addaccessgroup.png
    2. Configure the access group to assign access to the cost pool, R&D.
      selectcpinag.png

      accessgrpcp.png

When celine user logs on to the TrueSight console, the restricted list of pages in the Cloud Cost Control section are displayed with data for the cost pool — R&D.

consumerview.png