Roles and permissions using BMC Helix Portal

BMC Discovery uses BMC Helix Portal to provide single sign-on authentication for users. In BMC Helix Portal, you can create and edit users and user groups, and assign any of the available permissions, such as creating, modifying, viewing, deleting, or managing objects. However, you cannot create new permissions.

For information on the BMC Discovery permissions, see Managing-groups

As a tenant administrator in BMC Helix Portal, you can control access to various features available with the integrated products. Use the following information for assigning permissions to BMC Discovery users.

BMC Discovery permission name

BMC Helix Portal permission name 

Description

DSM Admin

DSM Discovery

DSM Read Only

DSM
Service Creation

admin category

dsm.admin.category

Enables you to create and modify categories from the Custom Categories page.

✅️




admin dashboard

dsm.admin.dashboard 

Enables you to create and modify channels from the Channels page. 

✅️




admin licensing

dsm.admin.licensing 

Enables you to view and modify licensing information.

✅️




admin settings

dsm.admin.settings 

Enables you to read and write system configuration.

✅️

✅️



admin support

dsm.admin.support 

Enables you to view the support information. 

✅️




admin system

dsm.admin.system 

Enables you to read and write system configuration and settings.

✅️




admin users

dsm.admin.users 

Enables you to view and configure the user security information. 

✅️




api access

dsm.api.access

Enables you to access the external APIs.

✅️




api import

dsm.api.import

Enables you to access the data/import API, that enables you to import data into the BMC Helix Discovery datastore.

✅️




api write

dsm.api.write

Enables you to access the data/write API, that enables you to modify almost all of the data in the BMC Discovery datastore. Before granting this permission, ensure that you have read and understood the following warning:

Warning

The data/write API allows you to modify almost all of the data in the BMC Discovery datastore. Some changes can violate the system’s expectations about the contents of nodes and relationships, and lead to errors in the user interface or in system behavior. For this reason you should avoid using the API to modify data maintained by the core system or by patterns. In general, the API should only be used to:

  • Add new nodes and relationships that are separate from those maintained by the system
  • Augment nodes that are maintained by the system by adding new attributes and relationships to them, while leaving their existing attributes and relationships unchanged

Because the API is intended for high volume data manipulation use cases, use of the API does not create Audit records. The api/datastore/write permission should only be given to users that have a specific need for it.

✅️




appliance backup

dsm.appliance.backup

Enables you to perform an appliance backup or restore.

✅️




appliance cluster

dsm.appliance.cluster

Enables you to perform cluster management operations.

✅️




appliance mail

dsm.appliance.mail

Enables you to view email configuration information from the Appliance Configuration page for mail settings. 

✅️




appliance network

dsm.appliance.network

Enables you to view interface information from the Appliance Configuration page for network interfaces. 

✅️




appliance power

dsm.appliance.power

Not applicable to BMC Helix Discovery.

✅️




audit access

dsm.audit.access

Enables you to view interface information from the Appliance Configuration page for network interfaces.

✅️




audit purge

dsm.audit.purge

Enables you to purge the audit log. You can purge the audit log of all events that are over one month old (events less than one month old cannot be deleted) from the Audit Purge page.

✅️




baseline admin

dsm.baseline.admin

Enables you to change the baseline configuration.

✅️




baseline read

dsm.baseline.read

Enables you to view the baseline configuration from the Baseline page.

✅️




baseline write

dsm.baseline.write

Enables you to update the baseline configuration after changes have been seen from the Baseline page.

✅️




cmdb sync

dsm.cmdb.sync

Enables you to configure and manage CMDB synchronization.

✅️




credential test

dsm.credential.test

Enables you to test discovery credentials.

✅️

✅️



data_main read

dsm.data_main.read

Enables you to read from the datastore through the UI.

✅️

✅️

✅️

✅️

data_main write

dsm.data_main.write

Enables you to write to the datastore through the UI.

✅️



✅️

data_cmdb_sync read

dsm.data_cmdb_sync.read

Enables you to read from the CMDBSync partition.

✅️

✅️

✅️

✅️

data_cmdb_sync write

dsm.data_cmdb_sync.write

Enables you to write to the CMDBSync partition.

✅️




data_default read

dsm.data_default.read

Enables you to read from the Default partition.

✅️

✅️

✅️

✅️

data_default write

dsm.data_default.write

Enables you to write to the Default partition.

✅️



✅️

data_import read

dsm.data_import.read

Enables you to read from the DDD and Import partitions.

✅️

✅️

✅️

✅️

data_import write

dsm.data_import.write

Enables you to write to the DDD and Import partitions.

✅️




data_internal read

dsm.data_internal.read

Enables you to read from the Internal partition.

✅️

✅️

✅️

✅️

data_internal write

dsm.data_internal.write

Enables you to write to the Internal partition.

✅️




data_other read

dsm.data_other.read

Enables you to view other data.

✅️

✅️

✅️

✅️

data_other write

dsm.data_other.write

Enables you to modify other data.

✅️




data_sensitive read

dsm.data_sensitive.read

Enables you to view sensitive data filters.

✅️




data_sensitive write

dsm.data_sensitive.write

Enables you to modify sensitive data filters.

✅️




data event_source

dsm.data.event_source

Enables you to create events for any event source.

✅️




data import

dsm.data.import

Enables you to import CSV data from the Import CSV Data page.

✅️




discovery_security groups

dsm.discovery_security.groups

Enables you to view and configure group membership for users.

✅️




discovery_security options

dsm.discovery_security.options

Enables you to view and configure the security options which include accounts and passwords, login page, and UI security page.

✅️




discovery_security users

dsm.discovery_security.users

Enables you to view and configure user security information.

✅️




discovery_vault control

dsm.discovery_vault.control

Enables you to open, close, and set the passphrase for the credential vault from the Vault Management page of the UI.

✅️

✅️



discovery_vault export

dsm.discovery_vault.export

Enables you to export the credential vault.

✅️




discovery_vault read

dsm.discovery_vault.read

Enables you to view credentials

✅️

✅️



discovery_vault write

dsm.discovery_vault.write

Enables you to manage credentials

✅️

✅️



discovery consolidation

dsm.discovery.consolidation

Enables you to change the configuration on the consolidation appliance. 

✅️

✅️



discovery control

dsm.discovery.control

Enables you to start and stop reasoning. 

✅️

✅️



discovery options

dsm.discovery.options

Enables you to read the discovery options.

✅️

✅️



discovery outposts

dsm.discovery.outposts

Enables you to view and modify the Outposts.

✅️

✅️



discovery scan

dsm.discovery.scan

Enables you to view and control the discovery scans.

✅️

✅️



discovery scripts

dsm.discovery.scripts

Enables you to view and modify discovery scripts.

✅️

✅️



discovery status

dsm.discovery.status

Enables you to view the reasoning status information.

✅️

✅️

✅️

✅️

discovery host

dsm.discovery.host

Enables you to capture device information.

✅️

✅️



knowledge config

dsm.knowledge.config

Enables you to configure patterns.

✅️

✅️


✅️

knowledge execute

dsm.knowledge.execute

Enables you to execute patterns.

✅️

✅️


✅️

knowledge update

dsm.knowledge.update

Enables you to update knowledge.

✅️

✅️


✅️

log delete

dsm.log.delete

Enables you to delete logs.

✅️




log read

dsm.log.read

Enables you to read logs.

✅️




loglevel read

dsm.loglevel.read

Enables you to read the log level.

✅️




loglevel write

dsm.loglevel.write

Enables you to change the log level.

✅️




model edit

dsm.model.edit

Enables you to edit application and service models.

✅️



✅️

model publish

dsm.model.publish

Enables you to publish application and service models.

✅️



✅️

reports read

dsm.reports.read

Enables you to read reports.

✅️

✅️

✅️

✅️

reports write

dsm.reports.write

Enables you to write reports.

✅️




search admin

dsm.search.admin

Enables you to cancel or list (view) searches submitted by all users.

✅️




search query

dsm.search.query

Enables you to access the Generic Search Query page and enter search queries.

✅️

✅️

✅️

✅️

taxonomy read

dsm.taxonomy.read

Enables you to read taxonomy information (node, relationship, role).

✅️

✅️


✅️

taxonomy write

dsm.taxonomy.write

Enables you to write taxonomy information (node, relationship, role).

✅️


✅️


ui debug

dsm.ui.debug

Enables you to debug the appserver.

✅️




ui login

dsm.ui.login

Enables you to log in to the appserver.

✅️

✅️

✅️

✅️


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*