Default language.

Important This documentation space contains information about the SaaS version of BMC Helix Discovery. If you are using the on-premises version of BMC Helix Discovery, see BMC Helix Discovery 25.2 (On-Premises).

Managing system users

The BMC Helix Discovery Administrator is responsible for setting up details of all the users who are permitted to use the BMC Helix Discovery system. Users are allocated a user name and a password, which they must enter in order to log in to the system. Each user is a member of one or more user groups, which define the parts of the system that user is permitted to access. For example, users defined as members of the Admin group are able to create and edit user details, while members of the Public group cannot access these areas. 

If you are using an instance of BMC Helix Discovery for BMC Helix Portal and BMC Helix AIOps users (commissioned after 1 June 2021), you should manage users and groups in BMC Helix Portal.

The BMC Helix Discovery permissions that you can configure in BMC Helix Portal are described in Roles-and-permissions-using-BMC-Helix-Portal.

Related topics

Managing-users-and-security

Integrating-with-BMC-Helix-Single-Sign-On

Administering

As well as being the means of controlling user security, a user is actually set up on the system as a Person data object, and can subsequently be associated with other objects.

All actions on the system are recorded against a user's ID for audit purposes. Users should always use their own ID and keep their security details safe.

Creating a new user

The BMC Helix Discovery Administrator can set up new users and assign them to groups. Before creating users, you must ensure that you have set up all the groups that you need. For more information, see Managing-groups.

To create a new user

  1. From the Users page, click Add at the bottom of the page.

  2. In the Add User page, enter details for the new user:

     Field Name

    Details

    Template

    Select one of the following user types:
      • User     to create a standard UI login user account.
     • API Access to create a user account only to be used for access to an API.
     • Event Source to create a user account only to be used as an event source.
    The appropriate fields are enabled or disabled to make populating the user details simpler. For example an API user does not require a password, so the password field are disabled.

    Username

    Login ID of the user.

    Full Name

    Full name of the user.

    Local Login

    Permit Local Login. By default, this option is selected to enable the new user to log in using the local login credentials (besides the BMC Helix SSO credentials). You should permit local login access to one or more administrative users to ensure that you maintain access to the system.
    Make sure to deselect this option if you want the user to log in only through BMC Helix SSO.

    Password

    Password to be allocated to this user. Not used for API Access or Event Source users.

    Verify Password

    Verify the password; it must match. Not used for API Access or Event Source users.

    Password Rules

    (Read-only display) Rules that are used to validate the password strength.

    Options

    Force Password Change On First Login. Specifies that users must change their password when they first login. You can deselect this option if you do not want to force new users to change their passwords, though this is not recommended.

    Groups

    One or more groups that this user will be a member of. By default, all new users are members of the public group.

    For API Access users, the api-access and never-deactivate check boxes are automatically selected.

    For Event Source users, the event-source and never-deactivate check boxes are automatically selected.

  3. To save your changes, click OK.

Note

User names are case sensitive. That is, user names with the same spelling but different case are permitted; for example, Johnson and JOHNSON are not recognized as duplicates.

Amending a user's details

You can change a user's name and the groups that they are a member of. The access defined by the group membership will apply the next time this user logs on.

To amend a user's details

  1. From the Users page, select Edit from the Action list for the user.
    The Set Password page is displayed.
  2. Amend or overwrite Full Name field.
  3. Select one or more Groups that this user is to be a member of.
  4. To save the changes, click OK.

Changing a user's password

If users forget their passwords or if a password is not kept secure, you can assign a new password.

To set a new password for a user

  1. From the Users page, select Set Password from the Action list for the user.
    The page is redisplayed, showing blank Password fields. The existing password is not displayed. Enter a new password for this user in the Password field. Confirm the password in the Verify Password field.
  2. To save the changes, click Apply. The new password will apply the next time the user attempts to log on.
    You can also specify that the user changes their password on their next login. To do this, select Must Change Password from the Action list for the user.

Generating an API token for an account

API Access and Event Source accounts do not have passwords, they use a generated token to enable external clients to make API calls using that account. You can also create a token for any other user account, with the exception of the system user, so that API calls can be made using that account.

API Access users can access the REST API using a token.

To generate an API token for a user

  1. From the Users page, select Generate API Token from the Action list for the user.
    A dialog is displayed containing the token.
    API_token.png
  2. Copy the token and save it for use by external clients.

You cannot revoke an API token for an existing user. You must delete the user.

Preventing a user logging in with a username and password

You might want to prevent a user logging in with a username and password, for example, if the user account is authenticated using a single sign-on system. To do this:

From the Users page, select Deny password login from the Action list for the user account.

Reactivating a user account

If a user's account is not used for a specified period of time, their account is deactivated. To reactivate a deactivated user account, you must be logged in as a member of the unlocker group. You can also deactivate a user's account manually.A deactivated account is never automatically reactivated.

To reactivate a locked user account

  • Check that account reactivation is allowed. 
  • From the Users page, select Reactivate from the Action list for the user account to be reactivated.

Unblocking a user account

If a user unsuccessfully attempts to log in to their account more than the account blocking threshold, their account is blocked. You must be logged in as a member of the unlocker group. 

To unblock a locked user account

From the Users page, select Unblock from the Action list for the user account to be reactivated.

Deleting a user

You can delete any existing user except for yourself or the default system-created users.

To delete an existing user

From the Users page, select Delete from the Action list for the user.

User permissions

User permissions in BMC Helix Discovery are additive. When you grant a user an additional permission (through adding the user to another group), that permission is added to the user's existing permissions. For example, if you grant appmodel permissions to a user with discovery permissions, the user gains no additional permissions because all of the appmodel permissions were already granted in the discovery permission set. Similarly, you cannot add readonly permissions to a system user in the hope of achieving a read-only system user.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*