Skip to Content
Information

This site will undergo a brief period of maintenance on Thursday, 23 April at 2:30 AM Central/1:00 PM IST. During a 30 minute window, site availability may be intermittent.

Default language.

Information
Important This documentation space contains information about the SaaS version of BMC Helix Discovery. If you are using the on-premises version of BMC Helix Discovery, see BMC Helix Discovery 25.2 (On-Premises).

Roles and permissions using BMC Helix Portal

BMC Helix Discoveryuses BMC Helix Portal to provide single sign-on authentication for users. In BMC Helix Portal, you can create and edit users and user groups, and assign any of the available permissions, such as creating, modifying, viewing, deleting, or managing objects. However, you cannot create new permissions.

For information on the BMC Helix Discovery permissions, see Managing groups.

As a tenant administrator in BMC Helix Portal, you can control access to various features available with the integrated products. Use the following information for assigning permissions to BMC Helix Discovery users.

BMC Helix Discovery permission nameBMC Helix Portal permission nameDescriptionDSM AdminDSM DiscoveryDSM Service CreationDSM Read Only
admin/dns/readdsm.appliance.network

Enables you to view DNS information.

✅️✅️  
admin/interface/readdsm.appliance.networkEnables you to view interface information from the Appliance Configuration page for network interfaces. ✅️✅️  
admin/interface/writedsm.appliance.networkEnables you to modify interface information.✅️✅️  
admin/log/deletedsm.log.deleteEnables you to delete log files.✅️✅️  
admin/log/infodsm.log.readEnables you to view log files.✅️✅️  
admin/log/readdsm.log.readEnables you to view log files.✅️✅️  
admin/loglevel/readdsm.loglevel.readEnables you to view the log level information. ✅️✅️  
admin/loglevel/writedsm.loglevel.writeEnables you to change the log level information.✅️✅️  
admin/mail/readdsm.appliance.mail

Enables you to view email configuration information on the Appliance Configuration page.

✅️✅️  
admin/mail/writedsm.appliance.mail

Enables you to modify email configuration information on the Appliance Configuration page.

✅️✅️  
admin/routing/readdsm.appliance.networkEnables you to view routing information.✅️✅️  
admin/routing/writedsm.appliance.networkEnables you to modify routing information.✅️✅️  
api/accessdsm.api.accessEnables you to access the external APIs.✅️   
api/datastore/importdsm.api.importEnables you to access the data/import API, which enables you to import data into the BMC Helix Discovery datastore.✅️   
api/datastore/writedsm.api.write

Enables you to access the data/write API, that enables you to modify almost all of the data in the BMC Helix Discovery datastore. Before granting this permission, ensure that you have read and understood the following warning:

Error
Warning

The data/write API allows you to modify almost all of the data in the BMC Helix Discovery datastore. Some changes can violate the system’s expectations about the contents of nodes and relationships, and lead to errors in the user interface or in system behavior. For this reason you should avoid using the API to modify data maintained by the core system or by patterns. In general, the API should only be used to:

  • Add new nodes and relationships that are separate from those maintained by the system
  • Augment nodes that are maintained by the system by adding new attributes and relationships to them, while leaving their existing attributes and relationships unchanged

Because the API is intended for high volume data manipulation use cases, use of the API does not create Audit records. The api/datastore/write permission should only be given to users that have a specific need for it.

✅️   
api/event_sourcedsm.data.event_sourceEnables you to create events for any event source.✅️   
api/license_datadsm.api.accessEnables you to access the external APIs.✅️   
ui/appmodelling/editdsm.model.edit

Enables you to edit the application and service models.

✅️✅️ ✅️
ui/appmodelling/healthdsm.model.healthEnables you to change BMC Helix AIOps health indicators.✅️✅️ ✅️
ui/appmodelling/publishdsm.model.publishEnables you to publish the application and service models. You can also create and delete ModelRules, as well as shared flag overrides. ✅️✅️ ✅️
appliance/backupdsm.appliance.backupEnables you to back up or restore an appliance.✅️✅️  
appliance/info/readdsm.admin.settingsEnables you to view the system configuration.✅️✅️✅️ 
appliance/info/writedsm.admin.settingsEnables you to write system configuration.✅️✅️✅️ 
appliance/maintenancedsm.appliance.powerEnables you to put the system into maintenance mode. ✅️✅️  
appliance/rebootdsm.appliance.powerEnables you to reboot the appliance.✅️✅️  
appliance/restartdsm.appliance.powerEnables you to restart services.✅️✅️  
appliance/shutdowndsm.appliance.powerEnables you to shut down the appliance.✅️✅️  
appliance/supportdsm.admin.supportEnables you to view the support information. ✅️✅️  
appliance/updatedevicesdsm.knowledge.updateEnables you to update devices.✅️✅️✅️ 
appserver/debugdsm.ui.debugEnables you to debug the appserver.✅️✅️  
appserver/logindsm.ui.loginEnables you to log in to the appserver.✅️✅️✅️✅️
appserver/sessionaccessdsm.admin.usersEnables you to access session information.✅️✅️  
baseline/admindsm.baseline.adminEnables you to change the baseline configuration.✅️✅️  
baseline/readdsm.baseline.readEnables you to view the baseline configuration from the Baseline page.✅️✅️  
baseline/updatedsm.baseline.writeEnables you to modify the baseline configuration.✅️✅️  
admin/category/createmodifydsm.admin.categoryEnables you to create and modify categories from the Custom Categories page.✅️✅️  
admin/channel/readdsm.admin.dashboardEnables you to view channels from the Channels page. ✅️✅️  
admin/channel/writedsm.admin.dashboardEnables you to write channels from the Channels page. ✅️✅️  
cluster/managementdsm.appliance.clusterEnables you to perform cluster management operations.✅️✅️  
cmdb_syncdsm.cmdb.syncEnables you to configure and manage CMDB synchronization.✅️✅️✅️✅️
consolidation/consolidation/writedsm.discovery.consolidation

Enables you to change the configuration on the consolidation appliance.

✅️✅️✅️ 
consolidation/discovery/writedsm.discovery.consolidationEnables you to configure consolidation appliances. ✅️✅️✅️ 
consolidation/readdsm.discovery.consolidationEnables you to view the configuration on the consolidation appliance.✅️✅️✅️ 
discovery/credentials/testdsm.credential.testEnables you to test discovery credentials.✅️✅️✅️ 
discovery/filters/readdsm.discovery.scriptsEnables you to view the discovery filters.✅️✅️✅️ 
discovery/filters/writedsm.discovery.scriptsEnables you to modify the discovery filters.✅️✅️✅️ 
discovery/host/accessdsm.discovery.host

Enables you to capture the network device information.

✅️✅️✅️ 
discovery/kslave/readdsm.discovery.outposts

Enables you to view the Outposts.

✅️✅️✅️ 
discovery/kslave/writedsm.discovery.outpostsEnables you to modify the Outposts.✅️✅️✅️ 
discovery/options/readdsm.discovery.optionsEnables you to view the discovery options.✅️✅️✅️ 
discovery/options/writedsm.discovery.optionsEnables you to modify the discovery options.✅️✅️✅️ 
discovery/platforms/readdsm.discovery.scriptsEnables you to view the discovery scripts.✅️✅️✅️ 
discovery/platforms/writedsm.discovery.scriptsEnables you to modify discovery scripts.✅️✅️✅️ 
discovery/port/settingsdsm.discovery.optionsEnables you to configure the port settings.✅️✅️✅️ 
external_data/ddd/readdsm.data.external_consumersEnables you to view the DDD external data configuration.✅️✅️  
external_data/ddd/writedsm.data.external_consumersEnables you to modify the DDD external data configuration.✅️✅️  
cluster/file_distributiondsm.appliance.clusterEnables you to distribute files to other cluster members.✅️✅️  
admin/import/csvdsm.data.importEnables you to import CSV data from the Import CSV Data page.✅️✅️✅️✅️
model/audit/purgedsm.audit.purge

Enables you to purge the audit log. You can purge the audit log of events older than one month (events less than one month old cannot be deleted) from the Audit Purge page.

✅️✅️  
model/audit/readdsm.audit.accessEnables you to view the audit log. ✅️✅️  
model/datastore/internal/clusterdsm.appliance.clusterEnables you to use the internal cluster interface.✅️✅️✅️✅️
model/datastore/main/writedsm.data_main.readEnables you to view the datastore through the UI.✅️✅️✅️✅️
model/datastore/partition/%s/readdsm.data_main.write

Enables you to modify the datastore through the UI.

✅️✅️✅️✅️
model/search/canceldsm.search.admin

Enables you to cancel searches submitted by all users.

✅️✅️  
model/search/listdsm.search.adminEnables you to list searches submitted by all users.✅️✅️  
model/taxonomy/nodekind/readdsm.taxonomy.read

Enables you to view NodeKind information (node, relationship, and role).

✅️✅️  
model/taxonomy/nodekind/writedsm.taxonomy.write

Enables you to modify NodeKind information (node, relationship, and role).

✅️✅️  
model/taxonomy/relkind/readdsm.taxonomy.read

Enables you to view RelationshipKind information.

✅️✅️  
model/taxonomy/relkind/writedsm.taxonomy.writeEnables you to modify RelationshipKind information.✅️✅️  
model/taxonomy/rolekind/readdsm.taxonomy.readEnables you to view the RoleKind information.✅️✅️  
model/taxonomy/rolekind/writedsm.taxonomy.writeEnables you to modify the RoleKind information.✅️✅️  
cluster/monitored_operationdsm.appliance.clusterEnables you to record and request the status of monitored operations.✅️✅️  
reasoning/events/readdsm.discovery.scanEnables you to view the discovery scans.✅️✅️✅️ 
reasoning/events/writedsm.discovery.scanEnables you to modify the discovery scans.✅️✅️✅️ 
reasoning/open_scandsm.discovery.scanEnables you to manage the open discovery scans.✅️✅️✅️ 
reasoning/pattern/configdsm.knowledge.configEnables you to configure patterns.✅️✅️✅️✅️
reasoning/pattern/executedsm.knowledge.executeEnables you to run patterns through the UI.✅️✅️✅️✅️
reasoning/pattern/writedsm.knowledge.updateEnables you to modify the pattern information (activate, delete, or compile).✅️✅️✅️✅️
reasoning/ranges/readdsm.discovery.scanEnables you to view the discovery scan ranges.✅️✅️✅️ 
reasoning/ranges/writedsm.discovery.scanEnables you to modify the discovery scan ranges.✅️✅️✅️ 
reasoning/startdsm.discovery.controlEnables you to start reasoning.✅️✅️✅️ 
reasoning/startstopdsm.discovery.controlEnables you to start and stop reasoning.✅️✅️✅️ 
reasoning/statusdsm.discovery.statusEnables you to view the reasoning status information.✅️✅️✅️✅️
reasoning/stopdsm.discovery.controlEnables you to stop reasoning.✅️✅️✅️ 
reports/readdsm.reports.readEnables you to view and download report documents.✅️✅️✅️✅️
reports/saved_queries/writedsm.reports.saved_queriesEnables you to modify user-saved queries.✅️✅️  
appliance/reportsusage/resetdsm.admin.supportEnables you to view the support information. ✅️✅️  
reports/writedsm.reports.writeEnables you to create report documents.✅️✅️  
security/group/readdsm.discovery_security.groups

Enables you to view group membership for users.

✅️✅️  
security/group/writedsm.discovery_security.groupsEnables you to modify group membership for users.✅️✅️  
security/https/admindsm.appliance.networkEnables you to configure HTTPS on the appliance.✅️✅️  
security/options/readdsm.discovery_security.optionsEnables you to view the security options, which include accounts and passwords, the login page, and the UI security page.✅️✅️  
security/options/writedsm.discovery_security.optionsEnables you to configure the security options, which include accounts and passwords, the login page, and the UI security page.✅️✅️  
security/sessions/viewdsm.admin.users

Enables you to view the list of active sessions.

✅️✅️  
security/user/activatedsm.discovery_security.users

Enables you to activate the user account.

✅️✅️  
security/user/readdsm.discovery_security.usersEnables you to view user security information.✅️
✅️		  
security/user/writedsm.discovery_security.usersEnables you to configure user security information.✅️✅️  
system/configuration/readdsm.admin.systemEnables you to view system configuration and settings.✅️   
system/configuration/writedsm.admin.systemEnables you to write system configuration and settings.✅️✅️  
system/licensingdsm.admin.licensingEnables you to view and modify licensing information.✅️✅️  
system/settings/readdsm.admin.settingsEnables you to view system configuration.✅️✅️✅️ 
system/settings/writedsm.admin.settingsEnables you to write system configuration.✅️✅️✅️ 
ui/dashboard/admindsm.admin.dashboardEnables you to modify channels from the Channels page. ✅️✅️  
ui/report/admindsm.search.query

Enables you to access the Generic Search Query page and enter search queries.

✅️✅️✅️✅️
ui/taxonomy/admindsm.taxonomy.readEnables you to view the taxonomy.✅️✅️✅️✅️
vault/closedsm.discovery_vault.control

Enables you to close the credential vault from the Vault Management page of the UI.

✅️✅️✅️ 
vault/credential_types/readdsm.discovery_vault.readEnables you to view the credential types ✅️✅️✅️ 
vault/credentials/exportdsm.discovery_vault.exportEnables you to export the credential vault.✅️✅️  
vault/credentials/readdsm.discovery_vault.readEnables you to view credentials.✅️✅️✅️ 
vault/credentials/writedsm.discovery_vault.writeEnables you to modify credentials.✅️✅️✅️ 
vault/opendsm.discovery_vault.controlEnables you to open the credential vault from the Vault Management page of the UI.✅️✅️✅️ 
vault/passphrasedsm.discovery_vault.controlEnables you to set or change the passphrase for the credential vault.✅️✅️✅️ 

data_cmdb_sync read

dsm.data_cmdb_sync.read 

Enables you to read from the CMDBSync partition.

✅️

✅️

✅️

✅️

data_cmdb_sync write

dsm.data_cmdb_sync.write

Enables you to write to the CMDBSync partition.

✅️

 

 

 

data_default read

dsm.data_default.read

Enables you to read from the Default partition.

✅️

✅️

✅️

✅️

data_default write

dsm.data_default.write

Enables you to write to the Default partition.

✅️

 

 

✅️

data_import read

dsm.data_import.read

Enables you to read from the DDD and Import partitions.

✅️

✅️

✅️

✅️

data_import write

dsm.data_import.write

Enables you to write to the DDD and Import partitions.

✅️

 

 

 

data_internal read

dsm.data_internal.read

Enables you to read from the Internal partition.

✅️

✅️

✅️

✅️

data_internal write

dsm.data_internal.write

Enables you to write to the Internal partition.

✅️

 

 

 

data_other read

dsm.data_other.read

Enables you to view other data.

✅️

✅️

✅️

✅️

data_other write

dsm.data_other.write

Enables you to modify other data.

✅️

 

 

 

data_sensitive read

dsm.data_sensitive.read

Enables you to view sensitive data filters.

✅️

 

 

 

data_sensitive write

dsm.data_sensitive.write

Enables you to modify sensitive data filters.

✅️

 

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Discovery (SaaS)