Roles and permissions

BMC Helix AIOpsleverages BMC Helix Portal to provide single sign-on authentication for users.

As an administrator, you can create and edit users, user groups, and roles in BMC Helix Portal. You can assign any of the roles or permissions to users, such as creating, modifying, viewing, deleting, or managing objects in BMC Helix Portal. However, you cannot create new permissions.

As a BMC Helix Single Sign-On administrator, you can configure infinite user sessions for BMC Helix AIOps in the BMC Helix SSO Admin Console, so that your session remains active all the time. For information about how to configure this setting, see Configuring infinite user sessions.

Related topics

Product-overview

Setting up roles and permissions

The following video (2:46) provides an overview of permissions and how to assign them to roles in BMC Helix Portal:

Watch the YouTube video about Assigning permissions to user roles in BMC Helix Portal.

Consult the following table to understand the default roles available in the product and the capabilities and permissions assigned to each role.

Important

In some organizations, these responsibilities are performed by site reliability engineering team (SRE). So, you might want to assign these permissions accordingly.

Role	Responsibilities	Permissions
Important: In addition to the permissions listed here, by default, all users must be assigned the DSM Read Only role in BMC Helix Portal. For more information, see Setting up role-based access control.
Operator	View Services and individual service details View service predictions View and manage Situations Run and request automations Configure general settings such as setting a default landing page, enabling the dark theme for the console, or configuring the default data refresh interval for UI pages.	aiops/pca/view aiops/services/view aiops/situations/view aiops/situations/manage	pca	view
			services	view
			situations	view
			situations	manage
Service Designer	View Services and service predictions Create and modify service models Create and modify service blueprints Run and request automations Enable dark theme for the BMC Helix AIOps console Important: For modeling service blueprints and services, you need additional permissions for viewing devices and groups in BMC Helix Operations Management. For more information, see Authorization profile.	aiops/services/view aiops/services/manage	services	view
Service Designer		aiops/services/view aiops/services/manage	services	manage
Tenant Administrator	Manage roles and permissions View all pages in BMC Helix AIOps Enable AIOps features Enable situations to aggregate events Create automation BMC Helix Intelligent Automation Monitor and investigate vulnerabilities	All permissions
Vulnerability Manager	View the BMC Helix AIOps overview page View top vulnerabilities and remediation owners View vulnerability summary and details, and generate remediation steps Assign categories to vulnerabilities Create custom dashboards by using BMC HelixGPT Insight Finder Important: The Vulnerability Manager is an out-of-the-box role created for BMC Helix Automation Console. It does not have permissions to view and manage services. To access the full capabilities of BMC Helix Vulnerability Resolver, you must create a user and assign it the Vulnerability Manager role and additional BMC Helix AIOps-related permissions.
		Automation Console	Vulnerability	Manage Scan
			Vulnerability	View
			Vulnerability	Close
			Vulnerability	Exception View
			Vulnerability	Exception Manage
			Vulnerability	Vulnerability Operation
			Vulnerability	Manage Category
			Vulnerability	Assign Category
			Security group	Manage
			Security group	View
			SLA	Manage
			SLA	View
			Tag	Manage
			Connector	Manage
			Connector	View
			Reports	View

This table describes the default permissions that are available when you add a new role. All permissions listed in the table are part of the aiops application. To learn how to add permissions to a role, see Setting up roles and permissions.

Important

To perform various tasks related to services and situations, you need permissions in BMC Helix Operations Management and BMC Helix Discovery in addition to the permissions listed in the following table,

Permission	Description
overview/view	View the Overview page.
pca/view	View the root cause analysis for an issue that impact a service.
aiops/situations/view	View situations.
aiops/situations/manage	View situations. Perform the following actions on a situation: Acknowledge or unacknowledge Assign Close Take or decline ownership Set priority Add notes
aiops/services/manage	View services and service predictions. Create and modify service models. Create and modify service blueprints. Run and request automations – event level.
aiops/services/view	View services.

In addition to the above permissions, you need the permissions listed the following table to perform various tasks related to services and situations:

Goal	Permissions required
	aiops	dsm	core	monitor
Create a service	aiops/services/manage	data_main.read data_main.write data_cmdb_sync.read data_default.read data_default.write data_import.read data_internal.read data_other.read discovery.status knowledge.config knowledge.execute knowledge.update model.edit model.publish reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations	user_preferences.manage
View a service	aiops/services/view	data_main.read data_cmdb_sync.read data_default.read data_import.read data_internal.read data_other.read discovery.status knowledge.config reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations	user_preferences.manage
Edit a service	aiops/services/manage	data_main.read data_main.write data_cmdb_sync.read data_default.read data_default.write data_import.read data_internal.read data_other.read discovery.status knowledge.config knowledge.execute knowledge.update model.edit model.publish reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations	user_preferences.manage
Create a blueprint	aiops/services/manage	data_main.read data_main.write data_cmdb_sync.read data_default.read data_default.write data_import.read data_internal.read data_other.read discovery.status knowledge.config knowledge.execute knowledge.update model.edit model.publish reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
View a blueprint	aiops/services/view	data_main.read data_cmdb_sync.read data_default.read data_import.read data_internal.read data_other.read discovery.status knowledge.config reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
Edit a blueprint	aiops/services/manage	data_main.read data_main.write data_cmdb_sync.read data_default.read data_default.write data_import.read data_internal.read data_other.read discovery.status knowledge.config knowledge.execute knowledge.update model.edit model.publish reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
View root cause analysis	aiops/pca/view	data_main.read data_cmdb_sync.read data_default.read data_import.read data_internal.read data_other.read discovery.status knowledge.config reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
View a situation	aiops/situations/view	data_main.read data_cmdb_sync.read data_default.read data_import.read data_internal.read data_other.read discovery.status knowledge.config reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
View the impacted services of a situation	aiops/situations/view aiops/services/view	data_main.read data_cmdb_sync.read data_default.read data_import.read data_internal.read data_other.read discovery.status knowledge.config reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
Analyze a situation	aiops/situations/manage	data_main.read data_cmdb_sync.read data_default.read data_import.read data_internal.read data_other.read discovery.status knowledge.config reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
Performing other actions on a situation	aiops/situations/manage	data_main.read data_main.write data_cmdb_sync.read data_default.read data_default.write data_import.read data_internal.read data_other.read discovery.status knowledge.config knowledge.execute knowledge.update model.edit model.publish reports.read search.query taxonomy.read ui.login	blackout_policies.view event_classes.view devices.view devices.manage event_policies.view events.view events.assignee_operations
Run an existing automation Request a new automation Create an automation policy	aiops/pca/view aiops/situations/view aiops/situations/manage aiops/services/view aiops/services/manage


Configure general settings such as dark theme and page refresh interval

Additional permissions for the Vulnerability Manager to access BMC Helix Vulnerability Resolver	aiops/overview/view aiops/services/view aiops/services/manage

Roles and permissions

On this page