Skip to Content

Enabling role-based access control in BMC Helix AIOps

Warning
Important

Role-based access control is an early-release capability and is not enabled by default in BMC Helix AIOps. This feature is available only to a limited set of customers, and its availability or behavior might change in future releases. To enable this feature for your tenant, contact BMC Helix Support.

As a tenant administrator, you can configure role-based access control (RBAC) by using authorization profiles to define which services operators or SREs can access. Based on these assignments, only the related events, situations, and predictions are available, ensuring that users work only on issues within their assigned scope.

Authorization profiles apply service-level access consistently across the environment, supporting clear separation of operational responsibilities while ensuring users see only the data relevant to their roles.

Supported objects

Authorization profiles support access control for the following objects:

  • Services
  • Situations
  • Events
  • Predictions

To enable role-based access control

As a tenant administrator, perform the following actions:

  1. From BMC Helix Portal, add users to a group.
    For more information, see Setting up user groups.
  2. From BMC Helix Operations Management, configure authorization profiles to:
    • Define which objects (such as services and devices) a user group can access
    • Associate authorization profiles with one or more user groups
    • Ensure that only permitted data is visible to the users of those groups
      For more information, see Configuring authorization profiles
  3. From the BMC Helix AIOps console, click Configurations, and then Manage Product Features.
  4. On the Manage Product Features page, enable the Role-based access control option.

Scenario: Role-based access control by using authorization profiles

At Apex Global, Susan is the tenant administrator responsible for managing access across BMC Helix AIOps. She ensures that operators can access only the services relevant to their responsibilities. Joseph and John are operators with restricted access. Joseph is responsible for database services, and John manages operating system services.

To maintain clear separation of responsibilities, Susan enables role-based access control and configures authorization profiles.

To enable role-based access control

Before configuring authorization profiles, Susan enables RBAC in BMC Helix AIOps:

  1. In the BMC Helix AIOps console, she navigates to Configurations > Manage Product Features.
  2. She enables the Role-based access control option.

After RBAC is enabled, access to services, situations, and events is controlled based on authorization profiles.

To configure authorization profiles

Susan configures authorization profiles to control which services each operator can access. After the profiles are saved, related situations and events are automatically filtered based on the assigned services.

To configure authorization profiles, Susan performs the following steps: 

  1. Susan logs in as a tenant administrator and navigates to BMC Helix Operations Management > Authorization Profiles.
  2. She creates or updates the authorization profile for the operator user group that includes Joseph.
  3. She selects five database services, assigns them to the profile, and saves the configuration.
  4. Susan creates a separate authorization profile for John’s OS operations user group.
  5. She selects three operating system services for John and saves the profile.
    The permissions are applied immediately after the profiles are saved. 

The following database services are assigned to Joseph:

image (10) (1).png

The following operating system services are assigned to John:

OS_services.png

To validate access for restricted users

  1. Joseph logs in as an operator. On the Services page, he can see only the five database services assigned to his authorization profile. Operating system services are not visible.
    image (13) (1).png
  2. Joseph opens one of the permitted database services. On the service details page, he can view service health, associated situations, and business impact (where applicable).
  3. In situations, only situations related to Joseph’s permitted database services are listed. He drills into a situation to view its details.
  4. In events, only events associated with the permitted database services are displayed.
  5. John logs in as an operator. On the Services page, he can see only the three operating system services assigned to his authorization profile. John does not see any services, situations, or events outside the operating system services relevant to his role.
    OS_services_page.png

Result

After authorization profiles are configured:

  • Users can view only the services assigned to their authorization profiles.
  • Situations and events are automatically filtered to include only data related to those services.
  • Access control is applied consistently across services, situations, and events.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix AIOps 26.1