Setting up access control

Authorization profiles

Use BMC Helix Operations Management to manage authorization profiles so that the administrators and non-administrator users can successfully perform all the activities within the defined organizational boundaries while using the console. BMC Helix Operations Management uses BMC Helix SSO to authenticate users. With authorization profiles, you can implement role-based and data-level access control.

Authorization profiles are a grouping of the following types of information that is required to provide a user-level permissions and data-level permissions:

Authorization profiles associate users who belong to one or more user groups with specific objects. By default, a user who is a member of the Administrators user group can create, edit, and delete authorization profiles. 

Authorization profiles comprise user groups and objects, which you specify or select when creating or editing the profile.  You cannot create or modify the required components when creating or modifying an authorization profile. The following diagram and table describe the required components and show their relationship to an authorization profile. 

You can create or configure the authorization profile components in any order, but you cannot create an authorization profile without them.

The following persona-based authorization profiles are available by default:

• Administrator
• Operator

For instructions on creating authorization profiles, see Configuring-authorization-profiles.

Users and user groups

From BMC Helix Operations Management, you cannot view, modify, or delete users and user groups. You must log into BMC Helix Portal as a tenant administrator and perform the changes.

To access BMC Helix Portal, click the link in your welcome email from BMC. 

In BMC Helix Portal, you need to assign user groups to appropriate roles to delegate access permissions to users.