Roles and permissions

BMC Helix Operations Managementleverages BMC Helix Portal to provide single sign-on authentication for users. In BMC Helix Portal, you can create and edit users and user groups, and assign any of the available permissions, such as creating, modifying, viewing, deleting, or managing objects. However, you cannot create new permissions.

Permissions for console-level and API-level access for BMC Helix Operations Management

Console-level users are tenant administrators and users that are manually created by the tenant administrator require credentials to access the BMC Helix Portal and BMC Helix Operations Management consoles.

API-level users are the users that require programmatic access to BMC Helix Portal and BMC Helix Operations Management. API users have the API key, which includes the access key (similar to a user name) and the secret key (similar to a password). The API key can be used for programmatic access to BMC Helix Portal. This key can be generated by the tenant administrator at a tenant level or by an individual user at a user level.

Important

Do not generate a new secret key for access keys where the key name begins with <Tenant ID@>.

If you want to generate a new secret key for this access key, we recommend that you delete it. A new access key will be automatically created with a new secret key.

For more information, see Setting up access keys for programmatic access.

In BMC Helix Operations Management, a tenant-level API user is created in the following format:

timestamp@tenantid

This user cannot be deleted. If you delete this user, a new API user is automatically created with the same format.

For information about the permissions associated with this user, see List of permissions.

The following table describes the permissions that are available for BMC Helix Operations Management:

Permission	Description
core.devices.view	View devices and device details
core.events.view	View events and event details View event details by using cross-launch Download and export events
core.events.operations	View event operations Create an incident from an event Perform the following event operations: Close Assign Set Priority Acknowledge Un-Acknowledge Add Note Create Incident Trigger Automation
core.events.assignee_operations	View event operations Perform the following event operations: Acknowledge Un-Ackowledge Add Note
core.events.ingest	Generate and update event API Create a TMF-compliant alarm event API Modify an event API keys have this permission by default. Important: To create and update events by using APIs, make sure that you assign this permission to the access key in BMC Helix Portal .
core.event_classes.view	View and search event class View enums
core.event_classes.manage	Create, edit, delete event class Create, edit, delete custom enums Update TMF alarm event mapping service API
core.metrics.ingest	View and ingest metrics data API keys have this permission by default.
core.metrics.view	View the metrics data. With this permission, a user can view all the metrics in a tenant.
core.blackout_policies.view	View the blackout policy list View blackout policy details
core.blackout_policies.manage	View the blackout policy list View blackout policy details Create, edit, delete policy details
core.event_policies.view	View and search for event policies View event policy details View and search for data tables
core.event_policies.manage	View the event policy list View the event policy details Create, edit, delete event policies View, edit, and delete data tables
loganalytics.logs.ingest	If BMC Helix Log Analytics is enabled, this permission is granted by default to API keys.
monitor.user_preferences.manage	Edit user preferences.
monitor.external_entity_types.view	View dynamic entities while adding or editing alarm policies
monitor.alarm_policies.manage	View the list of alarm policies Create, edit, and delete alarm policies
monitor.infrastructure_policies.view	View the list of infrastructure policies.
monitor.infrastructure_policies.manage	View the list of infrastructure policies. Create, edit, and delete infrastructure policies.
monitor.infrastructure_policies.manage_repo	View the list of deployable packages and installation components. View the deployment history.
monitor.infrastructure_policies.manage_package	View the list of deployable packages and installation components. View the deployment history. Download deployable packages. Create, edit, and delete deployable packages. Get the tenant API key.
monitor.manage_patrol_agent	Access the PATROL Agent Uninstall the PATROL Agent View the configuration history of the PATROL Agent
monitor.manage_aqt_authentication	View and manage the PATROL Agent
monitor.patrol_agent_actions.execute	Run PATROL Agent actions remotely from BMC Helix Operations Management.

Roles and permissions for BMC Helix AIOps

As a tenant administrator, you can control access to various features available with the integrated products. Use the following information for assigning permissions to roles.

Roles	Responsibilities	Permissions
Roles	Responsibilities	Application or Service	Resource	Permission
	View Services and individual service details View and manage Situations Note: You can assign some or all of these permissions to a custom user.	aiops	pca	view
			services	view
			situations	view
			situations	manage
	View Services Create and modify service models	aiops	services	view
	View Services Create and modify service models	aiops	services	manage
	Manage roles and permissions View all pages in the BMC Helix AIOps Create and manage notifications in Microsoft Teams	All permissions

Roles and permissions

Permissions for console-level and API-level access for BMC Helix Operations Management

Roles and permissions for BMC Helix AIOps

BMC Helix Operations Management 25.3

On this page