Default language.

Roles and permissions


BMC Helix Operations Managementleverages BMC Helix Portal to provide single sign-on authentication for users. In BMC Helix Portal, you can create and edit users and user groups, and assign any of the available permissions, such as creating, modifying, viewing, deleting, or managing objects. However, you cannot create new permissions.

 

The following video (2:46) provides an overview of permissions and how to assign them to roles in BMC Helix Portal:

icon_play.pnghttps://youtu.be/e6Hc8UZpPfg

 

Permissions for console-level and API-level access for BMC Helix Operations Management

Console-level users are tenant administrators and users that are manually created by the tenant administrator require credentials to access the BMC Helix Portal and BMC Helix Operations Management consoles.

API-level users are the users that require programmatic access to BMC Helix Portal and BMC Helix Operations ManagementAPI users have the API key, which includes the access key (similar to a user name) and the secret key (similar to a password). The API key can be used for programmatic access to BMC Helix Portal. This key can be generated by the tenant administrator at a tenant level or by an individual user at a user level.

Important

Do not generate a new secret key for access keys where the key name begins with <Tenant ID@>

If you want to generate a new secret key for this access key, we recommend that you delete it. A new access key will be automatically created with a new secret key.

For more information, see Setting up access keys for programmatic access.

In BMC Helix Operations Management, a tenant-level API user is created in the following format:

timestamp@tenantid

This user cannot be deleted. If you delete this user, a new API user is automatically created with the same format.

For information about the permissions associated with this user, see List of permissions.

The following table describes the permissions that are available for BMC Helix Operations Management:

Permission

Description

core.devices.view

View devices and device details

core.events.view

  • View events and event details
  • View event details by using cross-launch 
  • Download and export events

core.events.operations

  • View event operations
  • Create an incident from an event
  • Perform the following event operations:
    • Close
    • Assign
    • Set Priority
    • Acknowledge
    • Un-Acknowledge
    • Add Note
    • Create Incident
    • Trigger Automation 

core.events.assignee_operations

  • View event operations
  • Perform the following event operations:
    • Acknowledge
    • Un-Ackowledge
    • Add Note

core.events.ingest

  • Generate and update event API
  • Create a TMF-compliant alarm event API
  • Modify an event

API keys have this permission by default.

Important:
To create and update events by using APIs, make sure that you assign this permission to the access key in BMC Helix Portal .

core.event_classes.view

  • View and search event class
  • View enums

core.event_classes.manage

  • Create, edit, delete event class
  • Create, edit, delete custom enums
  • Update TMF alarm event mapping service API

core.metrics.ingest

  • View and ingest metrics data

API keys have this permission by default.

core.metrics.view

View the metrics data.

With this permission, a user can view all the metrics in a tenant.

blackout_policies.view

  • View the blackout policy list
  • View blackout policy details

blackout_policies.manage

  • View the blackout policy list
  • View blackout policy details
  • Create, edit, delete policy details

event_policies.view

  • View and search for event policies
  • View event policy details
  • View and search for data tables

event_policies.manage

  • View the event policy list
  • View the event policy details
  • Create, edit, delete event policies
  • View, edit, and delete data tables

loganalytics.logs.ingest

If  BMC Helix Log Analyticsis enabled, this permission is granted by default to API keys.

monitor.user_preferences.manage

Edit user preferences.

monitor.external_entity_types.view

View external entities while adding or editing alarm policies

monitor.external_entity_types.view

View dynamic entities while adding or editing alarm policies

monitor.alarm_policies.manage

  • View the list of alarm policies
  • Create, edit, and delete alarm policies

monitor.infrastructure_policies.view

View the list of infrastructure policies.

monitor.infrastructure_policies.manage

  • View the list of infrastructure policies.
  • Create, edit, and delete infrastructure policies.

monitor.infrastructure_policies.manage_repo

  • View the list of deployable packages and installation components
  • Create deployable packages

manage_patrol_agent

  • Access the PATROL Agent
  • Uninstall the PATROL Agent
  • View the configuration history of the PATROL Agent

manage_aqt_authentication

View and manage the PATROL Agent

monitor.patrol_agent_actions.execute

Run PATROL Agent actions remotely from BMC Helix Operations Management.

 

Roles and permissions for BMC Helix AIOps

As a tenant administrator, you can control access to various features available with the integrated products. Use the following information for assigning permissions to roles.

Roles

Responsibilities

Permissions

Application or Service

Resource

Permission

aiops_orientation_operator.png

Note: You can assign some or all of these permissions to a custom user.

aiops

pca

view

services

view

situations

view

situations

manage

aiops_orientation_servicedesigner.png

aiops

services

view

services

manage

aiops_orientation_tenantadmin.png

All permissions

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*