Roles and permissions
BMC Helix Operations Management leverages BMC Helix Portal to provide single sign-on authentication for users. In BMC Helix Portal, you can create and edit users and user groups, and assign any of the available permissions, such as creating, modifying, viewing, deleting, or managing objects. However, you cannot create new permissions.
The following video (2:46) provides an overview of permissions and how to assign them to roles in BMC Helix Portal:
Permissions for console-level and API-level access for BMC Helix Operations Management
Console-level users are tenant administrators and users that are manually created by the tenant administrator require credentials to access the BMC Helix Portal and BMC Helix Operations Management consoles.
API-level users are the users that require programmatic access to BMC Helix Portal and BMC Helix Operations Management. API users have the API key, which includes the access key (similar to a user name) and the secret key (similar to a password). The API key can be used for programmatic access to BMC Helix Portal. This key can be generated by the tenant administrator at a tenant level or by an individual user at a user level.
In BMC Helix Operations Management, a tenant-level API user is created in the following format:
timestamp@tenantid
This user cannot be deleted. If you delete this user, a new API user is automatically created with the same format.
For information about the permissions associated with this user, see List of permissions.
The following table describes the permissions that are available for BMC Helix Operations Management:
| Permission | Description | 
|---|---|
| core.devices.view | View devices and device details | 
| core.events.view | 
 | 
| core.events.operations | 
 | 
| core.events.assignee_operations | 
 | 
| core.events.ingest | 
 API keys have this permission by default. Important: | 
| core.event_classes.view | 
 | 
| core.event_classes.manage | 
 | 
| core.metrics.ingest | 
 API keys have this permission by default. | 
| core.metrics.view | View the metrics data. With this permission, a user can view all the metrics in a tenant. | 
| core.blackout_policies.view | 
 | 
| core.blackout_policies.manage | 
 | 
| core.event_policies.view | 
 | 
| core.event_policies.manage | 
 | 
| loganalytics.logs.ingest | If BMC Helix Log Analyticsis enabled, this permission is granted by default to API keys. | 
| monitor.user_preferences.manage | Edit user preferences. | 
| monitor.external_entity_types.view | View dynamic entities while adding or editing alarm policies | 
| monitor.alarm_policies.manage | 
 | 
| monitor.infrastructure_policies.view | View the list of infrastructure policies. | 
| monitor.infrastructure_policies.manage | 
 | 
| monitor.infrastructure_policies.manage_repo | 
 | 
| monitor.infrastructure_policies.manage_package | 
 | 
| monitor.manage_patrol_agent | 
 | 
| monitor.manage_aqt_authentication | View and manage the PATROL Agent | 
| monitor.patrol_agent_actions.execute | Run PATROL Agent actions remotely from BMC Helix Operations Management. | 
Roles and permissions for BMC Helix AIOps
As a tenant administrator, you can control access to various features available with the integrated products. Use the following information for assigning permissions to roles:
| Roles | Responsibilites | Permissions | ||
|---|---|---|---|---|
| Application or Service | Resource | Permission | ||
| Operator | 
 Note: You can assign some or all of these permissions to a custom user. | aiops | pca | view | 
| services | view | |||
| situations | view | |||
| situations | manage | |||
| Service Designer | 
 | aiops | services | view | 
| services | manage | |||
| Tenant Administrator | 
 | All permissions | ||
 
