Mapping LDAP groups to user roles for the Console

If your LDAP groups correspond to the user roles in the BMC Real End User Experience Monitoring product, you can map those groups to the user roles. Mapping LDAP groups to user roles enables you to manage your user permissions for the BMC Application Performance Management Console from your LDAP server.

You can map multiple groups to a single user role, but you cannot map a group to more than one user role. You can modify the mapping by removing or adding groups to a user role. 

Note

You cannot override the role of a single user in a group that is mapped to a role.

Before you begin

To map an LDAP group to a user role

  1. On the BMC Application Performance Management Console, select System Access > LDAP > Role Mapping.

    The Role Mapping page lists the system user roles and their corresponding LDAP groups.  
  2. Select the Edit Mapping menu option for the corresponding user role.
  3. On the Edit Groups of Role page, enter the name of an LDAP group, and click Add.
  4. Repeat step 3, as necessary, for this user role, and click Save.

    The specified groups appear with the corresponding user role.
  5. Repeat steps 2–4, as necessary, for each user role.

To remove an LDAP group from a user role mapping

  1. On the BMC Application Performance Management Console, select System Access > LDAP > Role Mapping.
  2. Select the Edit Mapping menu option for the corresponding user role.
  3. Click the X to the right of each LDAP group to remove from the selected user role, and click Save.

    If you accidentally delete a mapping, click Cancel to start over. 

Related topics

LDAP-accounts

Configuring-LDAP-authentication-for-the-Console

Selecting-an-account-management-model

User-accounts-and-roles

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*