Mapping LDAP groups to user roles for the Console

If your LDAP groups correspond to the user roles in the BMC Application Performance Management Console, you can map those groups to the user roles. Mapping LDAP groups to user roles enables you to manage your user permissions for the Console from your LDAP server.

You can modify the mapping by adding groups to or removing groups from a user role. 

Before you begin

• You must have Configured LDAP authentication for the Console.
• You must know the names of the LDAP groups. 
• To perform these procedures, you must have Security- or Administrator-level access, or have Access Manager-level access. 

To map an LDAP group to a user role in the Console

1. On the Console, select System Access > LDAP > Action > Role Mapping.
   
   The Role Mapping page lists the system user roles and any corresponding LDAP groups.
2. From the Action menu, select Edit Mapping.
3. On the Edit Role Mappings page, select a user role from the Roles menu.
4. In the Group Lookup box, start typing a character string in the LDAP group name, and click the arrow button to select the group for the active role. 
5. Repeat step 4, as necessary to add groups for this user role.
   
   The selected groups and their full DNs are displayed with the corresponding user role.
6. Repeat steps 2–5, as necessary, for each user role.
7. Click Save.

To remove an LDAP group from a user role mapping in the Console

1. On the Console, select System Access > LDAP > Action > Role Mapping.
2. From the Action menu, select Edit Mapping.
3. On the Edit Role Mappings page, select a user role from the Roles menu.
4. Click the X to the right of each LDAP group to remove from the selected user role, and click Save.
   
   If you accidentally delete a group, click Cancel to start over. 

Related topics

LDAP-authentication-and-authorization

Configuring-LDAP-authentication-for-the-Console

Configuring-LDAP-for-tenant-users

User-accounts-and-roles