Tenant user access control

Tenant users must use only Infrastructure Management to retrieve performance data. BMC does not recommend tenant users accessing the operator console and the administration console.

Guidelines for implementing tenant user access control

BMC recommends that for tenant user access control:

  1. Create a common role with minimal permissions sufficient to access performance data through web services.
  2. Use that role as the only role in user groups of which the tenant user is a member.

For example, consider user Eddy who belongs to tenant BMC, and user Alice who belongs to tenant eSuperMart. To set up access control, the administrator must:

  1. Create a common role called "Tenant User Role" and assign minimal permissions to this role
  2. Also create the "BMC Group" and "eSuperMart Group" user groups and add "PublishQualifiedCIs" to both of these user groups
  3. Add Eddy to "BMC Group" and Alice to "eSuperMart Group".

Even in case of a new tenant, the administrator can create a new user group with the same common role: "Tenant User Role".

Creating roles and user groups

Perform the following steps to create roles and user groups:

  1. In the administration console, on the Administration tab, expand Advanced Options, right-click Role, and select Add Role.
  2. In the Roles and Permissions dialog box:
    1. Specify an appropriate name for the role you want to create (for example, Tenant User Role).
    2. Under the Permissions List, select the Allow Operations Console (mandatory for creating a role) and the Allow to retrieve Performance Data check boxes, and deselect all the other check boxes.
    3. Click Finish.
  3. Right-click User Group, and select Add User Group.
  4. In the User Group dialog box:
    1. Specify an appropriate name for the user group you want to create (for example, BMC Group).
    2. In the Available Roles list box, select Tenant User Role (the role you created in step 2), and add it to the Selected Roles list box.
    3. Click Finish.

user_roles.JPG

The "Tenant User Role" has been created and has been added to the newly formed "BMC Group" user group.

For more information about roles and user groups, see Managing-users-with-configuration-item-based-access-control.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*