Role-based access


Role-based access (RBAC) to the features and components comprised in 

TrueSight Operations Management

 is enabled by persona-based authorization profiles. Each authorization profile is associated with one or more BMC Remedy Single Sign-On realms and comprises user groups, roles and permissions, and objects. Collectively, the authorization profile components determine the features and objects that users can access and monitor. You can use each default authorization profile as is, you can modify its attributes, or you can create your own authorization profiles.

This topic provides an overview of authorization profiles and the components that compose them.

Overview of the RBAC process

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

Realms and tenants

Tenants or realms segment users in Remedy Single Sign-On and enable multitenancy support. In TrueSight Operations Management, each realm represents a tenant.

The * tenant (realm), with default user groups and users, is created in Remedy Single Sign-On when you install the TrueSight Presentation Server component.

For information about supported versions of BMC Remedy Single Sign-On, see System-requirements-for-Presentation-Server.

Authorization profile structure

The following diagram illustrates the basic structure of an authorization profile. Each profile is associated with one or more realms and comprises user groups, roles and permissions, and objects. You can use each default authorization profile as is, you can modify any of its elements, or you can create your own authorization profiles. 

authorizationProfile.png

The Superadmin in the * tenant (realm) can create and modify authorization profiles and apply them to multiple tenants. Authorization profiles created by tenant administrators apply to users of that tenant. For more information about tenant user administration, see Access control for SaaS administrators.

Authorization Profile components

When creating an authorization profile, you must already know the user groups, roles, and objects required for the new profile. You cannot create or modify components during the creation of the authorization profile. See the following topics for more information about modifying and creating the required elements:

Default authorization profiles

The following persona-based authorization profiles are created in the TrueSight Presentation Server for the * tenant (realm) during the installation of the TrueSight Presentation Server component:

  • API-Only User
  • Application Specialist–Applications
  • Application Specialist–Services
  • Capacity Administration
  • Capacity Planning
  • Capacity View
  • Cloud Cost Control
  • Cloud Cost Control Consumer
  • Executive
  • IT Operations User
  • Service Manager
  • Solution Administrator
  • Technology Specialist

Solution Administrator profile

By default, users in the Solution Administrator profile are associated with the roles, permissions, and objects that enable those users to access all features in the products, including the ability to modify and create authorization profiles. 

The following table shows the user groups, roles and permissions, and objects the compose the Solution Administrator authorization profile. However, you must note the following restrictions:

  • The Solution Administrator profile has unrestricted access to all realms, all features, and all objects in the TrueSight Operations Management solution.
  • A non-Solution Administrator user belonging to the * (default) realm do not have an unrestricted access to objects in other realms. 

Solution Administrator

* tenant (realm)

User Groups

Roles and Permissions

Objects

Administrators



Super Admin



All Permissions Assigned



Category

Types

Sources

Objects

TrueSight Presentation

Monitoring Policy Configuration Types

PATROL Solutions

PATROL Agent ACLs

Devices

Event Groups

Groups

Applications

Services

Shared Dashboards (available from version 11.3.03)

TrueSight Presentation Server

All Object Access

TrueSight Infrastructure

Views

Monitor Groups

CIs

Component Folders

Event Folders

Not applicable

All Object Access

Predefined user groups and users

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

For more information about default users and passwords, see Default users and user groups.

Default authorization profiles and menu access

The following table lists the default authorization profiles and the default user groups and roles that compose them. To help you determine whether the default authorization profiles meet the access requirements of your organization, the last column in the table shows the menu options available to users in each default authorization profile. 

Profile

User groups

Roles

Menu access

Solutions Administrator

Administrators

Super Admin

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups
  • Services

Configuration

  • Applications
  • Application Discovery
  • Global Thresholds
  • Groups
  • Integration Service Clusters
  • Managed Devices
  • Policies
  • Synthetic Scripts
  • Time Frames

Administration

  • Remedy SSO
  • Authorization Profiles
  • Components
  • Integrations
  • PATROL Agent ACLs
  • Repository
  • Roles
  • User Accounts
  • App Visibility Agents
  • App Visibility Agent Policies
  • TrueSight Smart Reporting

Application Specialist–Services

Central Monitoring Administrators

Monitoring Administrators 

Service Model Administrators

Supervisors 

WS Full Access 

Blackout Administrator 

Data Collection Administrator

Deployment Administrator 

Event Administrator 

Event Supervisor 

Monitoring Administrator

Service Administrator 

Service Supervisor 

Web Services Access 


Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups
  • Services

Configuration

  • Applications
  • Application Discovery
  • Global Thresholds
  • Groups
  • Integration Service Clusters
  • Managed Devices
  • Policies
  • Synthetic Scripts
  • Time Frames

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies
  • Repository
  • TrueSight Smart Reporting

Application Specialist–Applications

Central Monitoring Administrators

Monitoring Administrators 

Service Model Administrators  

Supervisors  

WS Full Access  

 

Application Operator 

Application Supervisor 

Blackout Administrator 

Data Collection Administrator

Deployment Administrator 

Event Administrator 

Event Supervisor  

Monitoring Administrator

Service Administrator 

Service Supervisor  

Web Services Access  

 

 

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups
  • Services

Configuration

  • Applications
  • Application Discovery
  • Global Thresholds
  • Groups
  • Integration Service Clusters
  • Managed Devices
  • Policies
  • Synthetic Scripts
  • Time Frames

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies
  • Repository
  • TrueSight Smart Reporting

Technology Specialist

Central Monitoring Administrators

Monitoring Administrators 

Supervisors 

WS Full Access 

Blackout Administrator 

Data Collection Administrator

Deployment Administrator 

Event Administrator 

Event Supervisor 

Monitoring Administrator

Service Supervisor 

Web Services Access 

 

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups
  • Services

Configuration

  • Applications
  • Application Discovery
  • Global Thresholds
  • Groups
  • Integration Service Clusters
  • Managed Devices
  • Policies
  • Synthetic Scripts
  • Time Frames

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies
  • Repository
  • TrueSight Smart Reporting

IT Operations User

Operators

Application Operator

Data Collection Operator 

Event Operator 

Service Operator

Dashboards

Monitoring

  • Devices
  • Events
  • Groups
  • Services

Service Manager

Central Monitoring Administrators

Model Administrators

Monitoring Administrators 

Supervisors 

WS Full Access 

 

Event Administrator 

Service Administrator 

Event Supervisor 

Service Supervisor 

Data Collection Administrator 

Web Services Access 

Blackout Administrator 

Deployment Administrator 

Monitoring Administrator

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups
  • Services

Configuration

  • Applications
  • Application Discovery
  • Global Thresholds
  • Groups
  • Integration Service Clusters
  • Managed Devices
  • Policies
  • Synthetic Scripts
  • Time Frames

Administration

  • Components
  • App Visibility Agents
  • App Visibility Agent Policies
  • Repository
  • TrueSight Smart Reporting

Executive

Viewers

Read Only

Dashboards

Monitoring

  • Applications
  • Devices
  • Events
  • Groups
  • Services

Capacity Administration

Capacity_Administration

Capacity Administrator

Dashboards

Administration

  • Remedy SSO
  • Components
  • Capacity Views
  • User Accounts

Capacity View

Capacity_View

Capacity Operator

Dashboards

Capacity Views

  • Views
  • Investigate

Capacity Planning

Capacity_Planning

Capacity Planner

Dashboards

Capacity Views

  • Views
  • Investigate

Cloud Cost Control

Cloud_Cost_Control

Cloud Planner

Dashboards

Cloud Cost Control

Cloud Cost Control Consumer

Cloud_Cost_Control_Consumer

Cloud Consumer

Dashboards

Cloud Cost Control

Related topics

Default users and user groups

PATROL Agent ACLs

Security-planning-for-Presentation-Server

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*