Access control for administrators of service providers

The enterprise administrator and the service provider administrator perform similar tasks related to user and tenant management. When an administrator for a service provider creates new authorization profiles in the BmRealm, those profiles can be inherited only by the non-BmcRealm tenant user, whose usergroup is added to the created authorization profile by the BmcRealm administrator for BMC Atrium SSO.

The following list contains tasks that are unique to the administrator for a service provider or an enterprise administrator who chooses to segment users into realms: 

• Creates additional tenants in BMC Atrium SSO
• Creates authorization profiles and roles specific to the tenant

• Creates additional users and user groups for tenants, in BMC Atrium SSO

• Integrates tenant's LDAP server into BMC Atrium SSO so that tenant can manage users and user groups
• Adds infrastructure components, such as TrueSight Infrastructure Management Servers and Application Management servers for the tenants
• Creates a tenant Admin user in a tenant realm other than BmcRealm
• When offboarding tenants:
  • Deletes all tenant artifacts 
  • Deletes tenant from BMC Atrium SSO

Related topics

BMC-TrueSight-Operations-Management-service-provider-and-tenant-deployment

Access-control-for-SaaS-administrators

Managing-users-and-access-control

Role-based-access