2 of 2 people found this helpful
These are just the default user roles. Roles are just collections of permissions that enable users to access various features of the product. You do not need to use the default roles as they are defined. As the documentation page you link to above says "Your company may employ the roles as described below, consolidate them into fewer roles, or divide them into roles with more granular responsibilities and may have other titles for these roles". In other words, you are free to change the default roles or define your own roles. The default roles are based on our experience of how customers typically control user access to the features of BPPM. That doesn't mean every customer uses every role. Most customers use a subset of the default roles and/or define their own.
Here is my attempt to describe the default roles. This is just my interpretation. It is not an official, BMC-sanctioned guide:
- Blackout Administrator - An administrative user who has access to the Administration Console and can define event blackout policies.
- Cloud Administrator - See the BMC documentation for this explanation. My guess is that many customers don't use this role.
- Data Collection Administrator - An administrative user with access to the features related to collection of events and performance data. This overlaps with Monitoring Administrator, in my opinion.
- Data Collection Operator - An operations user who needs to view monitoring data. The default definition of this role allows a Data Collection Operator to set Global Thresholds. To me, that's more of an administrative function. I might turn that off.
- Deployment Administrator - An administrative user responsible for installing and configuring the various components of BPPM. This is almost a Super Admin.
- Event Administrator - An administrative user who has access to the Administration Console in order to configure Event Management policies. He or she also has access to other administrative functions related to event management.
- Event Operator - An operations user who needs to be able to view and respond to events (acknowledge, take ownership, close).
- Event Supervisor - A higher-level operations user such as a Shift Leader who needs to be able to assign events to others and close any event, regardless of who owns it.
- Monitoring Administrator - An administrative user with access to Central Monitoring Administration for creating monitoring policies. A monitoring administrator should also have the ability to set Global Thresholds. This role is not described in the documentation. It is very similar to Data Collection Administrator. I would have one or the other, but not both. Also, by default, the Data Collection Administrator does not have access to Central Monitoring Administration. I would change this.
- Read Only - a user who can view events and monitors but does not have the ability to modify any settings or respond to events.
- Service Administrator - An administrative user who can create, update and delete service models in the Administration Console. They will also be able to view and interact with service models in the service view.
- Service Operator - An operations user who can view services in the service view, but has no ability to edit them.
- Service Supervisor - A higher-level operations user who can view and edit service models in a limited fashion. By default, they can edit existing components, but they can't add or delete components.
- Super Admin - The Super Administrator should have access to all product features and all objects. There is one Super Admin user by default.
- Web Services Access - This role allows the user to access the various Web Service APIs. Any web services client using the APIs must provide credentials for a user account that has this role.
Again, this is just my attempt to describe how to use the default roles. It is not authoritative. It is partly based on looking at the default permissions assigned to each role as described in the documentation. (Expand the two tables called: BMC ProactiveNet permissions for Administrator roles and BMC ProactiveNet permissions for various roles.) You are completely free to change which roles have which permissions and to use only those roles that make sense in your environment. The important thing is to understand which capability each permission setting controls and then decide which of your users need that capability and which do not. Design your roles to group related capabilities together so that they correspond to the different types of BPPM users you have at your company.