tags are used for different purposes than segregation of duties.
Please get familiar with the concept of access groups and roles.
In principle, you can limit visibility to a set of servers by grouping them in domains and assign access groups.
Documentation provides guidance with the following information:
Hope this helps,
Thanks Steffen for your reply, I have followed similar approach.
For test :-
1. I tagged few of the Servers as BigFix
2. WorkSpace -> Infrastructure view -> Right Click "set as a node" -> Added Sub Domain - > Once SubDomian is created with Name BigFix - > from Infrastructure view I selected BigFix -> Right Click "set as a node" -> Added System which are tagged as BigFix.
3. Created Role and Access group with same name BigFix and gave the external Link which "Group" which I have created in SSO console.
4. In Presentation console Administration>Authorization Profiles - > selected desired profile and added the group which was created in SSO but concern here is still I am able to see all the system.
Please let me know if I am doing any mistake.
In the TSCO console, check the Access Group you created under Administration > USERS > Access groups.
Make sure that only the respective sub-domain is selected under "Visible entities" > "Edit domains".
Yes I have followed same process, Please see the below screenshot.
Also in Presentation console I have added the Ldap group in Administration>Authorization Profiles but when I I am trying to login using the id which is part of Ldap group I am getting error as :-
"You do not have rights to see any view or there is no view to see".
Does the user you are trying to login have TSPS_Capacity_View role assigned?
Also make sure that the Access Group is selected in TSPS > Administration > Capacity Views, Edit access rights under respective view or view group.
In TSPS -> Administration -> Authorization profile - > I have added Ldap group inside Capacity View
In TSPS > Administration > Capacity Views> I have added Name* "used while creating Role and Access group" to Custom view
Now I am trying to login using the Id which is part of Ldap Group "G_Capacity_APPCDR_FC" . I am able to login to Application console but when I try to login to TSPS I am getting error.
Any Update or help would be appreciated.
Make sure the "Views section - View" activity is added to the role.
Thanks for the update,Last week I added view section and issue was resolved.
But again today I am not able to login to Administration Console, Can you please guide through the troubleshooting steps. Its says User id and password is incorrect.
Note:- Using same id I am able to login to Email id and other Ad Application.
If something doesn't work as before, please get help from customer support.
See steps at the very end of the blog post about RSSO LDAP authentication which information customer support is typically asking for.
Password got expired and now it has been fixed. So, everything is working as expected.
1. I restricted the access based on sub-domain and when I am login to TSCO and TSPS console I am able to see only 24 servers but concern is when I go to Work -> Scenario Forecast data for 3 months I am able to see all the servers present in environment, Is this expected behavior or I am missing something ?
2. For Normal and Admin User when they Login to TSPS Console -> Capacity -> Server -> Overview -> Right Panel click on any servers -> They are able to see Related Information section but the user which I have created have below attribute disabled, What can be possible steps which I would have missed ?
Any help would be appreciated.
1. The model is located under All Domains. I assume the entity filter is set to "All entities in container domain and its subdomains". That's why you see entities belonging to more sub-domains than defined for the access group. On the other hand, you can see proof that the access group works correctly.
2. Make sure the respective access group is checked for the Data Explorer view in View Group Servers.
Copy the model to the respective sub-domain, e.g. BigFixRelay.
If the entity filter is defined as "All entities in container domain and its subdomains", you should only see the entities belonging to the domain.
See step 4 how to define the scope for entities: Creating a time forecasting model - Documentation for BMC TrueSight Capacity Optimization 11.5 - BMC Documentation
You can save filters/analyses/models/reports (Works) in each sub-domain along with the entities (Systems). For the purpose of role-based access, it is a good practice to store Works in respective sub-domains.