You can configure AD service account for TSO/BAO services.
if its not a AD account and cannnot be mapped to a BAO SSO Role, then its less chances that you can assign grid permissions to it.
Have seen a environment where we had a specific service account for BAO services.
But, to deal with BAO grid you need to create a separate user in BAO and use that.
For this specific requirement, better check with BMC Support.
Thanks for the response.
However I am not looking for service account for running BAO services.
Let me explain bit more. User want to use a service account to login into grid/cdp/ocp or via API and run the respective workflow.
We know local user accounts and LDAP integration (thus AD User accounts) purpose the login. But I never configured a AD service account as a user. Here, the customer don't want to have dependency on RSSO to manage as local accounts. Instead a service account for which password can be managed via vaulting to have better security.
Hope this makes the purpose clear further.
1 of 1 people found this helpful
this would depend on the type of Service Account you configure as to if it could be used to log into TSO e.g. Managed Service Account. If you have an LDAP/Kerberos integration, then if the account is configured to be able to login then you in theory could use this and map permissions accordingly.
Never tried it, though but let us know the results if you do.
Thanks Carl for the response.
I am trying to figure out. I will update the forum once concluded.
I did raise a case with BMC support for this further.
As a conclusion,
I tried adding service account directly to grid and assigning permission (grid and module level permission) , but it didn't work though I was able to login to grid using service account but there wasn't any access Status/Manage/Administration pages. The same observed and confirmed by support as well.
So only way is to achieve it in normal way i.e. make the service account as a member of a dedicated AD group and add that AD group to grid and assign the required permission.
If someone else have tried differently, then please do post on this conversion.