Contents
Summary
A quick tutorial on configuring access rights for Tachyon. Using a scenario where access to Tachyon will be managed through Active Directory groups, the tutorial illustrates the general setup required and the particular steps needed to add the necessary Tachyon users.
In this tutorial we demonstrate a process for creating Active Directory (AD) managed permissions to the Tachyon portal. We use specifically created AD groups for each of the Tachyon system roles and create Tachyon users for each one, we then define a custom role for a specific Instruction Set and create a Tachyon user with an existing AD group that provides access to running actions in the Instruction Set.
Example AD groups for the Tachyon system roles
As mentioned in Requirements: Active Directory requirements, we recommend that the AD security groups used for defining access to the Tachyon portal features are defined as Universal groups. The picture opposite shows an example TCNConsumerAdmins AD security group intended for the Consumer Administrators role.
In this tutorial we will create a Tachyon AD group user for each of the possible roles given in the following table:
Tachyon system role | Permissions | Introduced |
---|---|---|
1E Client Deployment Administrators |
| Renamed in 4.1 (previously Agent) |
1E Client Installer Administrators |
| Renamed in 4.1 (previously Agent) |
Applications Administrators |
| Tachyon 4.0 |
Component Viewers |
| SLA Platform 4.0 |
Connector Administrators |
| SLA Platform 4.0 |
Consumer Administrators |
| Tachyon 3.0 |
Custom Properties Administrators |
| Tachyon 3.0 |
Global Actioners |
| Tachyon 3.0 |
Global Administrators |
| Tachyon 3.0 |
Global Approvers |
If email is enabled, this role will receive an approval request email for each requested action. | Tachyon 3.0 |
Global Questioners |
| Tachyon 3.0 |
Global Viewers |
| Tachyon 3.0 |
Guaranteed State Administrators |
| Tachyon 4.0 |
Guaranteed State Viewers |
| Tachyon 4.0 |
Infrastructure Administrators |
| Tachyon 3.0 |
Instruction Set Administrators |
| Tachyon 3.0 |
Inventory Administrators |
| SLA Platform 4.0 |
Inventory Viewers |
| SLA Platform 4.0 |
Log Viewers |
| Tachyon 4.1 |
Management Group Administrators |
| SLA Platform 4.0 |
Management Group Sync Initiators |
| SLA Platform 4.0 |
Patch Success Viewers |
| Tachyon 4.0 |
Permissions Administrators |
| Tachyon 3.0 |
Permissions Readers |
| Tachyon 3.0 |
Provider Configuration Administrators |
| SLA Platform 4.1 |
Schedule Administrators |
| SLA Platform 4.1 |
Questions, responses, actions are examples of securables. Other Consumers may create their own system roles and securables.
Creating the required Tachyon users/groups
The general steps for creating a new user or group are as follows:
Adding Tachyon users
- Log on to the Tachyon portal using a Tachyon user account with the Permissions Administrators role.
- Navigate to the Settings→Permissions→Users page.
- Click on the Add button, doing this displays the Add user popup.
- In the Select user field type the name, or part of the name, for the Active Directory user or security group that you want to add. A list of matching names will be retrieved from Active Directory and displayed as you type, these are filtered so that users or groups that have already been added do not appear.
- Select the Active Directory user or security group from the list of matching names displayed in the drop-down list and click Add.