A quick tutorial on configuring access rights for Tachyon. Using a scenario where access to Tachyon will be managed through Active Directory groups, the tutorial illustrates the general setup required and the particular steps needed to add the necessary Tachyon users.

In this tutorial

In this tutorial we demonstrate a process for creating Active Directory (AD) managed permissions to the Tachyon portal. We use specifically created AD groups for each of the Tachyon system roles and create Tachyon users for each one, we then define a custom role for a specific Instruction Set and create a Tachyon user with an existing AD group that provides access to running actions in the Instruction Set.

Example AD groups for the Tachyon system roles

As mentioned in Requirements: Active Directory requirements, we recommend that the AD security groups used for defining access to the Tachyon portal features are defined as Universal groups. The picture opposite shows an example TCNConsumerAdmins AD security group intended for the Consumer Administrators role.

In this tutorial we will create a Tachyon AD group user for each of the possible roles given in the following table:

Tachyon system rolePermissionsIntroduced
1E Client Deployment Administrators
  • Create, view and cancel 1E Client deployment jobs.
  • View all devices.

Renamed in 4.1

(previously Agent)

1E Client Installer Administrators
  • Upload, delete and view 1E Client installers.
  • View all devices.

Renamed in 4.1

(previously Agent)

Applications Administrators
  • Install and uninstall Applications.
Component Administrators
  • View and Update Components.
Connector Administrators
  • Create, update, delete, view and test connectors.
4.0 (SLA)
Consumer Administrators
  • Add, edit and delete Consumers.
  • View all devices.
Consumer Viewers
  • View Consumers
Custom Properties Administrators
  • Add, edit or delete custom properties.
  • View all devices.
Event Subscription Administrators
  • Create, edit and delete the configurations of Event Subscriptions
Event Subscription Viewers
  • View the configurations of Event Subscriptions
Global Actioners
  • Ask questions, view responses and send actions for all Instruction Sets.
  • View all devices.
Global Administrators
  • Has the combined rights of all the other system roles.
Global Approvers
  • Approve actions for all Instruction Sets for anyone other than themselves.
  • View all devices.

If email is enabled, this role will receive an approval request email for each requested action.

Global Questioners
  • Ask questions and view responses for all Instruction Sets.
  • View all devices.
Global Viewers
  • View instructions and responses for all Instruction Sets.
  • View all devices.
Guaranteed State Administrators
  • Full control over the Guaranteed State configuration.
Guaranteed State Viewers
  • View the Guaranteed State configuration and reports.
Infrastructure Administrators
  • View system status information and view all devices.
Instruction Set Administrators
  • Load Instructions from Product Packs and Instruction Definition files.
  • Add/delete Instruction Sets and move Instructions between them.
  • View all devices.


Inventory Administrators
  • Create, update, delete and view inventory repositories.
  • Populate and archive inventory repositories.
4.0 (SLA)
Inventory Viewers
  • View inventory repositories.
4.0 (SLA)
Log Viewers
  • View process, synchronization and infrastructure logs.
Management Group Administrators
  • Create, delete, update and initiate synchronization of Management Groups
4.0 (SLA)
Management Group Sync Initiators
  • View and initiate synchronization of Management Groups
4.0 (SLA)
Patch Success Viewers
  • View Patch Success dashboards.
Permissions Administrators
  • Add or remove users.
  • View all roles.
  • Add, modify and delete custom roles.
  • Assign roles to any Instruction sets and define their permissions.
  • View the admin log.
  • View all devices.
Permissions Viewers
  • View all users and roles.


(renamed in 5.0)

Provider Configuration Administrators
  • Update, delete and view provider configurations.
4.1 (SLA)
Schedule Administrators
  • Create, update, delete and view schedules.
  • View schedule history.
  • Execute Connectors
4.1 (SLA)
Survey Administrators
  • View, create, update, delete and enable surveys
Survey Viewers
  • View surveys
VDI Administrators
  • View, create, update and delete application servers

Questions, responses, actions are examples of securables. Other Consumers may create their own system roles and securables.

Creating the required Tachyon users/groups

The general steps for creating a new user or group are as follows:

Adding Tachyon users

  1. Log on to the Tachyon portal using a Tachyon user account with the Permissions Administrators role.
  2. Navigate to the Settings→Permissions→Users page.
  3. Click on the Add button, doing this displays the Add user popup.
  4. In the Select user field type the name, or part of the name, for the Active Directory user or security group that you want to add. A list of matching names will be retrieved from Active Directory and displayed as you type, these are filtered so that users or groups that have already been added do not appear.
  5. Select the Active Directory user or security group from the list of matching names displayed in the drop-down list and click Add.

The animation at the top of the page shows the process outlined above and described as follows:

  • On the Settings→Permissions→Users page, after clicking the Add button, the Add user popup is displayed.
  • In the Select user edit field we type TCNP, the first few characters of some of the AD groups we created earlier.
  • We then select the TCNPermsAdmins group from the list.
  • Once the necessary user or group has been selected click Add to create the new group user.
  • We then click the new ACME\TCNPermsAdmins name link to display the details for that user.
  • Clicking on Edit displays the Edit roles assigned to user popup.
  • We scroll down, select the Permissions Administrators role and then click Save to set the new role for the user.

  • After the new user or group has just been added Tachyon will display notifications for a short while showing the actions that have just been successfully performed.

In the tutorial we then repeat the process of finding AD groups, adding Tachyon roles and saving for each of the Tachyon system roles. The purpose of this is that subsequently, specific AD user access to Tachyon can be managed through AD via membership of the selected AD groups and avoiding the necessity of managing the users through Tachyon.

The result of adding the groups can be seen in the picture opposite.