This documentation supports the 20.02 version of BMC CMDB.

To view an earlier version, select the version from the Product version menu.

Providing users with permissions to access the CMDB Portal by using groups and roles

As an administrator, you can assign users to groups on the AR server to restrict users' access to specific features of CMDB Portal (new CMDB UI). The groups that have restricted access to the CMDB Portal are created automatically during the installation of CMDB and ITSM. You only need to assign users to these groups.

Related topics

AR System: Creating users, groups, and roles Open link

AR System: Regular, computed, and dynamic groups Open link

AR System: Access control Open link

Adding support staff in ITSM Open link

Roles and permissions

Before you begin

  • If you are the first administrator to log in, you must log in as an administrator and leave the Password field empty (BMC AR System user names are case-sensitive)
  • During initial installation, the Demo user is installed as administrator without a required password. To keep BMC AR System secure, add a password for this user as soon as possible.

To provide users with access to CMDB Portal using groups

You can provide users with access to BMC CMDB by adding them to a group which has the appropriate access.

  1. Open the Users form in the Mid Tierfrom the following location:
    AR System Administration > AR System Administration Console > Application > Users / Groups / Roles > Users.
    The form opens in search mode.
  2. Perform one of the following steps:
    • To create a new user, click New request.
    • To find existing users, enter search criteria in the User Name or any other field and click Search
  3. Select a user that you want to add to a group.
    To find the correct group, open the Groups form and perform a search:
    AR System Administration > AR System Administration Console > Application > Users / Groups / Roles > Groups.
  4. In the Group List, select the appropriate group based on this table.

Permissions model to provide access to CMDB Portal

Based on the groups users are assigned to, the features they can access varies. The AR server groups referenced in this table are created automatically when you install CMDB and ITSM. 

Type of user and their requirementsAccess level in CMDB PortalGroup to which you can assign the user


Requires all features of CMDB Portal.

All areas of BMC CMDBAdministrator

CMDB configuration manager

Requires all features of CMDB Portal except those which are related to Atrium Integrator.

Create jobs, edits jobs, creates rules, uses the dashboard, and so on.

All of the CMDB Portal except the following:
  • Cannot edit CIs.
  • Cannot create or edit classes.
  • Cannot access Atrium Integrator via the data flow diagram or Atrium Integrator job console.
RE Definition Author

CMDB data publisher

Performs asset related work, creates and edits CIs and other activities related to service modeling.

Requires access to the Search and the Explorer in CMDB Portal and also needs to be able to edit CIs in the Explorer.

Can access the Search, Explorer, and can also edit all CIs in Explorer.Asset Admin

CMDB user

Perform asset related work.

Needs to only access the Search and the Explorer in CMDB Portal. Does not need to edit CIs in the Explorer and cannot create or edit CIs.

Can access Search and Explorer. Can only edit non-asset CIs. Cannot edit CIs in the asset dataset or the golden dataset.Task Manager, Task User, Task Viewer, Asset Viewer, Asset User, Asset Config, Infrastructure Change Master, Infrastructure Change User, Infrastructure Change Submit, Infrastructure Change Viewer, Infrastructure Change Config, Release Master, Release User, Release Viewer, Activity User, Activity Viewer, Release Config, Activity Config, Incident Master, Incident User, Incident Viewer, Incident Config, Problem Master, Problem User, or Problem Viewer


  • Users who have permissions to create and edit CIs must also have CI level permissions to be able to edit CIs.
  • Certain features may not be accessible to a user from the CMDB UI because of the access level that the user has as mentioned in the preceding table. But, if the user has permissions to the AR System forms, the same features can be accessed by using the AR System APIs.

Was this page helpful? Yes No Submitting... Thank you


  1. Andreas Petraschke

    This defect looks interesting in the context of this page:

    Sep 29, 2021 12:14
    1. Maithili Deshpande

      Hi Andreas, 

      Thank you for pointing out this issue with the documentation. We have made changes to the following topic as per the Knowledge article that you shared - Permission issues.

      If you want to contact Customer Support to log a formal ticket on this issue, click here.


      Oct 05, 2021 11:40
  2. Heine Ness

    Is this path correct? AR System Administration > AR System Administration Console > System > Application > Users

    Jan 06, 2022 07:43
    1. Maithili Deshpande

      Hi Helen, 

      Thank you for pointing out this issue with the content. We have corrected the topic with your feedback.

      The correct path is AR Administration > AR System Administration Console > Application > Users/Groups/Role > Users.


      Jan 06, 2022 10:31