BMC Atrium Core permission roles within applications
This topic discusses the application roles available for BMC Atrium Core components.
Permission roles in BMC Atrium Core applications
A BMC Remedy AR System deployable application named BMC:Atrium CMDB contains the BMC Atrium CMDB class forms. When you use Class Manager to create new classes, the new classes are automatically added to the application. This application allows you to manage permissions with BMC Remedy AR System roles. Other BMC Atrium Core components have their own deployable applications, as listed in the following table.
Several permission roles are available for these deployable applications to enable you to grant users the permissions that they need to do their jobs. For information on computed groups on roles, see BMC Atrium CMDB computed groups and roles.
Note
These permission roles can overlap, with the security of one role sometimes taking precedence over another role. In general, more restrictive permissions take precedence over less restrictive or unrestricted permissions. As a result, you should be careful what roles and permissions that you assign to your users, because your selections can have unexpected results.
The following table lists the application roles available for BMC Atrium Core components.
Permission roles in BMC Atrium Core applications
Role name | Applications | Mapped groups (default) | Capabilities of users with this role |
---|---|---|---|
CMDB Data View | BMC:Atrium CMDB |
|
|
CMDB Definitions Admin | AtriumCMDBConsole | Test — None Production — CMDB Definitions Admin Group | Gain administrator permissions for all the defined applications. |
CMDB Data Change |
|
|
|
CMDB Data View All | BMC:Atrium CMDB |
|
|
CMDB Data Change All | BMC:Atrium CMDB |
|
|
CMDB Console User | AtriumCMDBConsole |
|
Note: You must be a member of the BMC Remedy AR System Administrator group to create and update class definitions. |
CMDB Console Admin | AtriumCMDBConsole |
|
Note: You must be a member of the BMC Remedy AR System Administrator group to create, update, and delete federation plugins. |
CMDB Definitions Viewer | AtriumCMDBConsole |
|
|
Atrium Impact Simulator User | Atrium Impact Simulator |
|
|
CMDB Data Viewer | Atrium Impact Simulator |
| View and run impact simulations in Atrium Impact Simulator. Users must also have the Atrium Impact Simulator User role. |
CMDB RE User | REApplication Deployable |
| For the Reconciliation Engine:
|
CMDB RE Definitions Admin | REApplication Deployable |
|
|
CMDB RE Manual Identification | REApplication Deployable |
| Manually identify instances. Note: The CMDB RE Manual Identification role has been deprecated. You must reassign any users who were assigned to this role to the CMDB RE Definitions Admin role. |
NE User | NEApplication |
|
|
NE Administrator |
|
|
|
CMDB SC Admin | Service Context |
|
|
CMDB SC User | Service Context |
| Use the Service Context Summary window to view CIs, attributes, and related data |
AIE Definitions Admin | BMC Atrium Integration Engine |
|
|
AIE User | BMC Atrium Integration Engine |
| View data mappings and data exchanges. |
AI Admin | Atrium Integrator |
|
|
AI User | Atrium Integrator |
|
|
Atrium Foundation Viewer |
|
| View records for BMC Atrium Product Catalog products, versions, patches, files, suites, storage (software library items), and signatures. |
Atrium Foundation Admin |
|
|
|
General Access |
|
| Use BMC Atrium Product Catalog fields and access BMC Atrium Core Product Catalog and DML Online Help. |
Unrestricted Access |
|
| Use BMC Atrium Product Catalog fields and access BMC Atrium Core Product Catalog and DML Online Help. |
BMC Atrium CMDB computed groups and roles
For a BMC Atrium CMDB application's Production state, the CMDB Data View and CMDB Data Change roles are each mapped by default to a computed group, which acts as a supergroup for the people in each member group. This allows you to assign the most common roles in your organization to more than one BMC Remedy AR System group.
You can create computed groups to organize users of BMC Atrium CMDB. For example, in a service-provider environment, you might create one computed group to contain the groups for one company, and another computed group to contain the groups for another company. You could then assign these computed groups to BMC Atrium CMDB roles. This arrangement simplifies role assignments and makes it easier for you to configure instance permissions. For more information, see Roles, instance permissions, and row-level access.
For more information about BMC Remedy AR System application roles and computed groups, see
Regular, computed, and dynamic groups
.
Assigning a BMC Atrium CMDB role to a user
Methods for assigning roles to users differ slightly, depending on whether you want to assign the CMDB Data View and CMDB Data Change roles, or another BMC Atrium CMDB role.
To assign a BMC Atrium CMDB role to a user
- Open the User form and search for BMC Remedy AR System users.
- Go to AR System Administration > AR System Administration Console.
- In the left navigation pane, click Application > Users/Groups/Roles.
- Click Users. The User form is displayed.
- Make the user a member of a group that is a member of the computed group mapped to one of the following roles:
- CMDB Data View
- CMDB Data Change roles
These two roles are mapped to computed groups provided with the BMC Atrium CMDB named CMDB Data View Group and CMDB Data Change Group.
- Make the user a member of the group that is mapped to other BMC Atrium CMDB roles, or map one of the user's existing groups to the role.
- Save your changes.
Comments