$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 

 

This documentation supports the 9.1 to 9.1 Service Pack 3 version and its patches of BMC Atrium Core. The documentation for version 9.1.04 and its patches is available here.

To view the latest version, select the version from the Product version menu.

BMC Atrium Core 9.1 ... Administering Managing permissions in BMC Atrium Core

BMC Atrium Core permission roles within applications

This topic discusses the application roles available for BMC Atrium Core components.

Permission roles in BMC Atrium Core applications

A BMC Remedy AR System deployable application named BMC:Atrium CMDB contains the BMC Atrium CMDB class forms. When you use Class Manager to create new classes, the new classes are automatically added to the application. This application allows you to manage permissions with BMC Remedy AR System roles. Other BMC Atrium Core components have their own deployable applications, as listed in the following table.

Several permission roles are available for these deployable applications to enable you to grant users the permissions that they need to do their jobs. For information on computed groups on roles, see BMC Atrium CMDB computed groups and roles.

Note

These permission roles can overlap, with the security of one role sometimes taking precedence over another role. In general, more restrictive permissions take precedence over less restrictive or unrestricted permissions. As a result, you should be careful what roles and permissions that you assign to your users, because your selections can have unexpected results.

The following table lists the application roles available for BMC Atrium Core components.


Permission roles in BMC Atrium Core applications

Role name

Applications

Mapped groups (default)

Capabilities of users with this role

CMDB Data View

BMC:Atrium CMDB

  • Test — None
  • Production — CMDB Data View Group
  • Gain access to the Atrium Impact Simulator.
  • View class instances. Works in conjunction with the CMDBRowLevelSecurity and CMDBWriteSecurity attributes. For more information, see Roles, instance permissions, and row-level access in BMC Atrium Core. To view class instances from the BMC Atrium Core Console, a user must also have the CMDB Console User role.
  • Can create instances, but only for classes where all required attributes have either a default value or Allow Any User to Submit is enabled.

    Note: The CMDB Data View role is for the BMC:Atrium CMDB application and is different than the similarly-named CMDB Data Viewer role used for the Atrium Impact Simulator application.
CMDB Definitions AdminAtriumCMDBConsole

Test — None

Production CMDB Definitions Admin Group


Gain administrator permissions for all the defined applications.

CMDB Data Change

  • BMC:Atrium CMDB
  • Atrium Impact Simulator
  • Test — None
  • Production--CMDB Data Change Group
  • View, create, and modify class instances. Works in conjunction with the CMDBRowLevelSecurity attribute. For more information, see Roles, instance permissions, and row-level access in BMC Atrium Core.
  • View, create, modify, and delete shared queries.
    To perform these tasks from the BMC Atrium Core Console, a user must also have the CMDB Console User role.

CMDB Data View All

BMC:Atrium CMDB

  • Test — None
  • Production — None
  • View all class instances, regardless of the CMDBRowLevelSecurity attribute for row-level security. To view class instances from the BMC Atrium Core Console, a user must also have the CMDB Console User role. To view class instances in the Atrium Impact Simulator, a user must also have the Atrium Impact Simulator User and CMDB Data Viewer roles.
  • Can create instances, but only for classes where all required attributes have either a default value or Allow Any User to Submit is enabled.

CMDB Data Change All

BMC:Atrium CMDB

  • Test — None
  • Production — None
  • View, create, and modify all class instances, regardless of the CMDBRowLevelSecurity attribute for row-level security.
  • View, create, modify, and delete shared queries.
    To perform these tasks from the BMC Atrium Core Console, a user must also have the CMDB Console User role.

CMDB Console User

AtriumCMDBConsole

  • Test —
  • Production — CMDB Console User Group
  • Gain access to the BMC Atrium Core Console.
  • Perform queries from applications on the BMC Atrium Core Console (you must also have one of the two CMDB Definitions roles).
  • View federation definitions.
  • Launch applications in context.
  • View instance history (you must also have one of the two CMDB Definitions roles, row-level security on the audited instances, and permissions on the audit or log form).

Note: You must be a member of the BMC Remedy AR System Administrator group to create and update class definitions.

CMDB Console Admin

AtriumCMDBConsole

  • Test — None
  • Production — CMDB Console Admin Group
  • Perform all of the tasks granted by the CMDB Console User role.
  • View, create, modify, and delete federation definitions.

Note: You must be a member of the BMC Remedy AR System Administrator group to create, update, and delete federation plugins.

CMDB Definitions Viewer

AtriumCMDBConsole

  • Test — None
  • Production — CMDB Definitions Viewer Group
  • Open BMC Atrium Explorer.
  • Run queries in the BMC Atrium Core Console.

Atrium Impact Simulator User

Atrium Impact Simulator

  • Test — CMDB Data View Group
  • Production — CMDB Data View Group
  • View the Atrium Impact Simulator in the BMC Atrium Core Console.
  • View and run impact simulations in Atrium Impact Simulator. Users must also have the CMDB Data Viewer role.

    Note: You must have a BMC Remedy AR System write license to run simulations in Atrium Impact Simulator. For more information about license types needed for BMC Atrium Core, see BMC Remedy AR System license types required for data access in BMC Atrium Core.

CMDB Data Viewer

Atrium Impact Simulator

  • Test — CMDB Data View Group
  • Production — CMDB Data View Group

View and run impact simulations in Atrium Impact Simulator. Users must also have the Atrium Impact Simulator User role.
Note: The CMDB Data Viewer role is for the Atrium Impact Simulator application and is different than the similarly-named CMDB Data View role used for the BMC: Atrium CMDB application.

CMDB RE User

REApplication Deployable

  • Test — None
  • Production — CMDB RE User Group

For the Reconciliation Engine: 

  • View jobs.
  • Start, pause, and cancel jobs.

CMDB RE Definitions Admin

REApplication Deployable

  • Test — None
  • Production — None
  • View, create, modify, and delete jobs, activities, sets, and rulesets.
  • Start and cancel jobs.
  • Manually identify instances
  • Modify standard rules
  • Create datasets, edit server configurations, change Identification activities, and export reconciliation definitions.

CMDB RE Manual Identification

REApplication Deployable

  • Test — None
  • Production – None

Manually identify instances.

Note: The CMDB RE Manual Identification role has been deprecated. You must reassign any users who were assigned to this role to the CMDB RE Definitions Admin role.

NE User

NEApplication

  • Test — None
  • Production — None
  • Start and cancel jobs.
  • View jobs, the Job History, class configurations, system configurations, and dataset configurations.

NE Administrator

  • NEApplication
  • Remedy Foundation Product Catalog
  • Test — None
  • Production — None
  • Start and cancel jobs.
  • View, create, and modify jobs.
  • Delete Job History data.
  • Administer class configurations, system configurations, and dataset configurations.

CMDB SC Admin

Service Context

  • Test — CMDB SC Admin Group
  • Production — CMDB SC Admin Group
  • Configure attributes and other settings in the Service Context Administration window
  • Use the Service Context Summary window to view CIs, attributes, and related data

    Note: In addition to the CMDB SC Admin role, administrators must have view permissions for the business service CI from which they launch the Service Context Summary window. They must also have view permissions for each related CI to see details about those CIs.

CMDB SC User

Service Context

  • Test — CMDB SC User Group
  • Production — CMDB SC User Group

Use the Service Context Summary window to view CIs, attributes, and related data


Note: In addition to the CMDB SC User role, users must have view permissions for the business service CI from which they launch the Service Context Summary window. They must also have view permissions for each related CI to see details about those CIs.

AIE Definitions Admin

BMC Atrium Integration Engine

  • Test — None
  • Production — None
  • View, create, and modify data mappings and data exchanges.
  • Manage the BMC Atrium Integration Engine configuration and connection settings.

AIE User

BMC Atrium Integration Engine

  • Test — None
  • Production — None

View data mappings and data exchanges.

AI Admin

Atrium Integrator
  • Test — AI Computed Group
  • Production — AI Computed Group
  • Create, run, delete, schedule, and monitor jobs. 
  • Launch and edit jobs in BMC Atrium Integrator Spoon. 
  • Create data store connection
  • Edit UDM forms
  • Access BMC Remedy AR System Scheduler
  • Access BMC Atrium Integrator Carte server
  • Access to Atrium Integrator Spoon

AI User

Atrium Integrator
  • Test — AI User Group
  • Production — AI User Group
  • Schedule, run, and monitor jobs.
  • View datastore connections.
  • View UDM forms.
  • Access BMC Remedy AR system Scheduler.
  • Access BMC Atrium Integrator Carte server.

Atrium Foundation Viewer

  • Remedy Foundation Product Catalog
  • Remedy Definitive Software Library
  • Remedy Foundation Site
  • Remedy Foundation Company
  • Remedy Foundation Prime Elements
  • Test — Atrium Foundation Viewer Computed
  • Production — Atrium Foundation Viewer Computed

View records for BMC Atrium Product Catalog products, versions, patches, files, suites, storage (software library items), and signatures.

Atrium Foundation Admin

  • Remedy Foundation Product Catalog
  • Remedy Definitive Software Library
  • Remedy Foundation Site
  • Remedy Foundation Company
  • Remedy Foundation Prime Elements
  • Test — Atrium Foundation Admin Computed
  • Production — Atrium Foundation Admin Computed
  • View, create, modify, and delete records for BMC Atrium Product Catalog products, versions, patches, files, suites, storage (software library items), and signatures.
  • Add and remove BMC Atrium Product Catalog relationships.

General Access

  • Remedy Foundation Product Catalog
  • Remedy Definitive Software Library
  • Remedy Foundation Site
  • Remedy Foundation Company
  • Remedy Foundation Prime Elements
  • Test — General Access
  • Production — General Access

Use BMC Atrium Product Catalog fields and access BMC Atrium Core Product Catalog and DML Online Help.

Unrestricted Access

  • Remedy Foundation Product Catalog
  • Remedy Definitive Software Library
  • Remedy Foundation Site
  • Remedy Foundation Company
  • Remedy Foundation Prime Elements
  • Test — Unrestricted Access
  • Production — Unrestricted Access

Use BMC Atrium Product Catalog fields and access BMC Atrium Core Product Catalog and DML Online Help.

BMC Atrium CMDB computed groups and roles

For a BMC Atrium CMDB application's Production state, the CMDB Data View and CMDB Data Change roles are each mapped by default to a computed group, which acts as a supergroup for the people in each member group. This allows you to assign the most common roles in your organization to more than one BMC Remedy AR System group.

You can create computed groups to organize users of BMC Atrium CMDB. For example, in a service-provider environment, you might create one computed group to contain the groups for one company, and another computed group to contain the groups for another company. You could then assign these computed groups to BMC Atrium CMDB roles. This arrangement simplifies role assignments and makes it easier for you to configure instance permissions. For more information, see Roles, instance permissions, and row-level access.

For more information about BMC Remedy AR System application roles and computed groups, see Regular, computed, and dynamic groups .

Assigning a BMC Atrium CMDB role to a user

Methods for assigning roles to users differ slightly, depending on whether you want to assign the CMDB Data View and CMDB Data Change roles, or another BMC Atrium CMDB role.

To assign a BMC Atrium CMDB role to a user

  1. Open the User form and search for BMC Remedy AR System users.
    1. Go to AR System Administration > AR System Administration Console.
    2. In the left navigation pane, click Application > Users/Groups/Roles.
    3. Click Users. The User form is displayed.
  2. Make the user a member of a group that is a member of the computed group mapped to one of the following roles:
    • CMDB Data View
    • CMDB Data Change roles
      These two roles are mapped to computed groups provided with the BMC Atrium CMDB named CMDB Data View Group and CMDB Data Change Group.
  3. Make the user a member of the group that is mapped to other BMC Atrium CMDB roles, or map one of the user's existing groups to the role.
  4. Save your changes.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Nidhi Das on Jul 13, 2017
roles groups reconciliation permissions bmc_atrium_core

Comments

Groups installed with BMC Atrium CMDB
Calbro Services scenario for BMC Atrium CMDB groups, roles, and users
© Copyright 2005-2007, 2009-2018 BMC Software, Inc. © Copyright 2011-2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2020 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.