This documentation supports the 9.1 to 9.1 Service Pack 3 version and its patches of BMC Atrium Core. The documentation for version 9.1.04 and its patches is available here.

To view the latest version, select the version from the Product version menu.

Calbro Services scenario for BMC Atrium CMDB groups, roles, and users

Access to BMC Atrium Core components requires that you correctly configure groups, roles, and users on the BMC Remedy AR System server.
The following example illustrates how you can create permissions for Calbro users. The following table lists examples of two users that require different permissions to BMC Atrium Core components based on the tasks they need to perform.

  • Bob Baxter manages Backoffice Support at Calbro Services. His job description requires him to view BMC Atrium CMDB data. He notices that the Oracle database needs a patch. He needs to be able to run a simulation on the Oracle CI to see the impact to the Calbro IT infrastructure if he brings down the server.
    He also must view any CIs, attributes, and tickets related to the Service Context of the underlying business service. Bob is considered a "low-access" user to the BMC Atrium CMDB.
  • Mary Mann is part of Calbro's support staff. Calbro's IT department uses the IT infrastructure to deliver value to the business, in the form of services. These services are tracked in BMC Atrium CMDB as CIs. They can be related to the IT infrastructure CIs that support them. Part of Mary's job description is to create the service CIs that represent the Calbro service model.
    Mary must be able to enable and view related information about her company's business services, including CIs, incidents, work orders, completed change requests, SLM service targets, and SLM agreements.
    Mary is considered a power user of the BMC Atrium CMDB.

The table lists the groups and roles needed by these users to accomplish their tasks. In an actual environment, users require different combinations of groups and roles than the examples in the following table.


Roles required for different levels of access

Type of user and sample tasks

Overview steps

Results

Low-access user, who needs only to view data. Bob must be able to:

  • View BMC Atrium CMDB data
  • Run simulations in Atrium Impact Simulator
  • Use the Service Context Summary window to view CIs, attributes, and related data.
  1. Create a low-access regular group (LowUserGroup ).
  2. Add the LowUserGroup group to the CMDB Console User Group and CMDB SC User computed groups.
  3. Create a user.
  4. Add the user to the LowUserGroup group.
    Note: Bob cannot view specific BMC Atrium CMDB data until you add row-level security to the data, or you map the LowUserGroup group to the CMDB Data View All production role. For more information, see Roles, instance permissions, and row-level access in BMC Atrium Core.

Bob can view the data in the following BMC Atrium CMDB applications:

  • BMC Atrium Explorer
  • Atrium Impact Simulator
  • Product Catalog Console

Full-access administrator, who needs write access to all data and configurations. Mary must be able to:

  • View, create, modify, and delete BMC Atrium CMDB data
  • Create and modify queries
  • View, create, and modify class definitions
  • View, create, and modify federation definitions
  • View and run simulations in Atrium Impact Simulator
  • Configure attributes and other settings in the Service Context Administration window
  • Use the Service Context Summary window to view CIs, attributes, and related data
  • View, create, modify, and delete Reconciliation Engine jobs, activities, rules, and rulesets
  • Manually identify instances
  • Start and cancel Reconciliation Engine jobs
  • Modify normalization settings
  • Start and cancel Normalization Engine jobs
  • View, create, modify, and delete Product Catalog records
  • Add and remove Product Catalog relationships
  1. Create a full-access regular group ( AdminGroup ).
  2. Add the AdminGroup group to the following computed groups:
    • CMDB Console Admin Group computed group
    • CMDB Console User Group computed group
    • Atrium Foundation Viewer Computed
    • CMDB SC Admin Group
    • NE User Production Role
  3. Map the AdminGroup group to the NE User production role and to the NE Administrator production role.
  4. Add the AdminGroup group to the following RE roles:
    • CMDB RE User
    • CMDB RE Definitions Admin
    • CMDB RE Manual Identification 
  5. Create a user, and then add her to the following groups in the Group List:
    • General Access
    • Unrestricted Access
    • Administrator (if you want this user to view, create, and modify class definitions)
  6. Add the user to the AdminGroup group.
    Note: Mary cannot see or change specific BMC Atrium CMDB data until you add row-level security to the data, or you map the AdminGroup group to the CMDB Data View All and CMDB Data Change All roles. For more information, see Roles, instance permissions, and row-level access in BMC Atrium Core

Mary can view and modify the data in the following BMC Atrium CMDB applications:

  • BMC Atrium Explorer
  • Atrium Impact Simulator
  • Class Manager
  • Federation Manager
  • Normalization console
  • Product Catalog Console
  • Reconciliation console
  • Service Catalog
  • Service Context Administration window

Review carefully the groups and roles for other tasks that you might need to add to your users. For more information, see:

Was this page helpful? Yes No Submitting... Thank you

Comments