This documentation supports the 9.1 to 9.1 Service Pack 3 version and its patches of BMC Atrium Core. The documentation for version 9.1.04 and its patches is available here.

To view the latest version, select the version from the Product version menu.

Configuring default permissions of classes

You can use the BMC.CORE.CONFIG:BMC_DefaultAccountPermissions form to configure the default permissions of classes in the BMC Atrium CMDB.

BMC.CORE.CONFIG:BMC_DefaultAccountPermissions form

Before you begin

To configure default permissions

  1. Open the BMC.CORE.CONFIG:BMC_DefaultAccountPermissions form in New request mode.
    Use the following direct access URL to open the form:
    http:<midTierServer>:<portNumber>/arsys/forms/<arSystemServer>/ BMC.CORE.CONFIG:BMC_DefaultAccountPermissions
  2. In the MATCHAccountID field, type the name of a specific account or type default to match all accounts for which you do not specify permissions.
  3. In the MATCHAppliedToClassId field, type the class ID of a BMC Atrium CMDB class or type default to match all classes for which you do not specify permissions.

    Note

    The class ID is case sensitive and might not be the same as the class name. For example, the BMC_ComputerSystem class has a class ID of BMC_COMPUTERSYSTEM. For more information about the class ID of a specific class, see the BMC Atrium CMDB Data Model Help.

  4. In the ASSIGNRowLevelSecurity field, enter the Group IDs (instead of the Group Names) that you want to have row-level security for new instances, separated by spaces.
    You can use any BMC Remedy AR System group or role, such as those listed in BMC Atrium Core permission roles within applications. The field menu appends selections to the value currently in the field.
  5. In the ASSIGNWriteSecurity field, enter the Group IDs (instead of the Group Names) that you want to have write security for new instances, separated by spaces.

    Note

    In this procedure, you are creating a new instance of the BMC_DefaultAccountPermissions class. It is recommended to keep the CMDBRowLevelSecurity and CMDBWriteSecurity fields blank in the BMC_DefaultAccountPermissions form.

  6. Click Save

    It is recommended to restart AR server for the permissions to take effect.

Default instance permissions of classes

Default instance permissions allow you to specify CMDBRowLevelSecurity and CMDBWriteSecurity values for an entire class instead of specifying them every time you create an instance of the class. You can give these permissions to a different group for each account ID, which supports multitenancy by enabling you to grant users access to only the instances for their account.

Using the BMC_DefaultAccountPermissions form, you specify default permissions with the BMC_DefaultAccountPermissions class, a special class in the BMC.CORE.CONFIG namespace. Each BMC_DefaultAccountPermissions instance can grant both row-level and write security. You can specify the class and account it applies to, or allow it to apply more broadly by using the keyword default.

Note

In the Class Manager, you can find the BMC_DefaultAccountPermissions class as a subclass of the BMC_ConfigBaseElement base class.



The AccountID and ClassId attributes of every new instance are compared against the MATCHAccountID and MATCHAppliedToClassId attributes in BMC_DefaultAccountPermissions. The BMC_DefaultAccountPermissions instance with the lowest precedence number as shown in the following table supplies permissions for the new instance. If no instance matches and you do not supply values for the CMDBRowLevelSecurity or CMDBWriteSecurity attribute of the instance, no user has that level of security for the instance.


BMC_DefaultAccountPermissions matching precedence

Precedence

Account matching

Class matching

1

MATCHAccountID matches AccountID on instance

MATCHAppliedToClassId matches ClassId on instance

2

MATCHAccountID matches AccountID on instance

MATCHAppliedToClassId is default

3

MATCHAccountID is default

MATCHAppliedToClassId matches ClassId on instance

4

MATCHAccountID is default

MATCHAppliedToClassId is default

Default permissions are applied to an instance only when it is created. If you later change the permissions mappings in BMC_DefaultAccountPermissions, the permissions on existing instances are not updated. In that case you must edit the instances manually to match the new permissions.

Note

If you supply values for CMDBRowLevelSecurity and CMDBWriteSecurity when creating an instance, those values are appended to the default permissions. Both values are saved at instance creation.

For example, given the BMC_DefaultAccountPermissions instances in the following table, a new instance of BMC_ComputerSystem with an AccountID of Calbro Services would have the Service Desk group placed in both its CMDBRowLevelSecurity and CMDBWriteSecurity attributes. An instance of BMC_Monitor with an AccountID of Calbro Services would have the Service Desk group placed in its CMDBRowLevelSecurity attribute and the Change Team group placed in its CMDBWriteSecurity attribute.


Example instances of BMC_DefaultAccountPermissions

MATCHAccountID

MATCHAppliedToClassId

ASSIGNRowLevelSecurity

ASSIGNWriteSecurity

default

BMC_COMPUTERSYSTEM

10333

(Group ID for All Hands group)

20008

(Group ID for Problem Master group)

Calbro Services

default

20008

(Group ID for Problem Master group)

20008

(Group ID for Problem Master group)

Calbro Services

BMC_MONITOR

20008

(Group ID for Problem Master group)

20013

(Group ID for Change Master group)

default

default

20013

(Group ID for Change Master group)

20013

(Group ID for Change Master group)

Was this page helpful? Yes No Submitting... Thank you

Comments