Controlling access to data with multitenancy
BMC Atrium Configuration Management Database (BMC Atrium CMDB) offers a flexible permissions model that lets you grant role-based permission to areas of BMC Atrium CMDB functionality and grant row-level read and write permission to instance data.
This row-level security enables BMC Atrium CMDB to support multitenancy. Multitenancy means that one CMDB holds data about multiple parties' IT environments, usually in the case of an IT service provider, and each party can access only their own data. Each party whose data is represented in the CMDB is considered an account.
Overview of multitenancy in BMC Atrium Core
Multitenancy has long been a feature in the BMC Remedy IT Service Management (BMC Remedy ITSM) product suite that enables you to control which records and configuration data are exposed to a user, based on the user's membership in a company, business unit, or other group.
Although multitenancy is primarily used by consuming applications such as BMC Remedy ITSM and Service Impact Manager, BMC Atrium CMDB provides the mechanisms for a multitenancy permission model. BMC Atrium CMDB also defines a base implementation for a multitenancy permission model. You can extend this base implementation or develop a new implementation that is consistent with the base implementation. The Product Catalog component also leverages multitenancy. If you have not installed BMC Remedy ITSM, you can set up multitenancy by using the Product Catalog and the
AccountID default instance permissions in BMC Atrium CMDB. If you do this, make sure that the
AccountID values match the company values in the Company form.
AccountID is used to control BMC Atrium CMDB multitenancy, while the company field is used to control multitenancy in the Product Catalog and BMC Remedy ITSM applications.
You can use multitenancy to control access in a hosted environment. For example, in a service provider environment, a single BMC Atrium CMDB application might be used by multiple companies, with the data for each company hidden from the other companies using the application. You can also use multitenancy to control access in a single company, with the data for each business unit hidden from other business units.
Multitenancy is used to segregate data and restrict access by the Company field, in BMC Remedy ITSM, or the Company form in BMC Remedy Action Request System. Access restrictions can be created so that a user with access to only one company cannot see data for another company. To segregate data by business unit, you must record each business unit as a separate company. In this scenario, a user with access to only one business unit cannot see incidents for another business unit.
You can use BMC Remedy ITSM to set up multitenancy. However, if you have not installed BMC Remedy ITSM, you can set up multitenancy by using the Product Catalog component of BMC Atrium Core. For more information, see Multitenancy support in the Product Catalog.