Normalization and instance permissions
You can use the Normalization Engine to set the row-level permissions for specified classes and, with BMC Remedy AR System qualifications, specific instances.
To use the Normalization Engine for instance permissions, you must complete the following steps:
- Define the rules for setting the row-level permissions. (See Creating normalization rules to set row-level permissions.)
- For each data set, enable the Row-Level Security feature. (See Configuring normalization settings for datasets.)
In addition to the CMDB Data View and CMDB Data Change roles, users must also have row-level access to instances. Each class has two attributes that specify users with read and write access to the class instances.
CMDBRowLevelSecurity— Users who are members of a group with row-level access have permission to view the instance if they also have the CMDB Data View or CMDB Data Change role.
CMDBWriteSecurity— Users who are members of a group with write access have permission to modify the instance if they also have row-level access and the CMDB Data Viewer role. This permission gives a user write access to a specific instance without giving write access to all instances with one of the CMDB Data Change roles.
You can define groups for the following permissions:
- View — Members of these groups and roles can view the attribute in the class form, but cannot modify its value.
- Change — Members of these groups and roles can view and modify the attribute value.