Access restrictions for administrators
In application development and production environments, you might want to provide different levels of access to your administrators. The following BMC Remedy AR System server features enable you to define access restrictions for administrators:
- Overlay Group field
Configure this setting in the User Form. For details, see Creating groups. - Struct Admin group
In the User Form, assign the user to this group to grant Struct Admin access. For details, see Special groups in BMC Remedy AR System. - Struct Subadmin group
In the User Form, assign the user to this group to grant Struct Admin access. For details, see Special groups in BMC Remedy AR System.
Mode assignment based on access restrictions
To allow external customers the ability to configure extensions and customizations to their applications, and to ensure that upgrades can implemented without affecting these changes, Developer Studio now includes Best Practice Customization mode.
Members of the Administrator, Sub Administrator, Struct Admin, and Struct Subadmin groups by default can create, modify, and delete all base, overlay, and custom objects to which their group memberships give them access. By adding an overlay group to these user's group lists, you can restrict them to only overlay and custom objects (or only to base objects). For more information about Struct Admin and Struct Subadmin groups, see Access level options for administrators.
You can add a read-only functionality to the members of the Struct Admin group. By adding this functionality you can allow the members to view and export objects, but restrict them to create, modify, delete and import all base, overlay and custom objects.
Important
Any user assigned to the Administrator, Sub Administrator, Struct Admin, or Struct Subadmin group must have a fixed license or the group assignment is ignored.
To restrict a user to creating, modifying, and deleting overlay and custom objects, but not base objects, and without access to data or administrative functions:
- Create a group with Overlay Group field value 0. Add the user to this group.
- Add the user to the Struct Admin group.
- Create a permission group named Struct Admin. Add the user to this group. You'll use this group to grant access to system forms that are otherwise visible only to Administrators. For more information about Struct Admin permissions, see Struct Admin group permissions.
- Make sure the user has a Fixed license.
To restrict a user to creating and modifying only certain overlay and custom objects, without access to data or administrative functions:
- Create a group with Overlay Group field value 1. Add the user to this group.
- Add the user to the Struct Subadmin group.
- Create a group and add it to the Administrator lists of the objects you want the user to access.
- Add the user to this group.
- Make sure the user has a Fixed license.
Struct Subadmin users are very similar to Sub Administrator users; they both get permission to an object via the object's Administrator group list. Neither Struct Subadmin or Sub Administrator users have special access to the forms mentioned in Struct Admin group permissions.
To restrict a user to creating, modifying, deleting, and importing all base, overlay, and custom objects, with access only to viewing and exporting definitions:
- Create a group with Overlay Group field value 999999999. Add the user to this group.
Add the user to the Struct Admin group.
Overlay Group field
The Group Information form contains an Overlay Group field, with the values defined in the following table.
Overlay Group field values
Mode | Description |
---|---|
0 | User is restricted to editing base mode objects. |
1 | User is restricted to editing overlay/custom objects (Best Practice Customization mode). |
999999999 | User is restricted to editing base, overlay, and custom objects. |
(clear) | This group imposes no restrictions on access to base or overlay-mode objects. |
Note: Do not assign an overlay to a computed group. If you assign an overlay to a computed group, the ARERR 8821 warning occurs and the computed group is saved with Overlay Group as NULL in the AR System server.
To create an administrator that has access to only one development mode at a time, create a user with the following Group List settings:
- One of the groups has Overlay Group set to 1.
For more information about Overlay Groups, see Selecting requests in list view and tree view tables. - One of the groups is Administrator, Sub Administrator, Struct Admin, or Struct Subadmin.
For more information about Struct Admin and Struct SubAdmin groups, see Struct Admin group permissions. - One of the groups is a Struct Admin Permissions group.
For more information about the Struct Admin permission group, see Access level options for administrators and Struct Admin group permissions.
In this scenario, the user can only log on and work as an administrator or subadministrator in one development mode, and cannot switch to another mode.
Comments
Log in or register to comment.