This documentation supports the 19.08 version of Remedy Action Request System.

To view an earlier version, select the version from the Product version menu.

Access restrictions for administrators

In application development and production environments, you might want to provide different levels of access to your administrators. The following BMC Remedy AR System server features enable you to define access restrictions for administrators:

Mode assignment based on access restrictions

To allow external customers the ability to configure extensions and customizations to their applications, and to ensure that upgrades can implemented without affecting these changes, Developer Studio now includes Best Practice Customization mode.

Members of the Administrator, Sub Administrator, Struct Admin, and Struct Subadmin groups by default can create, modify, and delete all base, overlay, and custom objects to which their group memberships give them access. By adding an overlay group to these user's group lists, you can restrict them to only overlay and custom objects (or only to base objects). For more information about Struct Admin and Struct Subadmin groups, see Access level options for administrators.

You can add a read-only functionality to the members of the Struct Admin group. By adding this functionality you can allow the members to view and export objects, but restrict them to create, modify, delete and import all base, overlay and custom objects.

Important

Any user assigned to the Administrator, Sub Administrator, Struct Admin, or Struct Subadmin group must have a fixed license or the group assignment is ignored.

To restrict a user to creating, modifying, and deleting overlay and custom objects, but not base objects, and without access to data or administrative functions:

  1. Create a group with Overlay Group field value 0. Add the user to this group.
  2. Add the user to the Struct Admin group.
  3. Create a permission group named Struct Admin. Add the user to this group. You'll use this group to grant access to system forms that are otherwise visible only to Administrators. For more information about Struct Admin permissions, see Struct Admin group permissions.
  4. Make sure the user has a Fixed license.

To restrict a user to creating and modifying only certain overlay and custom objects, without access to data or administrative functions:

  1. Create a group with Overlay Group field value 1. Add the user to this group.
  2. Add the user to the Struct Subadmin group.
  3. Create a group and add it to the Administrator lists of the objects you want the user to access.
  4. Add the user to this group.
  5. Make sure the user has a Fixed license.
    Struct Subadmin users are very similar to Sub Administrator users; they both get permission to an object via the object's Administrator group list. Neither Struct Subadmin or Sub Administrator users have special access to the forms mentioned in Struct Admin group permissions.

To restrict a user to creating, modifying, deleting, and importing all base, overlay, and custom objects, with access only to viewing and exporting definitions:

  1. Create a group with Overlay Group field value 999999999. Add the user to this group.
  2. Add the user to the Struct Admin group.

Overlay Group field

The Group Information form contains an Overlay Group field, with the values defined in the following table.

Overlay Group field values

Mode

Description

0

User is restricted to editing base mode objects.

1

User is restricted to editing overlay/custom objects (Best Practice Customization mode).

999999999User is restricted to editing base, overlay, and custom objects.

(clear)

This group imposes no restrictions on access to base or overlay-mode objects.

Note: Do not assign an overlay to a computed group. If you assign an overlay to a computed group, the ARERR 8821 warning occurs and the computed group is saved with Overlay Group as NULL in the AR System server.

To create an administrator that has access to only one development mode at a time, create a user with the following Group List settings:

Was this page helpful? Yes No Submitting... Thank you

Comments