Adding and modifying user information
If you use BMC Remedy AR System-based applications, set up users in each application's People form, not in the User form. For more information, see the application documentation.
In BMC Remedy AR System, you can have registered users and guest users. Each type of user has different privileges within the system, as discussed in the following sections.
You enter data in the User form to define the components that work together to determine each user's access to BMC Remedy AR System: login name, password, group membership, and license type. You also define notification information for each user in this form. For information about the restrictions for creating or modifying user information, see Restrictions.
To grant a user permission for BMC Remedy AR System objects, add the user to the groups to which access will be given. To make a user part of a group, choose the appropriate group from the Group List menu in the User form. (Multiple group names in the Group List field are separated by spaces.) You can select from the reserved BMC Remedy AR System groups.
- If the group information is returned through external authentication, you cannot be a part of any administrator group. You can be a part of the administrator group only from the User form. For information about setting up for external authentication, see Configuring the AR System server for external authentication and Specifying internal and external authentication.
- You can get group information from external authentication only if the Group List is NULL.
For more information, see Groups in BMC Remedy AR System.
User form in new mode
To open the User form, from the Remedy AR System Administration Console, click System > Application > Users / Groups / Roles > Users.
In the Login Name field, on the User form, you cannot use the word System as a user.
The following table lists the key fields in the User form.
Identifying name that the user enters into the User Name field when logging in to BMC Remedy AR System. The name can be the same or different than the user name by which this user is known to the underlying operating system. The dynamic group with an ID of 60988 has read access to this field, enabling the user to view this field if a password policy is established. See Enforcing a password policy introduction.
Full name of the user.
Identifying password that the user enters when logging in to BMC Remedy AR System. This field's length is 30 bytes, so you can enable users to enter as many as 30 bytes.
Note: Users cannot enter a 28-character password, or an error will occur during authentication.
The Password field is encrypted into the database by using a one-way hash (SHA-1), so unauthorized users cannot retrieve passwords in clear text, for example, to log in to applications. To enhance system security, select a password that is different from one used for another purpose. If unsecure passwords are needed for applications, store the password in a character field rather than the Password field (field 102). If the Password field is left blank, the BMC Remedy AR System server does not validate the password with the user's Windows or UNIX password, unless you configure the server to cross-reference a blank password. See Cross-referencing blank passwords. The dynamic group with an ID of 60988 has read access to this field, enabling the user to view this field if a password policy is established. See Enforcing a password policy introduction.
The access control groups to which the user belongs. If you leave this field empty, the user has only basic Submitter, Assignee, Assignee Group, or Public permissions. Specify groups by name or ID, as defined in the Group form. User permissions are determined in the Group List field of the User form. If you later change the Group ID for a group, the users originally assigned to the group are still attached to the old ID. If no group has the old ID, these users lose access to any BMC Remedy AR System object for which they do not have permission through another group. If you choose to This field is limited to 4000 bytes, including expanded strings. See Groups in BMC Remedy AR System.
Note: If you create multiple groups with the same ID, the User form displays the first available group name for the selected group id.
Computed Group List
The names of the computed groups to which the User is a member. The members of a computed group are calculated by the server based on the groups that the User belongs to. This is a display-only field, and the field ID is 121. To search in this field in a query-by-example, enter the ID number of a computed group. To enter more than one computed group ID, include semicolons after each ID. You must enter the computed group IDs in the same order in which the names appear in the Computed Group List field when the user's record is displayed. In the following examples:
Full name of a user. By default, this name appears in the Results pane of the User form when users perform a search operation.
Type of license that the user is assigned:
The default is Read. For descriptions of these license types, see License types for users to access BMC Remedy AR System server.
List of application licenses granted to the user. For example, BMC Change Mgmt User Fixed, where BMC Change Mgmt is the name of the application and User Fixed is the type of license. BMC Remedy AR System automatically populates this field according to information entered in the application's People form.
For more information adding login IDs and access rights, see
From this release, you can use the menu attached to this field to assign application and/or bundled licenses to users.
Default Notify Mechanism
Method by which the user is notified for Notify filter and escalation actions when User Default is specified. The default setting on the User form is Alert.
Email address used to notify the user if email is the notify method.
Defines the status of the user account. This field is for information only. It does not change the status of a user's account. This field is set through workflow if you set a password policy. See Enforcing a password policy introduction. The options are:
|User Information||Allowed Client Types|
Allows the user to make API calls using only the client types mentioned in the Allowed Client Types field.
To enter more than one client type ID, include semicolons after each ID. In the following example, the user can make an API call only to BMC Remedy Mid Tier, BMC Remedy Developer Studio and BMC ProactiveNet Performance Management.
If the user makes an API call to the Client Type not assigned in the Allowed Client Types field, the API call fails with the following error:
If the Allowed Client Type field is left blank, the user can make API calls using any client type. For more information on the list of Client types, see List of Client Type ID.
Disable Password Management For This User
Disables password management for the user. If this check box is selected, when the User Password Management Configuration form is updated, the user is not affected. For more information about password management, see Enforcing a password policy introduction.
Dynamic Group Access
The dynamic group to which the user belongs.
Last Password Change for Policy
The last time the password was changed. BMC Remedy AR System automatically updated this field when a user's password is changed.
Account Disabled Date
The date the account was disabled, if applicable.
Force Password Change on Login
Indicates that the user must change the password. The next time the user logs in, the user is prompted to change the password. After the password is changed, the check box in the User form is automatically cleared through workflow.
Number of Days Before Expiration
The numbers of days before a user's password expires if it is not changed.
Number of Warning Days
Indicates when a user receives a warning message before the password is set to expire unless changed.
Days After Expiration Until Disablement
The number of days after which a user's account is disabled if the password is not changed.
Restrictions for users and groups
You cannot create other users with more administrative rights than yourself, and you cannot modify your own rights.
The new restrictions are applied to prevent:
- Creation of an administrative user by a non-administrative user.
- Creation of an administrative user with access to more overlay groups than the administrative user who created them.
The following restrictions are applied before and after you create or modify any user in the User and Group form.
- Only an administrator can create, modify, or delete other users belonging to the Administrator, Sub-Administrator, Struct Admin, or Struct Sub-Admin groups.
A user must have Group ID 1 (AR Administrator) in the group list to create/modify/delete another user with any of the four administrative class groups in their group list.
No Admin user can create or modify a user (themselves included) with lesser administrative restrictions than the user making the modification.
For example, an administrator user with Overlay Group 1 cannot create or modify users with no overlay groups. Consider a situation where you have created an ABCGroup with an Overlay Group set to 1. User ABCAdmin is part of Administrator group and ABCGroup. However, ABCAdmin is restricted only to the ABCGroup. ABCAdmin can change (create/modify/delete) any user belonging only to the ABCGroup. For more information about creating a group as an overlay group, see Creating groups.
Additionally, a user cannot create another admin user with the ability to modify base objects if they themselves cannot do it.
Best PracticeWe recommend that you restrict your users to make modifications only to custom objects and overlays.
- Only an unrestricted administrator can create, modify, or delete groups that restrict a user’s administrative capabilities.
Only an administrator with no overlay specific groups can create, modify, or remove overlay specific groups.