This documentation supports the 20.02 version of Remedy Action Request (AR) System.

To view an earlier version, select the version from the Product version menu.


Adding and modifying user information

Important

If you use BMC Remedy AR System-based applications, set up users in each application's People form, not in the User form. For more information, see How roles map to permission groups Open link in Remedy IT Service Management Suite documentation.

In BMC Remedy AR System, you can have registered users and guest users. Each type of user has different privileges within the system, as discussed in the following sections.

You enter data in the User form to define the components that work together to determine each user's access to BMC Remedy AR System: login name, password, group membership, and license type. You also define notification information for each user in this form. For information about the restrictions for creating or modifying user information, see Restrictions.

To grant a user permission for BMC Remedy AR System objects, add the user to the groups to which access will be given. To make a user part of a group, choose the appropriate group from the Group List menu in the User form. (Multiple group names in the Group List field are separated by spaces.) You can select from the reserved BMC Remedy AR System groups.

Only an administrator can access the Group List field. The following error is displayed if a non-admin user tries to access the Group List field:

You have no access to form :Group (ARERR 353)

Notes

For more information, see Groups in BMC Remedy AR System.


User form in new mode

To open the User form, from the Remedy AR System Administration Console, click System > Application > Users / Groups / Roles > Users.


In the Login Name field, on the User form, you cannot use the word System as a user.

The following table lists the key fields in the User form.


Area name

Field

Description

User Information

Login Name

Identifying name that the user enters into the User Name field when logging in to BMC Remedy AR System. The name can be the same or different than the user name by which this user is known to the underlying operating system. The dynamic group with an ID of 60988 has read access to this field, enabling the user to view this field if a password policy is established. See Enforcing a password policy introduction.

User Information

Full Name

Full name of the user.

User Information

Password

Identifying password that the user enters when logging in to BMC Remedy AR System. This field's length is 30 bytes, so you can enable users to enter as many as 30 bytes.

Note: Users cannot enter a 28-character password, or an error will occur during authentication.

The Password field is encrypted into the database by using a one-way hash (SHA-1), so unauthorized users cannot retrieve passwords in clear text, for example, to log in to applications. To enhance system security, select a password that is different from one used for another purpose. If unsecure passwords are needed for applications, store the password in a character field rather than the Password field (field 102). If the Password field is left blank, the BMC Remedy AR System server does not validate the password with the user's Windows or UNIX password, unless you configure the server to cross-reference a blank password. See Cross-referencing blank passwords. The dynamic group with an ID of 60988 has read access to this field, enabling the user to view this field if a password policy is established. See Enforcing a password policy introduction.

Important

While creating a user via the Java driver or Create Entry from API program, if you add leading and trailing spaces to a password string in the Password field, the leading and trailing spaces are retained after you save the user details.

For example, if you set the password as " password ", the password gets saved as " password ".

However, while creating a user via Mid Tier, if you add leading and trailing spaces to a password string in the Password field, the leading and trailing spaces are omitted after you save the user details.

For example, if you set the password as " password ", the password gets saved as "password".

Therefore, the users created via the Java driver or Create Entry from API program with leading and trailing spaces in their passwords face issues when they log in via Mid Tier. Because Mid Tier sends the passwords to the server for validation after removing the spaces, they do not match the ones that are stored with spaces.

User Information

Group List

The access control groups to which the user belongs. If you leave this field empty, the user has only basic Submitter, Assignee, Assignee Group, or Public permissions. Specify groups by name or ID, as defined in the Group form. User permissions are determined in the Group List field of the User form. If you later change the Group ID for a group, the users originally assigned to the group are still attached to the old ID. If no group has the old ID, these users lose access to any BMC Remedy AR System object for which they do not have permission through another group. If you choose to This field is limited to 4000 bytes, including expanded strings. See Groups in BMC Remedy AR System.

Note: If you create multiple groups with the same ID, the User form displays the first available group name for the selected group id.

User Information

Computed Group List

The names of the computed groups to which the User is a member. The members of a computed group are calculated by the server based on the groups that the User belongs to. This is a display-only field, and the field ID is 121. To search in this field in a query-by-example, enter the ID number of a computed group. To enter more than one computed group ID, include semicolons after each ID. You must enter the computed group IDs in the same order in which the names appear in the Computed Group List field when the user's record is displayed. In the following examples:

  • The ID for Computed Group 1 is 5678.
  • The ID for Computed Group 2 is 6789.



    You can also use the Advanced Search bar with the LIKE operator. Include the semicolon with the complete ID.

    To search for users who are members of Computed Group 1, enter:
    'Computed Group List' LIKE "%5678;%"

    You can also enter a partial ID for the computed group.

    To search for users who are members of both Computed Group 1 and Computed Group 2, enter:
    'Computed Group List' LIKE "%56%" AND 'Computed Group List' LIKE "%89%"

User Information

Full Name

Full name of a user. By default, this name appears in the Results pane of the User form when users perform a search operation.

User Information

License Type

Type of license that the user is assigned:

  • Read
  • Fixed
  • Floating
  • Restricted Read
  • Bundled

The default is Read. For descriptions of these license types, see License types for users to access BMC Remedy AR System server.

User Information

Application License

List of application licenses granted to the user. For example, BMC Change Mgmt User Fixed, where BMC Change Mgmt is the name of the application and User Fixed is the type of license. BMC Remedy AR System automatically populates this field according to information entered in the application's People form.

For more information adding login IDs and access rights, see Adding login IDs and access rights Open link

From this release, you can use the menu attached to this field to assign application and/or bundled licenses to users.

Important:

  • To use BMC Remedy AR System-based applications from BMC Software, users need an BMC Remedy AR System user license (to access the BMC Remedy AR System server) and an application user license (to access the application).
  • The AR System Server does not allow to assign Application user fixed license to a user having AR User floating license.
  • The AR System Server does not allow to assign any Application User fixed or floating license to a user having AR User read license.

User Information

Default Notify Mechanism

Method by which the user is notified for Notify filter and escalation actions when User Default is specified. The default setting on the User form is Alert.

User Information

Email Address

Email address used to notify the user if email is the notify method.

Important

You must associate only one Email Address with one user record to ensure that:

  • The email based approvals work correctly.
  • The outgoing emails are sent without any issues.

User Information

Status

Defines the status of the user account. This field is for information only. It does not change the status of a user's account. This field is set through workflow if you set a password policy. See Enforcing a password policy introduction. The options are:

  • Current---The account is in use.
  • Disabled---The account is no longer in use.
User InformationAllowed Client Types

Allows the user to make API calls using only the client types mentioned in the Allowed Client Types field.

To enter more than one client type ID, include semicolons after each ID. In the following example, the user can make an API call only to BMC Remedy Mid Tier, BMC Remedy Developer Studio and BMC ProactiveNet Performance Management.

If the user makes an API call to the Client Type not assigned in the Allowed Client Types field, the API call fails with the following error:

ARRER 8937: You do not have permission to the client operation.

If the Allowed Client Type field is left blank, the user can make API calls using any client type. For more information on the list of Client types, see List of Client Type ID.

Password Management

Disable Password Management For This User

Disables password management for the user. If this check box is selected, when the User Password Management Configuration form is updated, the user is not affected. For more information about password management, see Enforcing a password policy introduction.

Password Management

Dynamic Group Access

The dynamic group to which the user belongs.

Password Management

Last Password Change for Policy

The last time the password was changed. BMC Remedy AR System automatically updated this field when a user's password is changed.

Password Management

Account Disabled Date

The date the account was disabled, if applicable.

Password Management

Force Password Change on Login

Indicates that the user must change the password. The next time the user logs in, the user is prompted to change the password. After the password is changed, the check box in the User form is automatically cleared through workflow.

Password Management

Number of Days Before Expiration

The numbers of days before a user's password expires if it is not changed.

Password Management

Number of Warning Days

Indicates when a user receives a warning message before the password is set to expire unless changed.

Password Management

Days After Expiration Until Disablement

The number of days after which a user's account is disabled if the password is not changed.

Restrictions for users and groups

You cannot create other users with more administrative rights than yourself, and you cannot modify your own rights.

The new restrictions are applied to prevent:

  • Creation of an administrative user by a non-administrative user.
  • Creation of an administrative user with access to more overlay groups than the administrative user who created them.

The following restrictions are applied before and after you create or modify any user in the User and Group form.

  • Only an administrator can create, modify, or delete other users belonging to the Administrator, Sub-Administrator, Struct Admin, or Struct Sub-Admin groups.
    A user must have Group ID 1 (AR Administrator) in the group list to create/modify/delete another user with any of the four administrative class groups in their group list.
  • No Admin user can create or modify a user (themselves included) with lesser administrative restrictions than the user making the modification.
    For example, an administrator user with Overlay Group 1 cannot create or modify users with no overlay groups. Consider a situation where you have created an ABCGroup with an Overlay Group set to 1. User ABCAdmin is part of Administrator group and ABCGroup. However, ABCAdmin is restricted only to the ABCGroup. ABCAdmin can change (create/modify/delete) any user belonging only to the ABCGroup. For more information about creating a group as an overlay group, see Creating groups.
    Additionally, a user cannot create another admin user with the ability to modify base objects if they themselves cannot do it. 

    Best practice

    We recommend that you restrict your users to make modifications only to custom objects and overlays.

  • Only an unrestricted administrator can create, modify, or delete groups that restrict a user’s administrative capabilities.
    Only an administrator with no overlay specific groups can create, modify, or remove overlay specific groups.

Using advance search on the User form

Use advance search for searching Group List field or Row Level Security fields that store multiple group's data. For example, if you want to search for Contact Location Admin (group id 20023) group, use 'Group List' LIKE "%;20023;%" qualification.


Was this page helpful? Yes No Submitting... Thank you

Comments