Defining default permissions

Default object permissions are defined by object type. They are applied when you create a new object or when you click Apply Defaults in the permissions dialog box for an existing object.

You can define default permissions for an object type for the server in general, or you can set them within an application. Server default permissions are an administrator preference setting and are stored in the user's Developer Studio workspace, so they only apply for the administrator or subadministrator who defines them. Application default permissions are associated with the application, so any administrator or assigned subadministrator can use them. Application default permissions are applied to objects created in that application, but not to other objects on the server.

Setting default permissions is most appropriate for a development server. When developing an application or a workflow component, first create the groups or roles that will have access to all the objects in the application or workflow. Then, configure default permissions to use those groups or roles. Thereafter, when you create these objects and fields, AR System applies the default permissions and you only need to set individual object or field permissions in cases where the default permissions are not correct.

Default permissions defined for forms on a server are shown here. The groups listed will be granted visible permissions or hidden permissions to any new forms.

Server default permissions
(Click the image to expand.)


The Default Permissions dialog box for an application is shown here. In this case, the administrator is assigning permission for new active link guides created in the application.

Application default permissions
(Click the image to expand.)


The default permissions for the object type are automatically applied to the object or field when it is created, and are displayed in the Permissions property. To reset permissions to the defined default permissions for an existing object or field, open the Permissions dialog box for the object or field, and then click Restore Defaults.

For additional information about permissions, see:

• Form, active link guide, and application permissions
• Field permissions
• Active link permissions
• Assigning permissions for individual or multiple BMC Remedy AR System objects

To define default permissions for a server or an application

1. Open the appropriate Default Permissions dialog box.
   To set default permissions for an application:
   1. Open the application in the application editor.
   2. Choose Application > Default Permissions.
      To set default permissions for a server:
   3. Choose Window > Preferences.
   4. In the Preferences dialog box, expand Developer Studio and select Default Permissions.
   5. Select the appropriate server from the Server drop-down list.
2. In the Default Permissions preferences page or dialog box, select the appropriate object type.
3. To add default permissions, click Add.
   For a server, all appropriate groups are listed. For an application, the roles for that application and appropriate implicit groups are listed.
4. In the Add Groups dialog box, select the groups or roles to add and click OK.

5. In the Default Permissions page or dialog box, set the access level in the Permissions column.

   Object Types	Access level	Access for users in the group or groups mapped to the role
   Active link guide, application, form, web service	Visible	View and access the object in the user client.
   Active link guide, application, form, web service	Hidden	Access to the object only through workflow.
   Field	View	View the field.
   Field	Change	View and change the field.
   Active link, packing list	(none)	View and access the object in the user client.

6. For fields only, select or clear the Allow Any User to Submitcheck box. Use this mode to determine security for the field when a request is submitted. If the check box is:
   • Selected — Any user can assign a value to the field, regardless of whether the submitter belongs to an explicit group with Change permission to the field.
   • Cleared (the default) — Only users who belong to one or more explicit groups with Change permission to the field (or users who belong to explicit groups mapped to roles with Change permission to the field) can enter data into the field. Row-level security permissions cannot grant access during entry creation.

To remove default permissions

1. Select the group or role in the Permissions list and click Remove or click Remove All.
2. Click OK to save your changes and close the Preferences dialog box. The default permissions are defined for the server or application you selected and the current administrator login. Each administrator can have different default permissions for objects created on each server.