Assigning permissions to access objects and requests
This section provides an overview of the AR System access control. Topics include:
- User and group access
- Access to AR System objects
- Assigning groups or roles access to objects
- Controlling access to requests
- Enabling submitters to modify requests
- Restricting users from uploading and viewing files with specific extensions
For information about role-based access, see Role-based access overview.
Access control is the AR System mechanism that controls which users can open an application, form, or guide in a browser, can perform an action, and can create, view, modify, and delete a request. You can configure AR System to run with limited access privileges and access to limited set of resources on the host machine. This prevents malicious scripts or programs from being installed on the machine.
In defining access control, you must:
- Identify and create the groups and roles (for deployable applications) that reflect key functions in your company and the type of information each function must access.
- Create users on your Remedy AR System server and assign their respective groups to them.
Group membership ultimately determines which objects a user can access and which operations individual a user can perform. AR System has various levels of security:
- Server—Controls access to the AR System server . A user must be defined on a server or connect to it as a guest user if the server permits them.
- Application, form, and workflow—Controls access to AR System objects. A user must belong to a group that has permission to access an application, form, active link, or active link guide to see it and use it.
- Request (or row)—Controls access to individual requests in a form. A user can have permission to view or change only requests the user created or those created by a member of a group to which they belong.
- Field (or column)—Controls whether a user can view or can change a field in a form.
A user can have permission to view or change a request but cannot see or change individual fields unless the user also belongs to a group with the required field-level permission.
The following figure presents an overview of access control, and lists the questions that you can use to determine the access that users have to
Access control overview