×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

This documentation supports the 21.3 version of Action Request System.

To view an earlier version, select the version from the Product version menu.

AR System 21.3 ... Administering Setting up users, access, and preferences Creating users, groups, and roles Creating and mapping roles

Creating an Administrator security role

AR System  provides administrators with interfaces to manage security policy and its implementation in the AR System Administration Console, Developer Studio , and the Remedy Mid Tier Configuration Tool. These clients allow the administrator to manage server objects and system configuration settings, and to control access to AR System by human users, BMC Remedy-based applications, and other external clients.

All user access definition and management is performed through forms that are accessible to administrators. Policy management and implementation are controlled through the use of access control groups and security role definitions and privileges. Access control groups are the basis by which all user access is granted. Access control in AR System is additive. Each user starts out with no access to AR System controlled objects, and administrators or subadministrators add permissions as needed. Administrators can set default permissions and specific permissions on objects in AR System, and subadministrators can set specific permissions to objects where assigned.

Roles, including security roles, are specified in the AR System by membership in groups. The AR System reserves eight group IDs for special group definitions with associated access privileges, including the groups administrator and subadministrator. Members of the administrator group have the security role administrator. Members of the subadministrator group have the security role subadministrator.

Configuration of application servers, including application server passwords, is controlled by administrators using the AR System Administration: Server Information form and other forms accessible to the administrator through a browser. Many settings managed in the AR System Administration: Server Information form are stored in the server configuration file (ar.cfg on Windows or ar.conf on UNIX). The administrator must protect this and other configuration files from tampering by setting the appropriate directory permissions and file settings. In addition to the file protections assumed to be provided by the operational environment, application service passwords stored in configuration files are obfuscated using a proprietary implementation of DES.

In your application development and production environments, you can provide different levels of access for administrators. The Overlay Group option on the Group Information Form, provides the following access options:

  • Overlay Group field set to 1
    When a group assigned to the user has the Overlay Group field set to 1, the user is restricted to working on overlay and custom mode objects. In Developer Studio , the user can work only in Best Practice Customization mode.
  • Overlay Group field set to 0
    When a group assigned to the user has the Overlay Group field set to 0, the user is restricted to working on base mode objects. In Developer Studio , the user can work only in Base Developer mode.

  • Overlay Group field set to 999999999

    When a group assigned to the user has the Overlay Group field set to 999999999, the user is restricted from creating, modifying, deleting, and importing objects. The user can only read and export objects from all layers.

  • Overlay Group set to (clear)
    When the Overlay Group is set to (clear) the Group provides no restrictions on access to base, overlay, or custom objects. For more information about Overlay Groups, see Creating and managing access control groups

    When you assign a user to a group with Overlay Groups set to 1, you must also assign the user to the Struct Admin or Struct Subadmin group. For more information, see User and group access and Operations on objects restricted by development mode.

To create a new group with the Overlay Group option set to 1

  1. From the Remedy AR System Administration Console, select Application > Users/Groups/Roles > Groups.
  2. Create the Group as desired, and select 1 from the Overlay Group list. 

To create Struct Admin Permissions

  1. From the Remedy AR System Administration Console, select Application > Users/Groups/Roles > Groups.
  2. Create a group named Struct Admin Permissions, to provide access to the objects.
  3. Set the Group Category field to Regular.
  4. Set the Group Type field to Change.
  5. Specify the Group ID that no other groups use and that is outside of the range of BMC reserved Group IDs.

To assign group assignments to a user

  1. From the Remedy AR System Administration Console, select Application > Users/Groups/Roles > Users.
  2. Make sure the user is assigned the following groups:
    • Struct Admin
    • Struct Admin Permissions

          For details, see Struct Admin group permissions.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Anagha Deshpande on May 02, 2022
roles permissions security access administrators

Comments

Log in or register to comment.

Creating and mapping roles
Creating a Subadministrator security role
© Copyright 1991-2024 BMC Software, Inc. © Copyright 1991-2024 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.