This documentation applies to the 8.0 version of Remedy Action Request System, which is in "End of Version Support." You will not be able to leave comments.

To view the latest version, select the version from the Product version menu.

Creating and mapping roles

Roles are permissions similar to groups, except that they belong to a particular application, instead of a particular server. Roles are used exclusively in deployable applications.

Roles are defined for each deployable application and then mapped to explicit groups on the server. You can map a deployable application's roles to different groups on different servers, depending on how the groups are defined on each server. This allows you to develop and test the application on one server and deploy it to a number of other servers without having to redefine permissions on each server. You can also map roles to different groups for each development state, such as Test or Production. You can then switch between states using BMC Remedy Developer Studio or workflow.

Because roles are mapped to groups, the groups you define on the server and the users that belong to them are the foundation of access control.

Use the Roles form in a browser to create roles to which you grant or deny access to objects in deployable applications. In deployable applications, you assign permissions using implicit groups (including dynamic groups) and roles. You then map roles to explicit groups on the server. For more information about deployable applications, see Defining and managing an application. This section provides the steps to create roles and map them to explicit groups. Although there is no limit to the number of roles that you can create, for maintenance purposes you might want to limit the number.

Note

You must log on as an Administrator to work with the Roles form.

You can map roles to regular or computed groups for the Test and Production application development states. You can also create custom states and map roles for those states. To enable a particular mapping, change the application's state. For more information, see Working with deployable application states.

Use the following procedures to create, modify, or delete BMC Remedy AR System roles:

Roles form — New mode

(Click to expand the image.)



The following table lists the key fields in the Roles form.


Key fields in the Roles form

Field

Description

Application Name

Name of the deployable application for which the role is defined. You can define the same role for multiple applications, but you must create a separate Roles form entry for each.

Role Name

Name by which the role is known. Within each application, every role name should be unique. You can reuse the same role name-role ID pairs across a suite of applications.

Role ID

Integer ID that is the recognized identity of the role. The ID must be a negative number, such as -10001. Role IDs must be unique for each application name. You can reuse the same role name-role ID pairs across a suite of applications.

Test

Enter or select one group name for the regular or computed group to which you want to map this role for the Test application state. To enable this mapping, set the application's State property to Test. For more information, see Working with deployable application states.

Production

Enter or select one group name for the regular or computed group to which you want to map this role for the Production application state. To enable this mapping, set the application's State property to Production. For more information, see Working with deployable application states.

To create and map roles

  1. In a browser, open the Roles form in New mode for the server that contains the deployable application for which you are creating roles.
  2. Enter information in the Application Name, Role Name, and Role ID fields, as described in the previous table.
    If you save the role now, you can begin assigning permissions for this role to objects within the application. A role is listed only for object in the deployable application to which the role belongs.
  3. Enter a regular or computed group ID in each Mapped Group field to define access permissions for each application state.
  4. Save your changes.

    Note

    Newly created roles appear in Permissions dialogs after the server recaches (about 5 seconds, depending on your system).

To modify roles and role mappings

  1. In a browser, open the Roles form in Search mode for the server that contains the deployable application for which you are creating roles.
  2. Search the form to retrieve a list of currently defined roles for a particular application.
  3. Select the appropriate roles and modify information in the appropriate fields.
  4. Save your changes.

To delete roles

  1. In a browser, open the Roles form in Search mode for the server that contains the deployable application for which you are creating roles.
  2. Search the form to retrieve a list of currently defined roles for a particular application.
  3. Select the appropriate role.
  4. Choose Actions > Delete.
    A confirmation box appears to verify that you want to delete the role entry.
  5. Click OK.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments