Additive access control
Access control in BMC Remedy AR System is additive. This means that each user in BMC Remedy AR System begins with no permissions. Administrators then add permissions as needed.
The server verifies the permissions of an object to determine if access to the object is granted. If access is granted at any step along the decision tree, as shown in "Additive permissions", the user has permission to access the object. As you add permissions to various BMC Remedy AR System objects, users have access to the object if they are members of any group with access or any role that maps to a group with access.
In this example, Lydia Lan is a member of two groups: Engineering and Engineering Managers. The Engineering group does not have access to Form1, but the Engineering Managers group does. Thus, although Lydia does not have access to Form1 through the Engineering group, she does have access through the Engineering Managers group.
(Click the image to expand it.)
You must assign permissions to every application, form, field, active link, active link guide, packing list, and web service that requires access control. Start by designing the access control for your application or forms. Define default permissions before you create objects and fields to save time and prevent errors. You can also use batch Edit dialog box and the Assign Group Permissions dialog box to change permissions for multiple object in one operation. For more information, see Assigning permissions.