Administrator security role
BMC Remedy AR System provides administrators with interfaces to manage security policy and its implementation in the AR System Administration Console, BMC Remedy Developer Studio, and the BMC Remedy Mid Tier Configuration Tool. These clients allow the administrator to manage server objects and system configuration settings, and to control access to AR System by human users, BMC Remedy-based applications, and other external clients.
All user access definition and management is performed through forms that are accessible to administrators. Policy management and implementation are controlled through the use of access control groups and security role definitions and privileges. Access control groups are the basis by which all user access is granted. Access control in AR System is additive. Each user starts out with no access to AR System controlled objects, and administrators or subadministrators add permissions as needed. Administrators can set default permissions and specific permissions on objects in AR System, and subadministrators can set specific permissions to objects where assigned.
Roles, including security roles, are specified in the AR System by membership in groups. The AR System reserves eight group IDs for special group definitions with associated access privileges, including the groups administrator and subadministrator. Members of the administrator group have the security role administrator. Members of the subadministrator group have the security role subadministrator.
Configuration of application servers, including application server passwords, is controlled by administrators using the AR System Administration: Server Information form and other forms accessible to the administrator through a browser. Many settings managed in the AR System Administration: Server Information form are stored in the server configuration file (ar.cfg on Windows or ar.conf on UNIX). The administrator must protect this and other configuration files from tampering by setting the appropriate directory permissions and file settings. In addition to the file protections assumed to be provided by the operational environment, application service passwords stored in configuration files are obfuscated using a proprietary implementation of DES.