This documentation supports the 21.05 version of BMC Helix ITSM: Asset Management. To view an earlier version, select the version from the product version menu.

Roles and permissions in Asset Management




To access the various modules in BMC Helix ITSM: Asset Management, you need the following permissions and authorizations:

  • Asset Management permissions
  • Contract Management permission model
  • Cost module permission model
Related topic

Providing users with permissions to access the CMDB Portal by using groups and roles Open link

Asset Management permissions

This table describes the Asset Management permissions for the following user roles.

Important

If you select the Application user license type as None, you get only Asset Inventory permissions. For information about these permissions, see Asset Inventory permissions Open link

Permissions

Description

Application user license type

Asset Admin

Users with Asset Admin permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions:

  • Create, modify, and administer contracts
  • Create and modify license certificates from the Service Activation Management console
  • Create and modify CIs
  • Create and modify CI Unavailability records (also referred to as Outage records)
  • Manage configurations
  • Manage schedules
  • Manage costs
  • Perform bulk update functions
  • Configure costing and charge back periods from the Application Administration console

Note: This permission does not grant access to purchasing or receiving functions. A person with Asset Admin permissions does not need Asset User and Asset Viewer permissions.

Best practice: We recommend that you grant these permissions only to users playing a Configuration Administrator role.

Users with Asset Admin permissions have full access to contracts and SWLM features, which means they do not need any other Contract permissions unless they must create new Contract Types (this ability is given with Contract Admin permissions) or configure certain aspects of SWLM (this ability is given with Contract Config permissions).

  • Fixed
  • Floating
  • None

Asset User

Users with Asset User permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions:

  • Modify contracts
  • Create, modify, and delete the following items within a CI record to which the user has access (but they cannot perform these functions from the Asset Management console):
    • Contracts
    • Configurations
    • Costs
    • Outages
    • Returns
    • Schedules

Note: To modify the CI, the user with asset user permission must be a member of the support group that is associated with the CI by the Supported by role. Asset Admin permission is required to access inventory management and bulk update features. The Asset User permission does not grant access to the following functions:

  • Inventory management
  • Bulk update
  • Purchasing
  • Receiving
  • Creating CI to CI relationship

A user with Asset User permissions does not automatically get the equivalent permissions to the Contract User permissions group. If a user requires the ability to either modify license certificates or manage License jobs as part of SWLM, then they must also be given Contract User permissions.

Best practice: We recommend that you grant these permissions to users who are directly supporting specific CIs and who must update CI attributes. Users with the Asset user permission can also update relationships for the following Request Type:

  • Incident
  • Infrastructure Change
  • Known Error
  • Problem Investigation
  • Release
  • Solution Database
  • Fixed
  • Floating
  • None

Asset Viewer

Users with Asset Viewer permissions have access to all of the Asset Inventory functions as well as the following Asset Management functions:

  • Read access to contracts
  • Read access to the following items within a CI record:
    • Contracts
    • Configurations
    • Outages
    • Schedules

Note: The Asset Viewer permission does not grant access to:

  • Inventory management
  • Bulk update
  • Cost management
  • Purchasing
  • Receiving functions
  • Software Asset Management console

Asset Viewer permissions are automatically granted when any of the following permissions are assigned:

  • Incident User
  • Incident Master
  • Problem User
  • Problem Master
  • Infrastructure Change User
  • Infrastructure Change Master
  • Infrastructure Change Config
  • Release Config
  • Release Master
  • Release User
  • Task Manager
  • Task User
  • Purchasing User
  • Contract Admin
  • Contract User
  • Contract Viewer
  • Request Catalog Manager

Best practice: We recommend that you grant the Asset Viewer permission to all Support personnel (that is, users who do not already have the Asset Admin or Asset User permissions). Having access to CI information is vital for most ITIL processes.

  • None

Asset Config

Users with Asset Config permission have access to all of the Asset Inventory functions as well as the following Asset Management functions:

  • Configuring CI depreciation criteria
  • Configuring CI notifications
  • Configuring CI Unavailability status
  • Configuring License Types
  • Configure Inbox preferences for SWLM
  • Configuring License Engine for SWLM
  • Configuring Asset Management rules
  • Configuring CI Unavailability priority
  • Setting up server information for AR System License Type for Software License Management

Note: Users with Asset Config permissions do not need Contract Config permissions.

Best practice: We recommend that you grant these permissions only to users who administer the Asset Inventory and Asset Management system (that is, to a user who acts as an Application Administrator).

  • Fixed
  • Floating
  • None

Purchasing User

Users with Purchasing User permissions can access the following functions within BMC Helix ITSM: Asset Management:

  • Create and modify purchase requisitions that are assigned to the user's support group (this includes line items).
  • Create and modify purchase orders.
    This permission grants access to only the purchasing functions (excludes receiving) and does not provide any access to areas where an 'Asset' or 'Contract' type permission is required.

Best practice: We recommend that you limit the use of these permissions to users who perform the following roles in the Asset Management Purchasing feature:

  • Configuration Administrator—These users might submit purchase requests issued through the Change Management process.
  • Purchasing Agent
  • Fixed
  • Floating

Receiving User

Users with Receiving User permissions can access the Receiving console to receive CIs from the Purchasing system.

Best practice: We recommend that you grant these permissions only to users who use the Asset Management Purchasing feature. For example Purchasing Agents.

  • None

Contract Admin

Users with Contract Admin permissions can perform the following functions:

  • Create and modify all contracts from the Contract console
  • Create and modify license certificates from the SAM console
  • Configure new Contract Types from the Application Administration console
  • Manage license jobs from the SAM console

Note: A user with Asset Admin permissions can do everything that a user with Contract Admin permissions can with the exception of creating new Contract Types.

Best practice: We recommend that you grant these permissions to users who need full access to the Contract Management features, but who don't need the full Asset Management access given by the Asset Admin permissions group.

  • Fixed
  • Floating

Contract User

Users with Contract User permissions can perform the following functions:

  • Modify public contracts from the Contract console
  • Modify internal contracts from the Contract console (if the user belongs to the Support Group that manages the contract)
  • Create and modify license certificates for contracts they have access to from the SAM console
  • Manage license jobs from SAM console

Best practice: We recommend that you grant these permissions to users who need controlled access to create and modify contracts, but who do not require access to modify CI information. If a user is also needs to modify CI information, you should also give that user Asset User permissions.

  • Fixed
  • Floating

Contract Viewer

Users with Contract Viewer permission can view all contracts from the Contract console.

Note: This permission does not grant access to the SAM console. The Asset Viewer permission grants the same type of access to contracts and CI information as the Contract Viewer permission. Users with Asset Viewer permissions do not also need Contract Viewer permissions.

Best practice: We recommend that you grant these permissions to users who require view access to contracts.

  • None

Contract Config

Typically, an Application Administrator requires this set of permissions. Users with Contract Config permission can perform the following functions:

  • Configure License Types.
  • Configure Inbox preferences for SWLM
  • Configure the License Engine for SWLM
  • Configure Asset Management rules
  • Set up server information for the AR System License Type for SWLM

Note: This permission does not grant access to the SAM console. If a user has Asset Config permission they do not need Contract Config permissions because, the Asset Config permissions group can configure the same SWLM features that the Contract Config permissions can configure.

Best practice: We recommend that you grant these permissions to users who must only configure Software License Management (SWLM) features.

  • Fixed
  • Floating

Contract Management permission model

Contract Management permission groups are defined as computed groups in the Group form. Each Contract permission group is mapped to an Asset permission group to support the deployable application functionality. To remove specific users from the computed group, remove the BMC Helix ITSM: Asset Management groups for each Contract permission group.

Cost module permission model

The cost module uses the following permissions:

  • Cost Viewer — Can only view cost data
  • Cost User — Can add costs
  • Cost Manager — Can update and manage the charge-back process

Asset Management roles 

The following table describes the several roles and their permissions that a user in BMC Helix ITSM: Asset Management can be associated with :

RolePermissionDescription
Asset administrator
  • Asset Admin
  • Contract User
  • Purchasing User
  • Receiving User
  • Incident Viewer
  • Problem Viewer
  • Release Viewer
  • Infrastructure Change Viewer
  • Knowledge Viewer
  • (Optional) Contact Organization Admin
    • This permission is needed only when the user must create support groups that manage CIs. Otherwise, you must grant them the functional role of Support Group Admin.
  • (Optional) Contact Categorization Admin
    • This permission is needed only if the user must create and update the product categorization data structures for the CI data.

The asset administrator requires an overall view of the CIs for which their support groups are responsible.  Some organizations call this role as asset manager or configuration administrator. 
Contract manager Contract AdminThe contract manager is responsible for managing IT contracts. In some organizations, the contract manager also takes on the role of software asset manager.
Financial manager Cost Manager permission.

The finance manager uses BMC Helix ITSM: Asset Management to review cost information and prepares periodic charge-back and cost-recovery reports.

Purchasing agentPurchasing User (needed only if you use the Purchasing module)
  • Receiving User (needed only if you use the Purchasing module)
  • Incident Viewer
  • Problem Viewer
  • Infrastructure Change Viewer
  • Release Viewer
  • Contract Viewer
  • Asset Viewer
  • Knowledge Viewer
The purchase agent is in charge of the purchases in an organization.
Software asset managerAsset AdminThe software asset manager is responsible for optimizing software assets and for managing compliance with software license contracts. The software asset manager also evaluates the usage of software licenses to make sure that the organization is not over purchasing the licenses.
Approver
  • Asset Viewer
  • Incident Viewer
  • Infrastructure Change Viewer
  • Problem Viewer
An approver can be any person in your organization.



Was this page helpful? Yes No Submitting... Thank you

Comments