This documentation supports the 9.1 version of Asset Management.

To view the latest version, select the version from the Product version menu.

BMC Asset Management user permissions

This section describes the permissions and authorizations required by BMC Asset Management users.

Asset Management permissions

This table describes the Asset Management permissions for following user roles.

Note

If you select the Application user license type as None, you get only Asset Inventory permissions. For information about these permissions, see Asset Inventory permissions . 

Permissions

Description

Application user license type

Asset Admin

Users with Asset Admin permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions:

  • Create, modify, and administer contracts.
  • Create and modify license certificates from the Service Activation Management console.
  • Create and modify CIs
  • Create and modify CI Unavailability records (also referred to as Outage records).
  • Manage configurations.
  • Manage schedules.
  • Manage costs.
  • Perform bulk update functions.
  • Configure costing and charge back periods from the Application Administration console.

Note: This permission does not grant access to purchasing or receiving functions. A person with Asset Admin permissions does not need Asset User and Asset Viewer permissions.

Best practice: We recommend that you grant these permissions only to users playing a Configuration Administrator role.

Users with Asset Admin permission have full access to contracts and SWLM features, which means they do not need any other Contract permissions unless they must create new Contract Types (this ability is given with Contract Admin permissions) or configure certain aspects of SWLM (this ability is given with Contract Config permissions).

  • Fixed
  • Floating
  • None

Asset User

Users with Asset User permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions:

  • Modify contracts
  • Create, modify, and delete the following within a CI record to which the user has access (but they cannot perform these functions from the Asset Management console):
    • Contracts
    • Configurations
    • Costs
    • Outages
    • Returns
    • Schedules

Note: A person with Asset User permissions does not need Asset Viewer permissions. Asset Admin permission is required to access inventory management and bulk update features. The Asset User permission does not grant access to the following functions:

  • Inventory management
  • Bulk update
  • Purchasing
  • Receiving

A user with Asset User permissions cannot create a CI to CI relationship.

The Asset User permissions do not have equivalent permissions to the Contract User permissions group. If a user requires the ability to either modify license certificates or manage License jobs as part of SWLM, then they must also be given Contract User permissions.

Best practice: We recommend that you grant these permissions to users who are directly supporting specific CIs and who must update CI attributes and relationships.


  • Fixed
  • Floating
  • None

Asset Viewer

Users with Asset Viewer permissions have access to all of the Asset Inventory functions as well as the following Asset Management functions:

  • Read access to contracts.
  • Read access to the following areas within a CI record:
    • Contracts
    • Configurations
    • Outages
    • Schedules

Note: The Asset Viewer permission does not grant access to:

  • Inventory management
  • Bulk update
  • Cost management
  • Purchasing
  • Receiving functions
  • Software Asset Management console

Asset Viewer permissions are automatically granted when assigning any of the following permissions:

  • Incident User
  • Incident Master
  • Problem User
  • Problem Master
  • Infrastructure Change User
  • Infrastructure Change Master
  • Infrastructure Change Config
  • Release Config
  • Release Master
  • Release User
  • Task Manager
  • Task User
  • Purchasing User
  • Contract Admin
  • Contract User
  • Contract Viewer
  • Request Catalog Manager

Best practice: We recommend that you grant these permissions to all Support personnel (that is, users who do not already have the Asset Admin or Asset User permissions). Having access to CI information is vital for most ITIL processes.

  • None

Asset Config

Users with Asset Config permission have access to all of the Asset Inventory functions as well as the following Asset Management functions:

  • Configuring CI depreciation criteria
  • Configuring CI notifications
  • Configuring CI Unavailability status
  • Configuring License Types
  • Configure Inbox preferences for SWLM
  • Configuring License Engine for SWLM
  • Configuring Asset Management rules
  • Configuring CI Unavailability priority
  • Setting up server info for AR System License Type for Software License Management (SWLM).

Note: Users with Asset Config permission do not need Contract Config permissions.

Best practice: We recommend that you grant these permissions only to users who administer the Asset Inventory and Asset Management system (that is, to an user who acts as an Application Administrator).

  • Fixed
  • Floating
  • None

Purchasing User

Users with Purchasing User permissions can access the following functions within the BMC Asset Management application:

  • Create and modify purchase requisitions that are assigned to the user's support group (this includes line items).
  • Create and modify purchase orders.
    This permission grants access to only the purchasing functions (excludes receiving) and does not provide any access to areas where an 'Asset' or 'Contract' type permission are required.

Best practice: We recommend that you limit the use of these permissions to users who perform the following roles in the Asset Management Purchasing feature:

  • Configuration Administrator — These users might must submit purchase requests issued through the Change Management process
  • Purchasing Agent
  • Fixed
  • Floating

Receiving User

Users with Receiving User permissions can access the Receiving console to receive CIs from the Purchasing system.

Best practice: We recommend that you grant these permissions only to users who use the Asset Management Purchasing feature, for example, Purchasing Agents because, they grant access only to the receiving functions.

  • None

Contract Admin

Users with Contract Admin permissions can perform the following functions:

  • Create and modify all contracts from the Contract console.
  • Create and modify license certificates from the SAM console.
  • Configure new Contract Types from the Application Administration console.
  • Manage license jobs from the SAM console.

Note: A user with the Asset Admin permission can do everything that a user with Contract Admin permission with the exception of creating new Contract Types.

Best practice: We recommend that you grant these permissions to users who need full access to the Contract Management features, but who don't need the full Asset Management access given by the Asset Admin permissions group.

  • Fixed
  • Floating

Contract User

Users with Contract User permissions can perform the following functions:

  • Modify public contracts from the Contract console.
  • Modify internal contracts from the Contract console (if the user belongs to the Support Group that manages the contract).
  • Create and modify license certificates for contracts they have access to from the SAM console.
  • Manage license jobs from SAM console.

Best practice: We recommend that you grant these permissions to users who need controlled access to create and modify contracts, but who do not require access to modify CI information. If a user is also needs to modify CI information, you should also give that user Asset User permissions.

  • Fixed
  • Floating

Contract Viewer

Users with Contract Viewer permission can view all contracts from the Contract console.

Note: This permission does not grant access to the SAM console. The Asset Viewer permission grants the same type of access to contracts and CI information as the Contract Viewer permission. Users with Asset Viewer permissions do not also need Contract Viewer permissions.

Best practice: We recommend that you grant these permissions to users who require view access to contracts.

  • None

Contract Config

Typically, an Application Administrator requires this set of permissions. Users with Contract Config permission can perform the following functions:

  • Configure License Types.
  • Configure Inbox preferences for SWLM.
  • Configure the License Engine for SWLM.
  • Configure Asset Management rules.
  • Set up server information for the AR System License Type for SWLM.

Note: This permission does not grant access to the SAM console. If a user has Asset Config permission they do not need Contract Config permissions. This is because, the Asset Config permissions group can configure the same SWLM features that the Contract Config permissions can configure.

Best practice: We recommend that you grant these permissions to users who must only configure Software Licence Management (SWLM) features.

  • Fixed
  • Floating

Contract Management permission model

Contract Management permission groups are defined as computed groups in the Group form. Each Contract permission group is mapped to an Asset permission group to support the deployable application functionality. To remove specific users from the computed group, remove the BMC Asset Management groups for each Contract permission group to make each Contract permission group stand alone.

Cost module permission model

The cost module uses the following permissions:

  • Cost Viewer — Can only view cost data
  • Cost User — Can add costs
  • Cost Manager — Can update and manage the charge back process

BMC Atrium Core permissions

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Chris Parent

    Using Asset 9.1.02, can you please confirm:

    Asset User permission states it can create & modify contracts.  However the application will not allow this permission to create a contract.  Message states only Contract Admin can create contracts.

    May 09, 2017 08:46
    1. Nidhi Das

      Hello Chris,

      I will discuss this with the concerned SME and will write back to you.

      Regards,
      Nidhi 

      May 10, 2017 12:22
    1. Mokshada Shivarekar

      Hello Chris,

      Thank you, for pointing out the issue. SME confirmed that the Asset user role does not provide permission to create a contract. However, with this permission you can modify the contracts.

      I have updated the permissions in the docs.

      Regards,

      Mokshada

      Jul 05, 2017 11:17
  2. Thomas Hammer

    According to this documentation users with permission "Asset User" do not have the permission to create a new CI. According to this documentation you will need "Asset Admin" to be able to create new CIs. Did I understand this correctly? But according to our installation (9.1.03) also users with "Asset User" permission (no "Asset Admin" permission) are able to create new CIs. Do you have an explanation for this discrepancy? Did the implementation change and documentation has not been updated? Or is there a defect in 9.1.03?

    May 07, 2018 06:49
    1. Aditya Kirloskar

      Hello Thomas,

      Thank you for your comment. I will talk to the concerned SME and update you accordingly.

      Regards,

      Aditya

      Jan 10, 2019 11:05
    1. Aditya Kirloskar

      Hello Thomas,

      Thank you for pointing out this issue. Only an user with “Asset Admin” permission can create a CI. We have documented a known issue for this on the Known and Corrected issues page.

      Regards,

      Aditya

      Jan 23, 2019 02:15
  3. Marvin Schumacher

    Hello, Are you able to lock down the SOAP API to certain things or if you have access it's all or nothing? Is there specific documentation for API use, setup for API?

    Jan 10, 2019 08:51
    1. Aditya Kirloskar

      Hello Marvin,

      Thank you for your comment. I will talk to the concerned SME and update you accordingly.

      Regards,

      Aditya

      Jan 10, 2019 11:05
    1. Aditya Kirloskar

      Hello Marvin,

      As per my discussion with SME, if you have access to SOAP API, you can either have all access to all the functionality or no access at all. For more information about using SOAP API, see SOAP Headers and authentication.


      Regards,

      Aditya

      Feb 06, 2019 11:55