This documentation supports the 18.02 version of BMC Digital Workplace. To view the latest version, select the version from the Product version menu.

Overview of user accounts and groups for BMC Digital Workplace Catalog

BMC Digital Workplace Catalog maintains an independent user database that contains the accounts for users who can request service catalog items. The user database is also where a system administrator or service catalog administrator can specify the permissions for users who can log in to the catalog administration console to manage the service catalog.


Overview of users

BMC Digital Workplace Catalog maintains its own user database, separate from the databases used by other applications, such as BMC Digital Workplace and Remedy IT Service Management (ITSM).

To enable a self-service user to view and request service catalog items, the server system administrator must create a user account in BMC Digital Workplace Catalog that shares the same credentials with the self-service account. The users are stored in the tenant database and are not shared directly with other applications.

A user must exist in the BMC Digital Workplace Catalog database before an administrator can:

  • Entitle the user to view and request catalog items
  • Promote the user to perform an administrative role

The administrator can create user accounts manually, or by running a script to copy the user database from a Remedy ITSM.

Overview of groups

BMC Digital Workplace Catalog provides a way to entitle users to view and request service catalog items as part of a custom group rather than as an individual user. The custom groups are created when running the script to copy the user database from Remedy ITSM. The group names combine the company, organization, and department attributes of the user records.

BMC Digital Workplace Catalog groups are unique to the application, and do not share any relationship with permissions groups used by other applications

Permission levels

When you create a user account, you can define the capabilities of the account by assigning one of the following permission groups. The following table provides an overview of the permissions levels that can be assigned to users.

Permission levelUser rolePermission groupLicense levelDescription
Service catalog administratorAdministratorsbe-catalog-adminsFixedAssign this permission to enable a user with full rights to manage all aspects of the service catalog.
Asset managerAsset Managersbe-asset-managersFixedAssign this permission to enable a user to manage user entitlements by creating virtual marketplaces.
Internal service supplierInternal Suppliersbe-internal-suppliersFixedAssign this permission to enable a user to create and modify services and workflows.
Service agentAgentsbe-agentsFixed

Assign this permission to enable a user to access the BMC Digital Workplace Catalog console to view service requests.

Allow Remedy Mid Tier access to an administrator
(Any administrative role)Administrator(Fixed)Assign this permission to any administrative user account to enable the user to log in to Remedy Mid Tier.

BMC Digital Workplace client user

No specified rolesbe-myit-usersRead

Assign this permission to enable a user with the rights to request BMC Digital Workplace Catalog services from BMC Digital Workplace.

For more details about the BMC Digital Workplace Catalog permission groups, see Assigning BMC Digital Workplace Catalog roles to user accounts


Warning

You cannot combine the following permission group assignments, or certain features of the BMC Digital Workplace Catalog application will not work properly:

  • Any administrative or agent permission group (sbe-catalog-admins, sbe-internal-suppliers, sbe-asset-managers, sbe-agents) and the BMC Digital Workplace client user permission group.
  • The BMC Digital Workplace client user permission group and the Administrator permission group.

User information fields

When creating user accounts, you must provide the information in the following table.

Note

The first two table columns alternate based on where they are used:

  • Field name: The user interface label shown in Remedy Mid Tier.
  • Key name: The field name used when JSON text files are created to pass into shell scripts.
Field nameKey nameExamplesDescription
Full NamefullName

Hannah

Hannah Administrator

Specify the full name of the user.

Login NameloginName

When viewed in Remedy Mid Tier, login name is shown without the tenant domain.

Example: hannah_admin

When user accounts with the shell scripts method are created, the login name field shows the the tenant domain as an environment variable.

Example: hannah_admin@${rx_tenant_domain}

Specify the name the user would enter to log in to most Remedy IT Service Management applications. The Login Name field is case sensitive.

For example: If the user's login name is Bob, and the company uses the domain calbroservices.com:

  • To log in to most BMC applications, the user would enter: Bob
  • To log in to BMC Digital Workplace Catalog, the user would enter Bob@calbroservices.com
  • To log in when BMC Remedy Single Sign-On is configured for all applications, the user would enter Bob
Email AddressemailAddresshannah_admin@calbroservices.comSpecify the email address used by the account. This address does not need to match the user's login name.
License TypelicenseTypeFixed

Specify the license type for this user.

All administrators and service agents who can log in to manage services in BMC Digital Workplace Catalog require a Fixed license type.

BMC Digital Workplace client users require only a Read license type to be able to request services from the catalog. In Remedy Mid Tier, the Read license type is shown as Restricted Read.

Group Listgroups

Administrator sbe-catalog-admins

["Administrator", "sbe-catalog-admins"]

["sbe-myit-users"]

Specify the permission group memberships to assign to a BMC Digital Workplace Catalog user account.

When you assign permissions by using Remedy Mid Tier, add the permission group name as additional entries in the Group List field.

When you assign permissions by using a script, enclose the permission group names in an array.

PasswordpasswordPassw0rd!

Specify a password with a minimum of 8 characters and a maximum of 30 characters. The password must include all of the following characters:

  • Uppercase letters
  • Lowercase letters
  • Numeric characters
  • Special characters, for example: ~!@#$%^&*_-

To enable a user to view and request services through self-service, the user's credentials must match the Remedy ITSM user account.

When adding users from Remedy ITSM by running the automated user transfer script, you must enable the cross-reference blank password setting in the mid tier configuration. Then, for these users to be able to log in, you must enable BMC Remedy Single Sign-On.

For more information, see the following topics:

At this time, only BMC Digital Workplace Catalog administrators who can access the User form on Remedy Mid Tier can change user passwords.

Status(Not used in scripts)Current

When you create users by using Remedy Mid Tier, set this field to one of the following values:

  • Current: to define an active user.
  • Disabled: to define an inactive user.
(Not on user form)forcePasswordChangeOnLoginfalseWhen you create users by using scripts, leave set to false.

Example permissions and fields for a system notification user


BMC Digital Workplace requires a service level user that runs background tasks such as pushing notifications to self-service users when BMC Digital Workplace Catalog requests are being processed. You must create the user account that will perform these actions, and provide the credentials for this user when you enable the enhanced catalog. These notifications are sent to the BMC Digital Workplace client applications. To send notifications by email, you must also complete the configuration described in Configuring email notifications.

The following table shows an example of the fields used to create the system notification user. You should specify unique login credentials when creating the system notification user in your environment.

Field nameKey nameExample
Full NamefullNameSystem Notification Account
Login NameloginNamesys_notification@calbroservices.com
Email AddressemailAddresssys_notification@calbroservices.com
License TypelicenseTypeRead
Group Listgroups

sbe-myit-users

Note: Do not add the Administrator group to any users of the sbe-myit-users group.

Passwordpassword5Y5_n0tification!
Status(Not used in scripts)Current
(Not on user form)forcePasswordChangeOnLoginfalse

Example permissions and fields for an enhanced catalog administrator

The administrator who maintains the sections in the enhanced catalog must also be a service catalog administrator in BMC Digital Workplace Catalog. When you follow the installation process steps to create a tenant, the process creates the first service catalog administrator user account for you.

The following table shows an example of the fields used to create the first service catalog administrator user account. You should disable this account and specify unique login credentials when creating additional users in your environment.

Field nameKey nameExample
Full NamefullNameHannah Administrator
Login NameloginNamehannah_admin@calbroservices.com
Email AddressemailAddresshannah_admin@calbroservices.com
License TypelicenseTypeFixed
Group Listgroups

["sbe-catalog-admins", "Administrator"]

Note: Do not combine administrative permissions with the sbe-myit-users group.

PasswordpasswordPassw0rd!
Status(Not used in scripts)Current
(Not on user form)forcePasswordChangeOnLoginfalse

Example permissions and fields for a service agent

A service agent who reviews user requests must be a service agent in BMC Digital Workplace Catalog.

The following table shows an example of the fields used to create a service agent.

Field nameKey nameExample
Full NamefullNameJim Serven
Login NameloginNamejim_serven@calbroservices.com
Email AddressemailAddressjim_serven@calbroservices.com
License TypelicenseTypeFixed
Group Listgroups

["sbe-agents", "Administrator"]

Note: Do not combine administrative permissions with the sbe-myit-users group.

PasswordpasswordPassw0rd!
Status(Not used in scripts)Current
(Not on user form)forcePasswordChangeOnLoginfalse

Was this page helpful? Yes No Submitting... Thank you

Comments