Managing access permissions

With access permissions, you can grant access to the Main Tabs of BMC Release Process Management (RPM) and the objects on those tabs. Custom roles that you create and assign to groups have permission settings that you can change to grant or restrict access to the various tabs and objects. By default, when you create a new role all Main Tabs are visible to group members with that role.

Root users (or any users with the appropriate permissions) can manage access to the Main Tabs and objects of the application by setting the appropriate access permissions for specific roles. Users who are members of groups with those specific roles can view and access the tabs and objects granted by the access permissions of the roles. The applications assigned to a group give users the ability to view and access an application and its objects (for example, environments, components, requests, and so on).

To change access permissions for an existing role

1. Go to System  > Roles.

2. In the Roles list, in the Actions column next the required role, click Edit, and then make the appropriate changes.

   • To edit tabs that you want to be visible to users in the main menu (Dashboard, Plans, Requests, and other), expand Main Tabs, and then select or clear the appropriate check boxes.

   • To edit other permissions, expand the required tab, and then select or clear the the appropriate permission for objects on the tab.

   Tip

   To make all objects on the tab available to users, click Select All.

   To clear all objects on the tab, click Clear. You can then click each check box to grant permissions to the appropriate objects.

3. To save your changes, click Update.

To set access permissions for a new role

You can set access permissions when you create a new role for a group. For more information, see To create a role.

You can set and change the following permissions:

Main Tab permissions

For each role, you can select the tabs that will be accessible for users with that role. The Main Tabs permissions shown below correspond to the Main Tabs of the BMC Release Process Management application. Selected tabs grant access to the objects, therefore, users can view and access the tabs. Tabs that are not selected are not visible to groups of users with that role.

_{(click the image to expand it)}

_{Back to top}

Dashboard permissions

On the Dashboard tab, users can see requests assigned to their application only. If a user only has a permission to View Requests lists, the user cannot view requests in the Created state. Access permission for Created requests is added separately and applies to any Requests lists visible in the application, including the Dashboard. For example, if a user does not have permission to view Created requests, Created requests are not visible in the My Requests and Currently Running Steps subtabs on the Dashboard. Users who do not have access to the Requests list cannot view the requests in any Requests lists, including the Dashboard.

Users who do not have permission to view Servers lists cannot view servers in the My Servers subtab on the Dashboard.

The following image shows the Dashboard objects that you can set. If selected, the object is accessible on the Dashboard tab. Otherwise, the object is not visible to groups of users.

_{(click the image to expand it)}

_{Back to top}

Plans permissions

The following image shows a partial list of the Plans objects that you can set. If selected, the object is accessible on the Plans tab. Otherwise, the object is not visible to the users.

_{(click the image to expand it)}

_{Back to top} 

Releases permissions

The following image shows a list of the Releases objects that you can set. If selected, the object is accessible on the Releases tab of the BMC Release Lifecycle Management Requester UI (now called Release Process Management - Requester UI, 5.0.03.001 onward). Otherwise, the object is not visible to the users.

• View Releases: Allows to view the list of the releases.
• Inspect Releases: Allows to view the list of the releases and open the release to view its details.
• Create Release: Allows to view the list of the releases, their details, and create new releases.

_{Back to top}

Requests permissions

Access permission for Created requests is added separately and applies to any Requests lists visible in the application. 

NEW IN 5.0.01.00 You can create, edit, and delete request properties with this permission. If you have the Create Requests permission but not the Manage Requests Properties permission, then you can only modify the request property values.

NEW IN 5.0.03.005 You can view the script, input parameters to the script, and the script execution results for a step if you have the View Notes tab > View Full Automation Results permission. Otherwise, you can view only script execution results.

NEW IN 5.0.03.005 You can define the dependency of a step on a request or a specific step of a request if you have the View Dependency tab permission. For example, if a step is dependent on a request, the step will not execute unless all the steps of the request are executed. 

NEW IN 5.0.05 You can modify the step status execution condition of a step by selecting the Modify Execution Condition check box. By default, this permission is deactivated.

NEW IN 5.0.05 You can modify the Continue In Problem flag at step level by selecting the Modify Continue In Problem check box. By default, this permission is deactivated.

NEW IN 5.0.05 You can now restrict users from forcefully completing an automatic step before it is executed. To do this, select the Restrict Completing Automatic Step checkbox at the step level permissions. By default, this permission is deactivated and users can complete the automatic steps.

The following image shows a partial list of the Requests objects that you can set. If selected, the object is accessible on the Requests tab. Otherwise, the object is not visible to users.

_{(click the image to expand it)}

Back to top

Reports permissions

The following image shows the Reports objects that you can set. If selected, the object is accessible on the Reports tab. Otherwise, the object is not visible to users.

_{(click the image to expand it)}

_{Back to top}

Applications permissions

The following image shows a partial list of the Applications objects that you can set. If selected, the object is accessible on the Applications tab. Otherwise, the object is not visible to users.

_{(click the image to expand it)}

_{Back to top}  

Environment permissions

The following image shows a partial list of the Environment objects that you can set. If selected, the object is accessible on the Environment tab. Otherwise, the object is not visible to users.

_{(click the image to expand it)}

_{Back to top}

System permissions

The following image shows a partial list of the System objects that you can set. If selected, the object is accessible on the System tab. Otherwise, the object is not visible to users.

NEW IN 5.0.03.002  You can now assign permissions to roles to unlock a user by selecting the Unlock User check box. Users belonging to the role that is assigned the Unlock User permission can unlock user accounts.

NEW IN 5.0.03.004 You can now assign permissions to a role to view audit results by selecting the View Audits check box. Users belonging to this role can perform audits on all resources in the system. 

_{Back to top}