Define permissions and sample data
It's worth noting that you actually have a choice here. Defining the permission model up-front is technically more efficient because you can assign Permission Roles to individual records, fields, views, and processes in a single pass as you build them out. However, it's also true that as long as you are willing to test your application only as an Administrator, then you could always postpone setting up roles and Functional Roles until after the application is developed. So, if you skip this part of the tutorial for now, that's fine but do remember that it will not be enabled for other users until you come back and revisit this topic.
That being said, assuming you want to set up permissions at the beginning, let's dive in. Recall the access control model we determined we needed during analysis:
This consists of setting up permission roles and functional roles as part of the application, and also creating (or importing) some sample test data. As mentioned previously, you can choose to skip this lesson for now, but this means that your application will only be able to be run by someone with Administrator permission. You can always choose to do this later and revisit your definitions to apply permissions when ready to do multi-user testing.
Create permission roles
Let's do this first, since functional roles need to be mapped to these.
- Go to the Administration area of BMC Helix Innovation Studio.
- In the Settings list, go to Configure My Server → Application Permissions → Manage Role Permissions.
- Click New.
- Specify the properties for an Order Submitter role as described in the preceding logical model.
- Application Name - this must match the application ID that was set when you first created the application (it is generally in the format developerid.application-short-name). If you used the install package to catch up, it will be Lunch Tutorial.
- Role Name - Order Submitter
- Role ID - you can specify any id as long as it is negative, unique, and in a very large range as it will prompt you. For more complex applications you should think about what kind of system to use to maintain these.
- Group Mapping - you can leave these blank, since we are going to map these Permission Roles to Person via Functional Roles.
- Save it.
- Repeat for Restaurant Manager.
Functional roles
Although our permission roles can be specified for our definitions, as mentioned above, they can't be mapped directly to our test users. That's what the functional roles are for.
- Go to the Administration area of BMC Helix Innovation Studio.
- In the Settings list, go to Configure My Server → Application Permissions → Manage Functional Roles.
- Click New.
- Specify the properties for Meal Program Member
- Application Name - same as used above.
- Functional Role Name - Meal Program Member.
- Description - up to you.
- Selected Role - this is where you map the permission roles for this functional role.
- Search for Order Submitter and select it.
- Also add AR Foundation Person Read.
- Save.
- Repeat to complete all the mappings needed according to the diagram: Meal Program Administrator and Meal Program Manager.
Functional Role | Mapped to Role |
|---|---|
| Meal Program Member | Order Submitter, AR Foundation Person Read |
| Meal Program Administrator | Order Submitter, Restaurant Manager, AR Foundation Person Read |
| Meal Program Manager | Restaurant Manager, AR Foundation Person Read |
Test yourself: why do we need to map the Permission Role for Person Read for this particular application?
When you are done, the Functional Roles list should look like this, matching our diagram.
Import Test Data
The application's access control model is complete, but for any kind of testing, you will also need Person and Primary Organization records. You can create these manually, or as a short-cut, you can use the Data Management Console to import them from the provided for this tutorial.
Get and unzip the data spreadsheets found in Tutorial Foundation Sample Data.zip. You should now have the following three files:
- 01-Tutorial Organization Data.xlsx
- 02-Tutorial Person Data.xlsx
- 03-Tutorial Person Associations.xlsx
The use of the Data Management Console is fully described in Loading foundation data in bulk. The important thing to remember is that each spreadsheet should be loaded in the order shown above (associations last).
If you see the Data Load Result as Processed, refresh the list of Employee records to see if they have been imported properly (if the status is not Processed, you can download a spreadsheet containing the error codes)
Sometimes, even if the status is Processed, there still could have been errors on a particular row basis. One common reason is when the create operation specified in the spreadsheet is specified repeatedly, those rows might error out. Also, when you import an operating organization, a group is automatically created based on a a group ID in the spreadsheet. You may need to manually delete this permission group in order to retry, and then you will have to re-import all subsequent data that depends on it as well.
If you did not use the Data Management Console, you will need to manually associate the employees to the operating organization.
Assign functional roles
Now that you have some employees, you can assign them the functional roles called for in our design. To map a functional role, find the Employee record in the Administration area, and use the Functional Roles picker.
Repeat this as needed to make the test data match our access control diagram. For example, Maria would be given the Meal Program Member functional role.
What we Learned
There are quite a few useful things you have now tried out.
- Prepared the permission roles so you can use these while creating the definitions in a single pass (otherwise, you would have to go back and apply them after development).
- Learned about functional roles, which is a great way to bind specific users to permissions, and even works across Applications and Libraries.
- You learned about the Data Management Console, an out-of-the-box Application that provides nice way of importing Foundation data.
- You used the built-in Foundation data editors to assign functional roles to person records (in this case, employees).
Comments
The link for the Tutorial+Foundation+Sample+Data.zip seems to be broken :-(
Had the same issue. When you change the product version (see On the page at the top, left side) from version 19.08 to 19.05 it should be working! :) Maybe the link to the file hasn't been updated.
Best wishes
Hi,
Since it is a .zip file, you cannot preview it, you must download the file. Also, as mentioned in the topic, you must use the 7-Zip utility to extract the contents of the ZIP file, you cannot extract the content by using the Windows Zip utility or Mac archive utility.
Yes, but you cannot download the file when version 19.08 is set. You will get an error.
Hi Tim,
Let me investigate and get back to you on this.
Thanks,
Aaditi
Hi Tim and Jan,
We have fixed the issue. Could you please retry downloading the file again and let us know if it works.
Thanks,
Aaditi
The updated version of the Tutorial Foundation Sample Data.zip file is attached to the topic.
When I right click on Tutorial Foundation Sample Data.zip and then select "save link as" it tries to download this: pdfs-videos-and-api-documentation-851871455.html.
Prachi said that the file is "attached to the topic" but I don't understand what she is referring to.
Hello Clark,
To download the zip file, please click on the link. You will be redirected to the PDFs and videos topic from where you can download this zip file.
Please make sure you have logged in to docs.bmc.com to download the file.
Hope this helps.
Thanks,
Prachi
Thanks Prachi! The zip file section is now there and I was able to download the zip file. :-)
Also I wanted to mention that I was able to extract the files just fine using the built-in Windows 10 zip utility.
You can probably remove the following section from this page:
"You must use the 7-Zip utility to extract the contents of the ZIP file, and view the install package components. The contents of the install ZIP file cannot be extracted by using the Windows Zip utility or Mac archive utility"
Hello Clark Bohs
Thank you for sharing your observation. Let me confirm with the R&D team about this note.
Aaditi
Hello Clark Bohs,
I removed the note about using the 7-Zip utility.
Aaditi
Hi, Person data load sheet does not contain the user's Login ID so when you try to set them the functional role you can't until a LoginID is manually set. I think it would worth to correct the data sheet provided :) Thanks in advance
Hello Cesar Garcia plaza
Thank you for sharing these observations. Let me check with the R&D team and reply to your queries.
Aaditi
Is that person data load sheet updated with Login ID?
Hello, Cesar Garcia plazaand Padma Jadav
We will need some more time to update the spreadsheet with the Login IDs. We will let you know after we upload the new spreadsheets.
Thanks,
Aaditi
Hello,
Thank you for your feedback on the product. You can enter a request for this product enhancement. To contact Customer Support with your feedback, click here.
Thanks,
Prachi
Could be great to update this steps for new versions, as foundation now is common between ITSM and IS
Hello,
Thank you for your feedback.
This topic is specifically for the 20.08 version. The Foundation data is converged starting from version 21.02.
We will work on creating similar content for the common Foundation.
Any feedback on the Documentation update???
Hello,
Currently, we do not have any updates on this.
We will keep you posted on any updates.
Log in or register to comment.