Assigning roles and permissions

BMC Helix Multi-Cloud Broker provides out-of-the-box functional roles that administrators can assign to their users. A functional role is a collection of multiple application roles and enables users to access different applications and perform various actions. As an administrator, you assign the functional roles and associated permissions only to users who need to configure and manage BMC Helix Multi-Cloud Broker; for example configuring the system, creating and managing data, setting up integrations.

The following image illustrates an example of a functional role:

The following table lists the out-of-the-box functional roles:

Task 1: To create a people record

For a new user, you need to create a people record in Mid Tier that contains the user details; for example, contact information, support staff, access credentials.

You can create a people record by using a template or without using a template. For more information, see any of the following topics:

• Adding People by using a template
• Adding people without using templates
  
  

After you complete the steps, you can view the details of the user you created in the User form in Mid Tier.

To view the user details

The following image shows the steps to navigate to the User form in Mid Tier:

After you search for the user, Mid Tier displays the user details as shown in the following image:

Task 2: To assign an out-of-the-box functional role to a user

After you create the user, assign one of the out-of-the-box functional roles to the user.

To do this, perform the following steps:

1. Log in to Mid Tier.

2. Select Applications > Administrator Console > Application Administration Console:

   

3. Click the Custom Configuration tab.

4. In Application Settings, select Foundation > People > People and click Open.

   

5. In the People form, click New Search.

6. By using any of the fields displayed, search for the person to whom you want to assign the functional role and click Search.
   For example, search for a person by using the First Name field as shown in the following image:
   

7. Select Login/Access Details > IS Personas.

   

8. In the Login ID field, enter the ID for the selected person record.

9. Click Update Personas. 

10. In the IS Personas form, enter the following details:

    Field	Action
    Application Name	From the list, select com.bmc.dsm.ticket-brokering-lib.
    IS Persona	From the list, select any of the following roles: Multi-Cloud Service Admin Multi-Cloud Service Owner

11. Click Add/Modify .

12. Click  Close and then click  Save.

Task 3: To assign an application permission

If the user you have created is responsible to set up and manage integrations, assign an application permission relevant to that integration to the user. For example, if the user needs to set up an integration between BMC Helix ITSM incident and Jira issue, the user needs incident-specific permission to create incidents in BMC Helix ITSM.

To assign the permission, perform the following steps:

1. After you have assigned a functional role in the previous procedure, in the People form, click the Application Permission tab.

2. Click Update Permission Groups.

   

3. In the Permission Group dialog box, from the Permission Group list, select a group based on the type of integration user needs to set up.
   
   After you select a permission group, the text box below the License Type field provides a description of the permission group. For example, if you select Incident Master, the text box provides a description as shown in the following image:
   

4. If required, select the License Type as Fixed.

5. Click Add/Modify.

6. Click Close and then click Save.

Task 4: To provide access to a bundle

After you assign an application permission to the user, provide user the access to different bundles that BMC Helix Multi-Cloud Broker depends on. This access enables users to perform various activities related to those bundles; for example, receiving notifications, adding attachments to BMC Helix ITSM tickets.

To provide the bundle access, perform the following steps:

1. After you have assigned an application permission in the previous procedure, in the People form, click the IS Bundle Access tab. 
2. Click Update IS Bundle Access.
   
3. In the IS Bundle Access pane, from the Bundle Access list, select the following bundles one by one and then click Add/Modify:
   • com.bmc.dsm.attachment-service-lib
   • com.bmc.dsm.flowsets-lib
   • com.bmc.dsm.mcsm
   • com.bmc.dsm.notification-lib
   • com.bmc.dsm.risk-management-service-lib
   • com.bmc.dsm.search-lib
   • com.bmc.dsm.shared-components-lib
   • com.bmc.dsm.shared-services-lib
   • com.bmc.dsm.slm-lib
   • com.bmc.dsm.social-lib
   • com.bmc.dsm.ticket-brokering-lib
   • com.bmc.dsm.ticketing-lib
     
4. Click Close and then click Save.

To view out-of-the-box roles and permissions

You can view the out-of-the-box roles and permissions that BMC Helix Multi-Cloud Broker provides in BMC Helix Innovation Studio.

To do this, perform the following steps:

1. Log in to BMC Helix Innovation Studio.
2. Click the Administration tab.

3. Select Server settings > Application permissions and click Functional roles or Role permissions.

   Option clicked	Type of information displayed
   Functional role	Details about the functional role and a list of associated roles.
   Role permissions	Permission details for the role.

Licensing

Licensing BMC Helix Multi-Cloud Broker enables organizations to:

• Control access to their application

• Protect their intellectual property

• Reduce management costs, and adhere to their compliance policies

When BMC provisions BMC Helix Multi-Cloud Broker for a customer, BMC SaaS Operations licenses the BMC Helix Multi-Cloud Broker application.