User access is controlled by user roles (for groups with similar responsibilities) and user accounts (for individual users). Access is configured at two levels:
- System—for general access to the application
- Container—for specific access to data containers, their records (items), fields, and workflow processes
System Administrators manage users for the entire system at both levels. Container-level Administrators can manage users in containers for which they have user management permissions.
Several system user roles are provided, and you can create others as needed to support your business processes. In addition, a basic set of user roles is generated for each container when it is created. All user roles can be configured to provide customized access. For more information about built-in roles, see Built-in user roles.
Three types of roles are supported in BMC FootPrints Service Core: Agent, Customer, and Guest. Agent and Customer roles can be assigned permissions at both system and container levels. Guest roles are assigned system-level permissions only.
When creating roles for your users, you can select Agent or Customer system role types, configure the default permissions as needed, assign the roles to containers (such as address books and workspaces), and further configure permissions in those containers. For more information about the available user permissions, see User management.
You can copy user roles and modify the copies to provide the appropriate permissions for each type of user in your environment. In fact, copying the provided roles is the easiest way to create a group of user roles with similar permissions. You only need to copy one of the built-in roles to create a new role that already has the basic permissions needed for that type of user.
Assign permissions carefully
Use caution when customizing permissions. You may accidentally allow actions that a particular user role should not be allowed to perform.
For example, if an Agent user role is allowed to access the Users administration page, that user role can add, edit, and delete user accounts without restriction.
Download the attached Configuring users checklist and complete the tasks listed in it.