Creating and mapping roles
Roles are permissions similar to groups, except that they belong to a particular application, instead of a particular server. Roles are used exclusively in deployable applications.
Roles are defined for each deployable application and then mapped to explicit groups on the server. You can map a deployable application's roles to different groups on different servers, depending on how the groups are defined on each server. This allows you to develop and test the application on one server and deploy it to a number of other servers without having to redefine permissions on each server. You can also map roles to different groups for each development state, such as Test or Production. You can then switch between states using BMC Remedy Developer Studio or workflow.
Because roles are mapped to groups, the groups you define on the server and the users that belong to them are the foundation of access control.
Use the Roles form in a browser to create roles to which you grant or deny access to objects in deployable applications. In deployable applications, you assign permissions using implicit groups (including dynamic groups) and roles. You then map roles to explicit groups on the server. For more information about deployable applications, see Defining and managing an application. This section provides the steps to create roles and map them to explicit groups. Although there is no limit to the number of roles that you can create, for maintenance purposes you might want to limit the number.
Note
You must log on as an Administrator to work with the Roles form.
You can map roles to regular or computed groups for the Test and Production application development states. You can also create custom states and map roles for those states. To enable a particular mapping, change the application's state. For more information, see Working with deployable application states.
Use the following procedures to create, modify, or delete BMC Remedy AR System roles:
The following table lists the key fields in the Roles form.
Key fields in the Roles form
Field | Description |
---|---|
Application Name | Name of the deployable application for which the role is defined. You can define the same role for multiple applications, but you must create a separate Roles form entry for each. |
Role Name | Name by which the role is known. Within each application, every role name should be unique. You can reuse the same role name-role ID pairs across a suite of applications. |
Role ID | Integer ID that is the recognized identity of the role. The ID must be a negative number, such as -10001. Role IDs must be unique for each application name. You can reuse the same role name-role ID pairs across a suite of applications. |
Test | Enter or select one group name for the regular or computed group to which you want to map this role for the Test application state. To enable this mapping, set the application's State property to Test. For more information, see Working with deployable application states. |
Production | Enter or select one group name for the regular or computed group to which you want to map this role for the Production application state. To enable this mapping, set the application's State property to Production. For more information, see Working with deployable application states. |
To create and map roles
- In a browser, open the Roles form in New mode for the server that contains the deployable application for which you are creating roles.
- Enter information in the Application Name, Role Name, and Role ID fields, as described in the previous table.
If you save the role now, you can begin assigning permissions for this role to objects within the application. A role is listed only for object in the deployable application to which the role belongs. - Enter a regular or computed group ID in each Mapped Group field to define access permissions for each application state.
Save your changes.
Note
- BMC Remedy AR System does not maintain the list of Application names. The BMC Remedy AR System Administrator should keep a note of all the Application names.
- Newly created roles appear in Permissions dialogs after the server recaches (about 5 seconds, depending on your system).
To modify roles and role mappings
- In a browser, open the Roles form in Search mode for the server that contains the deployable application for which you are creating roles.
- Search the form to retrieve a list of currently defined roles for a particular application.
- Select the appropriate roles and modify information in the appropriate fields.
- Save your changes.
To delete roles
- In a browser, open the Roles form in Search mode for the server that contains the deployable application for which you are creating roles.
- Search the form to retrieve a list of currently defined roles for a particular application.
- Select the appropriate role.
- Choose Actions > Delete.
A confirmation box appears to verify that you want to delete the role entry. - Click OK.
Comments
Log in or register to comment.