Page tree
Skip to end of metadata
Go to start of metadata

This topic describes the access permissions available to BMC Helix ITSM service subscribers for supported administration levels in their environments.

Summary of administration levels

The following list describes the administration levels that the BMC Helix ITSM solution supports:

  • Application Data Administration — Provided through the application user interfaces, an administrator can assign user permissions to users who perform application data administration. An example of application data administration is setting up support groups or extending BMC Atrium CMDB to add a new CI class.
  • Platform Administration — Typically implemented through user interfaces or implemented through mechanisms such as configuration files, platform configurations are used to tune and manage the overall service. Examples of platform level configuration are configuring list and fast threads in the Remedy AR System platform, and modifying the ar.cfg file.
  • System Administration — This involves management of the supporting software, hardware, and infrastructure that provides the service. Examples of system administration are tuning the operating system, changing hardware parameters, and allocating indexing on databases.

Customer environments and administration access

Customers can have different access levels based on the environments they are working in. Customers will have multiple environments, namely, production, quality assurance, development, and, in some cases, additional environments. Typically, access to the production and QA environments is tightly controlled to ensure the integrity of the service. Customers have more latitude in the development environments to facilitate staging changes to their services.

Administration access policy for customers

This section describes the administration access policy for customers, while considering administration levels and customer environments. The following topics are addressed:

  • Application data administration
  • Platform administration
  • System administration

For the purpose of the following discussion, an additional environment is treated the same as a development environment.

Application data administration

Customers have full access to configure applications by using the provided application user interfaces in any environment. For example, a customer can choose to create a user or an incident template without being granted any special permissions. In some cases, a customer might choose to implement a data configuration in the development environment and leverage the change control process to promote across environments instead of editing directly in the production environment. For example, a complex Service Request Definition (SRD) could be created and tested in development to ensure complete and thorough implementation in a nonproduction environment.

Platform administration

Customers are not provided with access to platform administration functions in any environment other than development. As an alternative, review the Direct access alternatives section below.

System administration

Customers are not provided with access to system administration functions in any environment.

Direct access alternatives

This section describes common use cases that may require local access to systems. BMC has standardized on cloud-hosted solutions that no longer permit direct or local access. BMC is providing guidance on how to accomplish the use case without direct system-level access.

Use CaseUse case summaryAccess alternative
File transferUsed for copying files to/from customer environment application or integration servers hosted by BMC.  All files sent to or made available from BMC cloud services must go through the File transfer process.  This service utilizes Secure FTP for secure file transfers, and is setup to push/pull content between the SFTP server and the customer’s AR systems.

Submit a request through the i.onbmc.com support portal using the Request Something Else option.

Establish criteria for what content you need transferred.

Determine if 15 minute interval is acceptable.

Ensure your end-user client is capable of communicating via Secure FTP (SFTP).

Service restarts in non-production environments

This request is used for restarting an AR of Mid Tier service to implement a configuration change to the application environment.

If your systems have been migrated to the new BMC Helix platform that uses containerization, this option is not available or necessary.


BMC can provide you with access to an orchestration job to restart your AR or Mid Tier service in your non-production environments upon request. Once implemented, use the Restart my AR or MT offering from the i.onbmc.com support portal.

To request access to this offering, submit a request to BMC SaaS Operations.

Alternatively, you may submit a request using the Request a Change offering in the i.onbmc.com support portal to have BMC SaaS Operations execute a service restart as needed.

Enable or disable the email engine in the development environment

This request is often made for updating settings to the email engine. No restart is required for this use case, and no access to the local system is required.

For development environments, you have administrator permissions. To update email settings, have your administrator navigate to AR System Administration > AR System Administration Console > System > Email > Email Server Configuration. Make the appropriate changes as needed. Changes are applied and saved immediately.

See instructions via a video at Centralized Configuration for Email Engine.

View log files in the development environmentThis use case covers the viewing of log files in near real-time, through the application user interface and for turning logging on/off.For development environments, you have administrator permissions. To perform this function, review knowledge article KBA00004655 from the i.onbmc.com support portal.
Mid Tier Cache refresh in the development environmentThis option is for clearing objects that have changed on the server after the last cache clear event.You may submit a request using the Request a Change offering in the i.onbmc.com support portal to have BMC SaaS Operations execute a Mid Tier cache flush as needed.

Temporary administrator access

On a case-by-case basic, BMC may grant temporary administrator access to one of your users in a QA or production environment. Access is usually granted only for onboarding project work. To request temporary access, submit a request using the Request Something Else offering from the i.onbmc.com support portal. You must provide the following information in your request:

  1. Login ID of who needs the access
  2. Use case for needing administrator permissions
  3. Environment in which administrator access is needed
  4. Time period where administrator access is needed

In order to prevent inadvertent changes made to your QA or production environment, BMC reserves the right to deny such access request. Some changes can have a significant impact on system performance and stability and as a general rule of thumb, this level of access is not required or granted. In the event temporary administrator access is approved, it will be granted for no more than 72 hours.

Reminder:

Users may not use temporary admin access to assign the Administrator permission. The Administrator permission is not allowed in any environment other than development. Users should make all customizations in the development environment, and then promote them forward using the BMC Helix Change Management process or the Deployment Application utility.

BMC quality of service commitment 

The access policy is defined to ensure that BMC can deliver the best service possible. The production environment has the greatest impact on the customer’s consumers: users and end users. This policy will help BMC and consumers of the service to experience the following:

  • Higher quality of service (QoS)
    BMC is responsible for the delivery of the service per our contractual commitments. As such, customers are prevented from modifying the system in any way that could cause instability and unreliability.
  • Greater consistency
    A common approach to the access policy for customers helps to simplify and optimize operations, leading to proactive and detailed customer communication.
  • Standardization
    Following common industry practices, BMC ensures that changes are introduced to the production services by using a well-defined and controlled request for change process that progresses through various stages (environments) to ensure quality of service.

3 Comments

  1.  

    1.  

  2.