This topic describes the access permissions available to BMC Helix ITSM service subscribers for supported administration levels in their environments.
The following list describes the administration levels that the BMC Helix ITSM solution supports:
Customers can have different access levels based on the environments they are working in. Customers will have multiple environments, namely, production, quality assurance, development, and, in some cases, additional environments. Typically, access to the production and QA environments is tightly controlled to ensure the integrity of the service. Customers have more latitude in the development environments to facilitate staging changes to their services.
This section describes the administration access policy for customers, while considering administration levels and customer environments. The following topics are addressed:
For the purpose of the following discussion, an additional environment is treated the same as a development environment.
Customers have full access to configure applications by using the provided application user interfaces in any environment. For example, a customer can choose to create a user or an incident template without being granted any special permissions. In some cases, a customer might choose to implement a data configuration in the development environment and leverage the change control process to promote across environments instead of editing directly in the production environment. For example, a complex Service Request Definition (SRD) could be created and tested in development to ensure complete and thorough implementation in a nonproduction environment.
Customers are not provided with access to platform administration functions in any environment other than development. As an alternative, review the Direct access alternatives section below.
Customers are not provided with access to system administration functions in any environment.
This section describes common use cases that may require local access to systems. BMC has standardized on cloud-hosted solutions that no longer permit direct or local access. BMC is providing guidance on how to accomplish the use case without direct system-level access.
|Use Case||Use case summary||Access alternative|
|File transfer||Used for copying files to/from customer environment application or integration servers hosted by BMC. All files sent to or made available from BMC cloud services must go through the File transfer process. This service utilizes Secure FTP for secure file transfers, and is setup to push/pull content between the SFTP server and the customer’s AR systems.|
Submit a request through the i.onbmc.com support portal using the Request Something Else option.
Establish criteria for what content you need transferred.
Determine if 15 minute interval is acceptable.
Ensure your end-user client is capable of communicating via Secure FTP (SFTP).
|Service restarts in non-production environments|
This request is used for restarting an AR of Mid Tier service to implement a configuration change to the application environment.
If your systems have been migrated to the new BMC Helix platform that uses containerization, this option is not available or necessary.
BMC can provide you with access to an orchestration job to restart your AR or Mid Tier service in your non-production environments upon request. Once implemented, use the Restart my AR or MT offering from the i.onbmc.com support portal.
To request access to this offering, submit a request to BMC SaaS Operations.
Alternatively, you may submit a request using the Request a Change offering in the i.onbmc.com support portal to have BMC SaaS Operations execute a service restart as needed.
Enable or disable the email engine in the development environment
|This request is often made for updating settings to the email engine. No restart is required for this use case, and no access to the local system is required.|
For development environments, you have administrator permissions. To update email settings, have your administrator navigate to AR System Administration > AR System Administration Console > System > Email > Email Server Configuration. Make the appropriate changes as needed. Changes are applied and saved immediately.
See instructions via a video at Centralized Configuration for Email Engine.
|View log files in the development environment||This use case covers the viewing of log files in near real-time, through the application user interface and for turning logging on/off.||For development environments, you have administrator permissions. To perform this function, review knowledge article KBA00004655 from the i.onbmc.com support portal.|
|Mid Tier Cache refresh in the development environment||This option is for clearing objects that have changed on the server after the last cache clear event.||You may submit a request using the Request a Change offering in the i.onbmc.com support portal to have BMC SaaS Operations execute a Mid Tier cache flush as needed.|
On a case-by-case basic, BMC may grant temporary administrator access to one of your users in a QA or production environment. Access is usually granted only for onboarding project work. To request temporary access, submit a request using the Request Something Else offering from the i.onbmc.com support portal. You must provide the following information in your request:
In order to prevent inadvertent changes made to your QA or production environment, BMC reserves the right to deny such access request. Some changes can have a significant impact on system performance and stability and as a general rule of thumb, this level of access is not required or granted. In the event temporary administrator access is approved, it will be granted for no more than 72 hours.
Users may not use temporary admin access to assign the Administrator permission. The Administrator permission is not allowed in any environment other than development. Users should make all customizations in the development environment, and then promote them forward using the BMC Helix Change Management process or the Deployment Application utility.
The access policy is defined to ensure that BMC can deliver the best service possible. The production environment has the greatest impact on the customer’s consumers: users and end users. This policy will help BMC and consumers of the service to experience the following: