This documentation supports the 22.1 version of BMC Helix Digital Workplace Basic and BMC Helix Digital Workplace Advanced. Icons distinguish capabilities available only for the Advanced and External license levels. For more information, see License types and features.

Catalog roles and permissions

Catalog roles are roles that enable users to perform specific actions in the service catalog. As an administrator, you assign appropriate roles to the people to populate and manage the service catalog. These people can then create and publish services to the catalog, create and manage virtual marketplaces, grant users access to the marketplaces, and so on. 

Licenses

Although licensing is not a component of access control, licensing can affect a user's ability to perform an operation that you grant the user permission to perform. 

The following license types are used in BMC Helix Digital Workplace Catalog:

License typeDescription
ReadEnables users to create, search for, and display requests within their assigned permissions. This license is for end users who can only request services from the catalog in BMC Helix Digital Workplace. In Mid Tier, the Read license type is shown as Restricted Read.
FixedIncludes all capabilities of a Read license, and also enables users to perform administrative tasks. It is an extended license for users who manage services in BMC Helix Digital Workplace Catalog. A Fixed license is associated with a user name and is always "reserved" for that user.
FloatingIncludes all capabilities of a Read license, and also enables users to perform other tasks. It is designed for users who occasionally need to modify and save requests. Multiple users can use the same Floating licenses, one user at a time: they are available on a first-come, first-served basis.
BundledConsists of a group of licenses, for a bundle of products. Bundled licenses can contain both Fixed and Floating licenses. 

Catalog roles

Out-of-the-box, BMC Helix Digital Workplace Catalog provides catalog roles that are required to perform catalog-related tasks, such as creating and managing the service catalog, entitling services to users, and so on. These roles have a one-to-one correspondence with a set of IS Personas Open link in Mid Tier. When users are created in Mid Tier, they can be assigned an IS persona that corresponds to a catalog role. However, we recommend that you assign roles from the Catalog console.

The following graphic illustrates the relationship between users, roles, and permissions and capabilities:

Relationship between permissions and capabilities, roles, and users


The following table shows the out-of-the-box catalog application roles and the IS personas: 
Role nameRole permissionCorresponding IS PersonaLicense1 levelCapability
Catalog administratorCatalog AdminCatalog Admin
  • Fixed
  • Bundled fixed

Catalog administrator maintains all aspects of the service catalog, which includes service templates, service level agreement (SLA) policies, cost adjustments, and fulfillment workflows. The administrator also configures service connectors and performs other system administration functions, such as managing users and assigning sub-catalogs to catalog users.

For more information about this role, see User goals and features.

Asset managerCatalog Asset ManagerCatalog Asset Manager
  • Fixed
  • Bundled fixed

Asset managers set up and manage virtual marketplaces, as a method to entitle services, bundles, and banners to users and groups.

For more information about this role, see User goals and features.

AgentCatalog AgentCatalog Agent
  • Bundled
  • Floating

Service agents investigate the status of service requests and answer queries by users about their service requests. With this role, an agent can see the service requests that are created by other users. Unless they have unrestricted access, they can see the service requests of only the companies directly assigned to them. 

Important: Service agents no longer need Fixed licenses. 

Administrator (for internal suppliers)2


Catalog Internal Supplier Admin

Catalog Internal Supplier Admin
  • Fixed
  • Bundled fixed

The internal supplier administrator maintains an assigned subcatalog. The internal supplier administrator has the same service management capabilities as the catalog administrator, but without the application administration capabilities. Internal service supplier administrators approve services and publish them.

Internal service supplier administrators help to populate the organization's service catalog by:

  • creating new services
  • importing services from external systems
  • designing workflows and questionnaires
  • setting service entitlements for users
  • approving and publishing services to end users

For more information about this role, see  User goals and features.

Internal supplier2


Catalog Internal Supplier

Catalog Internal Supplier
  • Fixed
  • Bundled fixed 

Internal service suppliers help to populate the organization's service subcatalog by:

  • creating new services
  • importing services from external systems
  • designing workflows and questionnaires
  • setting service entitlements for users

For more information about this role, see User goals and features.

Subtenant administrator

Catalog Subtenant Admin

Catalog Subtenant Admin
  • Fixed
  • Bundled fixed

Subtenant administrator is a user that belongs to a customer organization and manages a limited number of administrative functions. They can view the services assigned to their organization, create virtual marketplaces and entitle services to the users in your organization, use reports to view the cost of services provided and the credit balance, review the statuses of service requests, and assign administrator roles to users or remove the role assignment.

Embedded supplierCatalog Embedded SupplierCatalog Embedded Supplier
  • Fixed
  • Bundled fixed

Embedded suppliers are similar to internal supplier administrators, and they help to populate the BMC Helix Business Workflows subcatalog by:

  • creating services specific to BMC Helix Business Workflows
  • designing workflows and questionnaires for the services that they create
  • setting service entitlements for users 

Note: Usually, only a case catalog administrator in BMC Helix Business Workflows is given this role. To learn more, see Case catalog administrator functional role Open link

Allow Mid Tier access to an administratorNot applicableAny administrative roleFixed

System administrators or service catalog administrators need an administrative role that allows them to log in to Mid Tier to create and manage users.

No specified roleNot applicableRead

No specified role is not a defined role. It simply means that a user is not assigned a user role. User accounts that are not given administrative capabilities can be entitled to view and request services.

1 Except an agent role, all catalog roles require a Fixed license or a Bundled license that contains a fixed license. For the 2015 Pricing Model, Bundled licenses are the ones that do not contain the word “concurrent” in their names (Concurrent refers to the Floating license type). Standard users for service requests only need a Read license. 

2 Administrators (for internal suppliers) and Internal suppliers are subcatalog roles.


Catalog roles control access only to the BMC Helix Digital Workplace Catalog. If required, administrators can assign other roles or permissions to IS personas to provide access to other applications. These permissions are in addition to the out-of-the-box permissions and roles.

Important

Unless they have the AR administrator role, catalog administrators and other catalog roles require myit-sb bundle access to edit process definitions. To learn how to provide the myit-sb bundle access to a user, see Adding users.

System notification user

BMC Helix Digital Workplace requires a service level user that runs background tasks such as pushing notifications to end users when catalog requests are being processed. You must create the user account that will perform these actions, and provide the credentials for this user when you enable the enhanced catalog explained in Enabling and configuring the enhanced catalog.. The notifications are sent to the BMC Helix Digital Workplace application. To send notifications by email, you must also complete the configuration described in Configuring the email server.  


Was this page helpful? Yes No Submitting... Thank you

Comments