Permission groups hierarchy
Permissions groups are used to grant users access to applications, modules, and sub-components in the BMC Remedy ITSM Suite.
There is a hierarchical relationship among the BMC Remedy ITSM suite of application permissions groups. The following table lists the permissions groups from greatest to least access.
The Admin and the Master permissions groups are at the top of the hierarchy. They grant users the highest level of access within a given application component. This permissions group typically includes the ability to create and modify all records within the component. Admin or Master permissions group access supersedes the User permissions group.
Grants users the standard level of access within a given application component. This permissions group typically includes the ability to create and modify records. There are, however, some limitations imposed when modifying records. User permissions group access supersedes the Submitter permissions group.
Grants users permission to create records but not to modify them. Submitter permissions groups access supersedes the Viewer permissions group.
Grants users read access within a given application component.
Config is also a permission group, but it falls outside of the hierarchy described above. Config permissions grant access to configure an application. An example of Config permissions is Incident Config.
Each higher-level permissions group grants all of the access rights of the permissions groups below it in the hierarchy. For example, if you assign someone to the Change Master permissions group, you do not need to assign them to the Change User permissions group. As a member of the Master permissions group, they automatically have User permissions, and so on.
If you do assign a user to more than one permissions group for the same application component, you create a variance in the recommended permission combinations.
When you assign a user to more than one permission group for the same application, the user is granted the permissions associated with the permission group with the greater access. For example, if a user is added to the Master permission group and the Viewer permission group, the user has Master permissions.
In some cases, the functions from one permissions group are automatically granted to another permissions group. For example, if you grant someone Incident User permissions, you do not have to grant them Task User permissions. Incident User permissions automatically inherit the functions of the Task User permissions.