×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 21.05 version of BMC Helix ITSM. To view an earlier version, select the version from the Product version menu.
BMC Helix ITSM 21.05 ... Administering Access control for ticket data

Access control with implicit groups: Row-level security

BMC Helix ITSM applications use row-level security (RLS), an AR System feature, to control access to the BMC Helix ITSM ticket data. For a detailed description of the AR System RLS feature, see  Controlling access by using implicit groups: Row-level security Open link

RLS feature enables you to categorize tickets into different typesBMC Helix ITSM ticket data access is granted to individuals (for example, submitter, on behalf of, and assignee) and support groups associated with a ticket. This restricts ticket data access to only those users who require it. 

You can extend the ticket access by using the hierarchical groups. For example, you can extend the ticket access to the entire IT staff group and restrict the access to non-IT staff in a company. For details on hierarchical groups, see Inheriting permissions by using hierarchical groups.

Related topics

Access control for ticket data

Inheriting permissions by using hierarchical groups

Setting up the Tenancy mode

Controlling access by using implicit groups: Row-level security Open link



Row-level access: Permissions defined on Request ID

Every form defined in AR System contains a set of core fields. The Request ID core field has a unique field ID of 1. The AR System uses the permissions defined on the Request ID (Field ID 1) field to determine who should have access to a ticket. The following permissions are defined on most BMC Helix ITSM forms. Individuals or groups defined under these permissions can access a ticket.

Request ID permissionDetails
Assignee (field 4)An individual who is assigned a ticket.
Submitter (field 2)An individual who submitted a ticket.
Assignee Group (field 112)

Individuals and groups to whom the ticket is assigned.

Assignee Group Parent (field 60989)

The parent group of the Assignee Group.

For details, see Inheriting permissions by using hierarchical groups.

Unrestricted access (role)Individuals with this role.
Vendor Assignee Group (field 60900)

A group or individual defined in this field has access to a ticket.

This field is left blank for all BMC Helix ITSM applications and is meant for customer use. Customers can write their own workflow to populate this field for any additional data access requirement.

Vendor Assignee Group Parent (field 60901)

Parent group of the Vendor Assignee Group.

For details, see Inheriting permissions by using hierarchical groups.

Example

Allen creates an Incident Management ticket with the following details:

  • CustomerAllen
  • Direct ContactIan
  • Assigned GroupBackoffice Support (Parent of Backoffice Support is IT Data Access)
  • Owner GroupService Desk (Parent of Service Desk is IT Data Access)

Who can access the ticket?

  • Allen (Customer)
  • Ian (Contact)
  • Members of Backoffice Support, Service Desk, and IT Data Access (Assigned support group, Owner support group, parent of Assigned and Owner support groups)

RLS can further be rolled up by using the hierarchical groups. Therefore, in this example, the IT Data Access group can access the ticket, since it is a parent of Backoffice Support and Service Desk.


Assignee Group (field ID 112) values for various BMC Helix ITSM applications

Individuals and groups mentioned in field 112 have access to the ticket data. The following table lists the individuals and groups included in field 112 for various BMC Helix ITSM applications.

BMC Helix ITSM applications

Form nameIndividuals and groups included in field 112

Service Desk: Incident Management

HPD:Help Desk

  • Customer Login ID
  • Contact Login ID  
  • Assigned Support Group ID  
  • Owner Support Group ID

Service Desk: Problem Management

PBM:Problem Investigation

  • Assigned Support Group ID
  • Problem Coordinator Support Group ID
PBM:Known Error
  • Company ID
PBM:Solution Database
  • Company ID

Change Management

CHG:Infrastructure Change

  • Requested For Login ID
  • Requested By Login ID  
  • Coordinator Support Group ID 
  • Manager Support Group ID 
  • Implementer Support Group ID

Release Management

RMS:Release
  • Assigned Support Group ID

Asset Management


AST:PurchaseRequisition
  • Company ID
CTR:ContractBase
  • Company ID
CTR:ContractBase
  • Company ID
AST:CI Unavailability
  • Company ID

Important: For individual configuration item (CI) records, the tenancy is set by the value in the Company field of the CI record, and by the Used by relationship of Company entries associated with the CI. For more details, see Setting up the Tenancy mode.

Task Management

TMS:Task
  • Field 112 values from a parent ticket (for example, an Service Desk: Incident Management or Change Management ticket) and the Assigned Support Group ID.

Service Request Management

WOI:WorkOrder
  • Customer Login ID
  • Contact Login ID  
  • Manager Support Group ID  
  • Assignee Support Group ID
SRM:Request
  • Requested For Login ID  
  • Requested By Login ID  
  • Assigned Support Group ID
Was this page helpful? Yes No Submitting... Thank you
Last modified by Surabhee Kulkarni on May 04, 2023
row_level_security rls row-level_access request_id_permissions field_1 field_112 field_60989 unrestricted_access field_60900 field_60901 roll_up_ticket_access hierarchical_group assignee_group

Comments

Log in or register to comment.

Access control for ticket data
Inheriting permissions by using hierarchical groups
© Copyright 1991 - 2021 BMC Software, Inc. © Copyright 1991 - 2021 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.