Asset Management user roles and permissions

To access the various modules in BMC Helix ITSM: Asset Management, you need the following permissions and authorizations:

Asset Management permissions
Contract Management permission model
Cost module permission model

Asset Management permissions

This table describes the Asset Management permissions for the following user roles.

Important

If you select the Application user license type as None, you get only Asset Inventory permissions. For information about these permissions, see Asset Inventory permissions Open link .

Permissions	Description	Application user license type
Asset Admin	Users with Asset Admin permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions: Create, modify, and administer contracts Create and modify license certificates from the Service Activation Management console Create and modify CIs Create and modify CI Unavailability records (also referred to as Outage records) Manage configurations Manage schedules Manage costs Perform bulk update functions Configure costing and charge back periods from the Application Administration console Note: This permission does not grant access to purchasing or receiving functions. A person with Asset Admin permissions does not need Asset User and Asset Viewer permissions. Best practice: We recommend that you grant these permissions only to users playing a Configuration Administrator role. Users with Asset Admin permissions have full access to contracts and SWLM features, which means they do not need any other Contract permissions unless they must create new Contract Types (this ability is given with Contract Admin permissions) or configure certain aspects of SWLM (this ability is given with Contract Config permissions).	Fixed Floating None
Asset User	Users with Asset User permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions: Modify contracts Create, modify, and delete the following items within a CI record to which the user has access (but they cannot perform these functions from the Asset Management console): Contracts Configurations Costs Outages Returns Schedules Note: To modify the CI, the user with asset user permission must be a member of the support group that is associated with the CI by the Supported by role. Asset Admin permission is required to access inventory management and bulk update features. The Asset User permission does not grant access to the following functions: Inventory management Bulk update Purchasing Receiving Creating CI to CI relationship A user with Asset User permissions does not automatically get the equivalent permissions to the Contract User permissions group. If a user requires the ability to either modify license certificates or manage License jobs as part of SWLM, then they must also be given Contract User permissions. Best practice: We recommend that you grant these permissions to users who are directly supporting specific CIs and who must update CI attributes. Users with the Asset user permission can also update relationships for the following Request Type: Incident Infrastructure Change Known Error Problem Investigation Release Solution Database	Fixed Floating None
Asset Viewer	Users with Asset Viewer permissions have access to all of the Asset Inventory functions as well as the following Asset Management functions: Read access to contracts Read access to the following items within a CI record: Contracts Configurations Outages Schedules Note: The Asset Viewer permission does not grant access to: Inventory management Bulk update Cost management Purchasing Receiving functions Software Asset Management console Asset Viewer permissions are automatically granted when any of the following permissions are assigned: Incident User Incident Master Problem User Problem Master Infrastructure Change User Infrastructure Change Master Infrastructure Change Config Release Config Release Master Release User Task Manager Task User Purchasing User Contract Admin Contract User Contract Viewer Request Catalog Manager Best practice: We recommend that you grant the Asset Viewer permission to all Support personnel (that is, users who do not already have the Asset Admin or Asset User permissions). Having access to CI information is vital for most ITIL processes.	None
Asset Config	Users with Asset Config permission have access to all of the Asset Inventory functions as well as the following Asset Management functions: Configuring CI depreciation criteria Configuring CI notifications Configuring CI Unavailability status Configuring License Types Configure Inbox preferences for SWLM Configuring License Engine for SWLM Configuring Asset Management rules Configuring CI Unavailability priority Setting up server information for AR System License Type for Software License Management Note: Users with Asset Config permissions do not need Contract Config permissions. Best practice: We recommend that you grant these permissions only to users who administer the Asset Inventory and Asset Management system (that is, to a user who acts as an Application Administrator).	Fixed Floating None
Purchasing User	Users with Purchasing User permissions can access the following functions within BMC Helix ITSM: Asset Management: Create and modify purchase requisitions that are assigned to the user's support group (this includes line items). Create and modify purchase orders. This permission grants access to only the purchasing functions (excludes receiving) and does not provide any access to areas where an 'Asset' or 'Contract' type permission is required. Best practice: We recommend that you limit the use of these permissions to users who perform the following roles in the Asset Management Purchasing feature: Configuration Administrator—These users might submit purchase requests issued through the Change Management process. Purchasing Agent	Fixed Floating
Receiving User	Users with Receiving User permissions can access the Receiving console to receive CIs from the Purchasing system. Best practice: We recommend that you grant these permissions only to users who use the Asset Management Purchasing feature. For example Purchasing Agents.	None
Contract Admin	Users with Contract Admin permissions can perform the following functions: Create and modify all contracts from the Contract console Create and modify license certificates from the SAM console Configure new Contract Types from the Application Administration console Manage license jobs from the SAM console Note: A user with Asset Admin permissions can do everything that a user with Contract Admin permissions can with the exception of creating new Contract Types. Best practice: We recommend that you grant these permissions to users who need full access to the Contract Management features, but who don't need the full Asset Management access given by the Asset Admin permissions group.	Fixed Floating
Contract User	Users with Contract User permissions can perform the following functions: Modify public contracts from the Contract console Modify internal contracts from the Contract console (if the user belongs to the Support Group that manages the contract) Create and modify license certificates for contracts they have access to from the SAM console Manage license jobs from SAM console Best practice: We recommend that you grant these permissions to users who need controlled access to create and modify contracts, but who do not require access to modify CI information. If a user is also needs to modify CI information, you should also give that user Asset User permissions.	Fixed Floating
Contract Viewer	Users with Contract Viewer permission can view all contracts from the Contract console. Note: This permission does not grant access to the SAM console. The Asset Viewer permission grants the same type of access to contracts and CI information as the Contract Viewer permission. Users with Asset Viewer permissions do not also need Contract Viewer permissions. Best practice: We recommend that you grant these permissions to users who require view access to contracts.	None
Contract Config	Typically, an Application Administrator requires this set of permissions. Users with Contract Config permission can perform the following functions: Configure License Types. Configure Inbox preferences for SWLM Configure the License Engine for SWLM Configure Asset Management rules Set up server information for the AR System License Type for SWLM Note: This permission does not grant access to the SAM console. If a user has Asset Config permission they do not need Contract Config permissions because, the Asset Config permissions group can configure the same SWLM features that the Contract Config permissions can configure. Best practice: We recommend that you grant these permissions to users who must only configure Software License Management (SWLM) features.	Fixed Floating

Contract Management permission model

Contract Management permission groups are defined as computed groups in the Group form. Each Contract permission group is mapped to an Asset permission group to support the deployable application functionality. To remove specific users from the computed group, remove the BMC Helix ITSM: Asset Management groups for each Contract permission group.

Cost module permission model

The cost module uses the following permissions:

Cost Viewer — Can only view cost data
Cost User — Can add costs
Cost Manager — Can update and manage the charge-back process

Asset Management roles

The following table describes the several roles and their permissions that a user in BMC Helix ITSM: Asset Management can be associated with :

Role	Permission	Description
Asset administrator	Asset Admin Contract User Purchasing User Receiving User Incident Viewer Problem Viewer Release Viewer Infrastructure Change Viewer Knowledge Viewer (Optional) Contact Organization Admin This permission is needed only when the user must create support groups that manage CIs. Otherwise, you must grant them the functional role of Support Group Admin. (Optional) Contact Categorization Admin This permission is needed only if the user must create and update the product categorization data structures for the CI data.	The asset administrator requires an overall view of the CIs for which their support groups are responsible. Some organizations call this role as asset manager or configuration administrator.
Contract manager	Contract Admin	The contract manager is responsible for managing IT contracts. In some organizations, the contract manager also takes on the role of software asset manager.
Financial manager	Cost Manager permission.	The finance manager uses BMC Helix ITSM: Asset Management to review cost information and prepares periodic charge-back and cost-recovery reports.
Purchasing agent	Purchasing User (needed only if you use the Purchasing module) Receiving User (needed only if you use the Purchasing module) Incident Viewer Problem Viewer Infrastructure Change Viewer Release Viewer Contract Viewer Asset Viewer Knowledge Viewer	The purchase agent is in charge of the purchases in an organization.
Software asset manager	Asset Admin	The software asset manager is responsible for optimizing software assets and for managing compliance with software license contracts. The software asset manager also evaluates the usage of software licenses to make sure that the organization is not over purchasing the licenses.
Approver	Asset Viewer Incident Viewer Infrastructure Change Viewer Problem Viewer	An approver can be any person in your organization.

Asset Management user roles and permissions

Asset Management permissions

Contract Management permission model

Cost module permission model

Asset Management roles

Comments