This documentation supports the 23.3 version of BMC Helix ITSM.

To view an earlier version, select the version from the Product version menu.

Asset Management user roles and permissions

To access Asset Management, you need one of the following permissions:

  • Asset adminA user with Asset admin permission can create and modify an asset and perform all Asset Inventory functions. A user with this permission can also copy an existing asset and create a new asset.
  • Asset userA user with Asset user permission, who is part of a support group that has Created by, Managed by, or Supported by roles to an asset, can modify the asset and perform all the Asset Inventory functions, except creating an asset-to-asset relationship. Users with Asset user permission who are not part of these support groups can only view the asset information.
  • Asset viewerA user with the Asset viewer permission can only view the asset information. 
Related topics

Mapping roles to permission groups Open link

(BMC Helix ITSM documentation)

Roles and permissions Open link

(BMC Helix ITSM documentation)
Providing users with permissions to access the CMDB Portal by using groups and roles Open link


Providing users with permissions to access the CMDB Portal by using groups and roles Open link

Relating people, organizations, and groups to CIs

The following table describes the scope of the asset permissions:

TaskAsset adminAsset user (is part of the support group that has a Supported by role to an asset)Asset viewer
Create asset 

(tick)

(Create asset by copying an existing asset)

(tick)

(Create an asset)

(error)
Copy asset(tick)

(tick)

(With asset creator functional role)

(error)
View asset(tick)(tick)(tick)

Modify asset

(tick)(tick)(error)
Add related Items(tick)(tick)(error)
Delete related Items(tick)(tick)(error)
View related Items(tick)(tick)(tick)
Add related assets(tick)(error)(error)
Delete related assets(tick)(error)(error)
View related assets(tick)(tick)(tick)
View contracts(tick)(tick)(tick)
Add outages(tick)(tick)(error)
Delete outages(tick)(tick)(error)
View outages(tick)(tick)(tick)
Add people relationships(tick)(tick)(error)
Delete people relationships(tick)(tick)(error)
View people relationships(tick)(tick)(tick)
Add financial details(tick)(tick)(error)
Edit financial details(tick)(tick)(error)
View financial details(tick)(tick)(error)

Instructions for classic interfaces

To access the various modules in Mid Tier, you need the following permissions and authorizations:

  • Asset Management permissions
  • Contract Management permission model
  • Cost module permission model

Asset Management permissions

This table describes the Asset Management permissions for the following user roles.

Important

  • Add licenses only for the features and number of users that correspond to your license entitlements. Your subscription or purchase determine your license entitlements.
  • If you select the Application user license type as None, you get only Asset Inventory permissions. For information about these permissions, see Asset Inventory permissions Open link

Permissions

Description

Application user license type

Best practice

Asset Admin

Users with Asset Admin permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions:

  • Create, modify, and administer contracts
  • Create and modify license certificates from the Software Asset Management (SAM) console
  • Create and modify CIs
  • Create, modify, view and delete CI Unavailability records (also referred to as Outage records)
  • Manage configurations
  • Manage schedules
  • Manage costs
  • Perform bulk update functions
  • Configure costing and charge back periods from the Application Administration console

Important: This permission does not grant access to purchasing or receiving functions. A person with Asset Admin permissions does not need Asset User and Asset Viewer permissions.

Users with Asset Admin permissions have full access to contracts and Software License Management (SWLM) features, which means they do not need any other Contract permissions unless they must create new Contract Types (this ability comes with Contract Admin permissions) or configure certain aspects of SWLM (this ability is given with Contract Config permissions).

  • Fixed
  • Floating
  • None
We recommend that you grant these permissions only to users performing a Configuration Administrator role.

Asset User

Users with Asset User permissions can perform the following Asset Management functions:

  • Modify contracts
  • Create, modify, and delete the following items within a CI record to which the user has access.

    Important

    They cannot perform these functions from the Asset Management console:

    • Contracts
    • Configurations
    • Costs
    • Outages
    • Returns
    • Schedules

    Important

    To modify the CI, the user with Asset User permission must be a member of the Supported by role that is associated with the CI. Asset Admin permission is required to access inventory management and bulk update features. The Asset User permission does not have access to the following functions:

    • Inventory management
    • Bulk update
    • Purchasing
    • Receiving
    • Creating CI to CI relationship

A user with Asset User permissions does not automatically get the equivalent permissions as the Contract User permissions group. If a user requires the ability to either modify license certificates or manage License jobs as part of SWLM, they must also be given Contract User permissions.

  • Fixed
  • Floating
  • None

We recommend that you grant these permissions to users who are directly supporting specific CIs and who must update CI attributes. Users with the Asset User permission can also update relationships for the following Request types:

  • Incident
  • Infrastructure Change
  • Known Error
  • Problem Investigation
  • Release
  • Solution Database

Asset Viewer

Users with Asset Viewer permissions have access to all of the Asset Inventory functions as well as the following Asset Management functions:

  • Read access to contracts
  • Read access to the following items within a CI record:
    • Contracts
    • Configurations
    • Outages
    • Schedules

Important

The Asset Viewer permission does not grant access to:

  • Inventory management
  • Bulk update
  • Cost management
  • Purchasing
  • Receiving functions
  • Software Asset Management console

Asset Viewer permissions are granted automatically when any of the following permissions are assigned:

  • Incident User
  • Incident Master
  • Problem User
  • Problem Master
  • Infrastructure Change User
  • Infrastructure Change Master
  • Infrastructure Change Config
  • Release Config
  • Release Master
  • Release User
  • Task Manager
  • Task User
  • Purchasing User
  • Contract Admin
  • Contract User
  • Contract Viewer
  • Request Catalog Manager
  • None
We recommend that you grant the Asset Viewer permission to all Support personnel (that is, users who do not already have the Asset Admin or Asset User permissions). Having access to CI information is vital for most ITIL processes.

Asset Config

Users with Asset Config permission have access to all of the Asset Inventory functions as well as the following Asset Management functions:

  • Configuring CI depreciation criteria
  • Configuring CI notifications
  • Configuring CI Unavailability status
  • Configuring License Types
  • Configure Inbox preferences for SWLM
  • Configuring License Engine for SWLM
  • Configuring Asset Management rules
  • Configuring CI Unavailability priority
  • Setting up server information for AR System License Type for Software License Management

Important

Users with Asset Config permissions do not need Contract Config permissions.

  • Fixed
  • Floating
  • None
We recommend that you grant these permissions only to users who administer the Asset Inventory and Asset Management system (that is, to a user who acts as an Application Administrator).

Purchasing User

Users with Purchasing User permissions can access the following functions within BMC Helix ITSM: Asset Management:

  • Create and modify purchase requisitions that are assigned to the user's support group (including line items).
  • Create and modify purchase orders.
    This permission grants access to only the purchasing functions (excludes receiving) and does not provide any access to areas where an Asset or Contract type permission is required.
  • Fixed
  • Floating

We recommend that you limit the use of these permissions to users who perform the following roles in the Asset Management Purchasing feature:

  • Configuration Administrator—These users might submit purchase requests issued through the Change Management process.
  • Purchasing Agent

Receiving User

Users with Receiving User permissions can access the Receiving console to receive CIs from the Purchasing system.

  • None
We recommend that you grant these permissions only to users who use the Asset Management Purchasing feature, such as Purchasing Agents.

Contract Admin

Users with Contract Admin permissions can perform the following functions:

  • Create and modify all contracts from the Contract console
  • Create and modify license certificates from SAM console
  • Configure new Contract Types from the Application Administration console
  • Manage license jobs from the SAM console

Important

A user with Asset Admin permissions can do everything that a user with Contract Admin permissions can with the exception of creating new Contract Types.

  • Fixed
  • Floating
We recommend that you grant these permissions to users who need full access to the Contract Management features, but who don't need the full Asset Management access given by the Asset Admin permissions group.

Contract User

Users with Contract User permissions can perform the following functions:

  • Modify public contracts from the Contract console
  • Modify internal contracts from the Contract console (if the user belongs to the Support Group that manages the contract)
  • Create and modify license certificates for contracts users have access to from the SAM console
  • Manage license jobs from SAM console
  • Fixed
  • Floating
We recommend that you grant these permissions to users who need controlled access to create and modify contracts, but who do not require access to modify CI information. If a user also needs to modify CI information, also give that user Asset User permissions.

Contract Viewer

Users with Contract Viewer permission can view all contracts from the Contract console.

Important: This permission does not grant access to the SAM console. The Asset Viewer permission grants the same type of access to contracts and CI information as the Contract Viewer permission. Users with Asset Viewer permissions do not also need Contract Viewer permissions.

  • None
We recommend that you grant these permissions to users who require view access to contracts.

Contract Config

Typically, an application administrator requires this set of permissions. Users with Contract Config permission can perform the following functions:

  • Configure License Types.
  • Configure Inbox preferences for SWLM
  • Configure the License Engine for SWLM
  • Configure Asset Management rules
  • Set up server information for the AR System License Type for SWLM

Important: This permission does not grant access to the SAM console. If a user has Asset Config permission they do not need Contract Config permissions because the Asset Config permissions group can configure the same SWLM features that the Contract Config permissions can configure.

  • Fixed
  • Floating
We recommend that you grant these permissions to users who must only configure Software License Management (SWLM) features.

Contract Management permission model

Contract Management permission groups are defined as computed groups in the Group form. Each Contract Management permission group is mapped to an Asset permission group to support the deployable application functionality. To remove specific users from the computed group, remove the BMC Helix ITSM: Asset Management groups for each Contract permission group.

Cost module permission model

The cost module uses the following permissions:

  • Cost Viewer — Can only view cost data
  • Cost User — Can add costs
  • Cost Manager — Can update and manage the charge-back process

Asset Management roles 

The following table describes the several roles and their permissions that a user in Mid Tier can be associated with :

RolePermissionDescription
Asset CreatorAsset UserAsset user with an asset creator functional role can create an asset.
Asset administrator
  • Asset Admin
  • Contract User
  • Purchasing User
  • Receiving User
  • Incident Viewer
  • Problem Viewer
  • Release Viewer
  • Infrastructure Change Viewer
  • Knowledge Viewer
  • (Optional) Contact Organization Admin
    • This permission is needed only when the user must create support groups that manage CIs. Otherwise, the user must have the functional role of Support Group Admin.
  • (Optional) Contact Categorization Admin
    • This permission is needed only if the user must create and update the product categorization data structures for the CI data.
The asset administrator requires an overall view of the CIs for which their support groups are responsible.  Some organizations refer to this role as asset manager or configuration administrator. 
Contract manager Contract AdminThe contract manager is responsible for managing IT contracts. In some organizations, the contract manager also takes on the role of software asset manager.
Financial manager Cost Manager permission

The finance manager uses BMC Helix ITSM: Asset Management to review cost information and prepares periodic charge-back and cost-recovery reports.

Purchasing agentPurchasing User (needed only if you use the Purchasing module)
  • Receiving User (needed only if you use the Purchasing module)
  • Incident Viewer
  • Problem Viewer
  • Infrastructure Change Viewer
  • Release Viewer
  • Contract Viewer
  • Asset Viewer
  • Knowledge Viewer
The purchasing agent is in charge of the purchases in an organization.
Software asset managerAsset AdminThe software asset manager is responsible for optimizing software assets and for managing compliance with software license contracts. The software asset manager also evaluates the usage of software licenses to make sure that the organization is not over purchasing licenses.
Approver
  • Asset Viewer
  • Incident Viewer
  • Infrastructure Change Viewer
  • Problem Viewer
An approver can be any person in your organization.

Was this page helpful? Yes No Submitting... Thank you

Comments