This documentation supports the 23.3 version of BMC Helix ITSM, which is available only to BMC Helix customers (SaaS).

To view an earlier version, select the version from the Product version menu.

Roles and permissions

User roles and permissions let you control how people access and interact with BMC Helix ITSM

The access to BMC Helix ITSM , its capabilities and data is controlled by the BMC Helix ITSM application permissions. For example, an ITSM user with Change Management application permissions has access to the change graphs in the BMC Helix ITSM Dashboard as well as other BMC Helix ITSM change management related capabilities and data. Some permissions are mandatory to enable user access to BMC Helix ITSM, while other optional permissions extend the capabilities of a user. The specific permissions that are needed depend on the job the person associated with the login ID needs to do. Permissions can also be combined, so that one person can perform multiple jobs, if necessary.

If you are setting up BMC Helix ITSM installation, the People records might already have the necessary permissions to work with BMC Helix ITSM. However, BMC recommends that you use the information in this topic to ensure that any existing People records have the correct permissions to access the BMC Helix ITSM capabilities and data, according to the person's role in the organization.

Application administrator

In BMC Helix ITSM, application administrator is an individual responsible for the management of the BMC Helix ITSM applications. However, application administrator is not a user role. Instead, a sample administrator user is provided with the capabilities that include customizing forms, setting access rights for users, and creating configurations.

User permissions

You can assign user permissions from the People form. There are different aspects to the user permissions, which together make up the permission model:

  • Permission groups, which control access to basic applications, modules, and subcomponent functions.
  • Support groups, which control access to the data.
  • Functional roles, which provide extended access to applications, modules, and subcomponent functions.

AR System permission groups

The AR System Administrator permission is used in the BMC Helix ITSM applications. This permission grants administrator access to BMC Helix ITSM applications through Developer Studio. Administrator responsibilities include installing and maintaining the BMC Helix ITSM applications and making changes within BMC Helix ITSM.

This permission is generally reserved for developers who need access to AR System and system administrators who need access to the BMC Helix ITSM system forms. This permission does not grant user access to forms. Additional application and module permissions are required for form access. For information about license types and applicable permissions, see:

  • Activating application licenses Open link
  • License types for user access to objects and features Open link

How licenses relate to permissions

In BMC Helix ITSM, the permission groups control what areas of the application a user can access. Each permission group can access only certain areas of the application. A user can belong to more than one permission group. Typically, you assign permissions groups to the users in your IT organization based on their roles and responsibilities. The combinations suggested in the following topics are defined by ITIL as typical and are used by the BMC Service Management Process Model.

Key permission groups

When you assign permissions to someone, it is important to use only the minimum number of permissions that allow that person to perform their job.

Best practice

We recommend you use only one permission group for any given role.

Key user permission groups for each application

The following table illustrates the most commonly used permission groups needed by users to perform their duties. For a detailed description of all of the permission groups that are available for a particular application, click the link in the Application permissions column.

Application permissions

Key permission groups

Asset Management user roles and permissions

  • Asset Admin or Asset User
  • Contract Admin or Viewer
  • Purchasing User
  • Receiving User

Change Management user roles and permissions

Infrastructure Change Master, User or Viewer

Release Management user roles and permissions

Release Master, User or Viewer

Incident management user roles and permissions

Incident Master, User, or Viewer

Problem management user roles and permissions

Problem Master, User or Viewer

Service Request Management user roles and permissions

  • Business Manager
  • Service Request User
  • Work Order Master

Knowledge Management user roles and permissions

Knowledge Admin, User or Viewer

Task Management permissions

Task User (This is only required in certain permission combinations.

Subcomponent permission groups

Subcomponents contain features or functionality that are shared among some, or all of the applications. For example, the Task Management subcomponent provides task management functions for BMC Helix ITSM: Change Management and for BMC Helix ITSM: Service Desk.


Financial permissions

  • Cost Manager
  • Cost User
  • Cost Viewer

Return on Investment permissions

  • ROI Admin
  • ROI Viewer

Work info permissions

  • <Application> Master
  • <Application>User
  • <Application> Submitter
  • <Application> Viewer

BMC Helix ITSM user and group synchronization to BMC Helix Portal

For users to use their existing credentials to authenticate BMC Helix Portal, the BMC SaaS Operations team needs to perform some configurations to sync the BMC Helix ITSM users in BMC Helix Portal. For more information, see  User identities in BMC Helix Portal Open link and contact BMC Customer Support.

Administration and process owner permissions

The remaining permissions control access to the application configuration functions and are typically assigned to either an Application Administrator or to an Application Process Owner. These permissions are described in the following table.

Application permissions

Application Administrator/Process Owner permissions

Asset Management user roles and permissions

  • Asset Config
  • Contract Config

Change Management user roles and permissions

  • Change Config

Release Management user roles and permissions

  • Release Config

Incident management user roles and permissions

  • Incident Config

Problem management user roles and permissions

  • Problem Config

Service Request Management user roles and permissions

  • Business Analyst
  • Entitlement Administrator
  • Request Catalog Manager
  • SRM Administrator
  • Work Order Config

Requester console

  • Requester Console Config
  • Requester Console Master
  • Summary Definition Config

Knowledge Management user roles and permissions

  • Knowledge Config


  • Cost Manager

Foundation module permission groups Open link

  • Approval Admin
  • ASE-Administrator
  • Command Event Master
  • Config Categorization Admin
  • Config Categorization User
  • Config Group Mapping Admin
  • Contact Location Admin
  • Contact Organization Admin
  • Contact Support Admin
  • Contact People Admin
  • Contact People HR Admin
  • Contact People User
  • DSL Master
  • Licensing
  • Notification Admin
  • Security

Return on Investment

  • ROI Admin

Task Management

  • Task Administrator
  • Task Application Config
  • Task Process Config

Setting up the cognitive service

  • Cognitive Service Config
Was this page helpful? Yes No Submitting... Thank you