This documentation supports the 9.1 version of Remedy IT Service Management Suite.

To view the latest version, select the version from the Product version menu.

Data access model in BMC Remedy ITSM 9.1.02

BMC Remedy ITSM applications use transactional (ticket) data and configuration data. The data access model provides information on who can access each data type, how ticket data access can be restricted or extended based on a company’s needs, and the settings to be updated to apply ticket data access restrictions.

Data access model features

BMC Remedy ITSM 9.1.02 provides a rich set of features that protect your data from unauthorized access. Keeping information secure can be a major undertaking in client or server environments and is at times a balancing act for administrators. You want to rigorously control who can access data, yet you do not want security to be so complex that it intrudes on your user community or is difficult for you to implement or maintain. BMC Remedy ITSM enables you to meet these seemingly opposing security goals and enables you to control which users can access data. 

  • Support group centric ticket data access—Ticket data access is managed based on the individuals (for example, submitter, on behalf of, and assignee) and support groups associated with a ticket. This aspect of the data access model restricts ticket access to only those users who are directly connected to a ticket or to a support group associated with a ticket.

    To enable support centric data access,  on the Application Administration Console > Custom Configuration > Foundation> Advanced Options> System Configuration Settings - System Settings > System Settings form, set the Application Permission Model field value to Support Group.

Note

The default value of the Application Permission Model field is set to Support Group in the following scenarios:

  • If you have not used BMC Remedy ITSM before and have installed 9.1.02
  • If you are upgrading from BMC Remedy ITSM version 9.1.00 or 9.1.01 to 9.1.02

            Field 112 displays Support Group ID.

 System Settings form

 

  • Support group and company centric ticket data access—Ticket data access is managed based on the individuals (for example, submitter, on behalf of, and assignee), support groups, and companies associated with a ticket. This aspect of the data access model extends ticket access to company level along with the users who are directly connected to a ticket or to a support group associated with a ticket. 

    To provide data access based on support group and company level, on the Application Administration Console > Custom Configuration > Foundation> Advanced Options> System Configuration Settings - System Settings > System Settings form, set the Application Permission Model to Support Group and Company. Field 112 displays Support Group ID and Company ID.

    Note

    If you are upgrading from BMC Remedy ITSM version 9.0.00 or earlier to 9.1.02, the default value of the Applications Permission Model field is set to Support Group and Company. This security model provides backward compatibility with the company-based security model that was used in version 9.0.00 and earlier.

  • Hierarchical groups—This feature is based on the hierarchical group feature in BMC Remedy AR System and allows you to create groups that are parents of other groups. A parent group can access its own ticket data and the ticket data of its child groups. You can extend the ticket data access to higher groups using hierarchical groups. For more information, see Hierarchical groups

Data access permissions

BMC Remedy ITSM applications use the following types of data. Permissions to access each data type differ.

Data type
Required access permissions
Configuration DataAccess to this data is set at company level, which means the data is accessible to everyone in a company.
Transactional (Ticket) data

Each ticket is treated as a row in BMC Remedy ITSM. Access to this data can be of the following types:

  • Unrestricted: Users with the BMC Remedy ITSM Unrestricted Access role have access to all ticket data.
  • Row-level: Ticket data is accessible to the following users based on option selected for Applications Permissions Model field on the System Settings form:
Option selected in the Application Permissions Model fieldUsers who have access to ticket data
Support Group
  • User who submits a ticket
  • User who is assigned a ticket
  • Owner group who owns the ticket
  • Members of support groups and their parent groups associated with the ticket
Support Group and Company
  • User who submits a ticket
  • User who is assigned a ticket
  • Owner group who owns the ticket
  • Members of support groups and their parent groups associated with the ticket
  • All the members of a location and customer company referenced on a ticket
  • All the members of a parent group of a location and customer companies referenced on a ticket

For more information about ticket data access and parent groups, see Row-level security in 9.1.03 and Hierarchical groups: Using a parent group for permission inheritance.

Post upgrade changes

After upgrading from an earlier version to BMC Remedy ITSM version 9.1.02, you may check the following details:

  • Backward compatibility:
    • If you upgrade to 9.1.02 from 9.0.00 or an older version, on the System Settings form, the default value of Applications Permissions Model field is set to Support Group and Company. This setting provides ticket data access to all members of a company.
    • If you upgrade to 9.1.02 from 9.1.00 or 9.1.01, on the System Settings form, the default value of Applications Permissions Model is set to Support Group. To provide ticket data access to all members of a company, on the System Settings form, set the value of Applications Permissions Model field to Support Group and Company.
  • Data access of the existing tickets: The data access of the existing tickets does not change after the upgrade.
  • Data access of tickets, which are created after the upgrade: Tickets, which are created after the upgrade, are accessible either at the support group level or at the support group and company level, based on the Application Permissions Model field value set on the System Settings form.
Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Yann Baumgartner

    The documentation should indicate clearly how to get to the "System Settings form". Alos it seems a screenshot is missing on this page

    Feb 13, 2017 06:52
    1. Sirisha Dabiru

      Hi  Yann Baumgartner,

      I added the navigation and screenshot for System Settings form.


      Regards,

      Sirisha

      Feb 15, 2017 02:10
  2. Sabine Gruber

    hi, what happens to the existing tickets when you just change the Access Permission Model from "Support Group and Company" to "Support Group" (no upgrade scenario). Will the Group-ID of the Customer Company be removed? thanks - sabine

    Mar 20, 2019 10:43
    1. Jyoti Nerkar

      Hi Sabine.

      I will discuss this with an SME and get back to you.


      Regards,

      Jyoti

      Mar 27, 2019 12:04
      1. Jyoti Nerkar

        Hello Sabine,


        After you change permission, the old records remain the same. Only new records will be affected.


        Regards,

        Jyoti

        Apr 15, 2019 11:43