This documentation supports the 9.1 version of Remedy IT Service Management Suite.

To view the latest version, select the version from the Product version menu.

Hierarchical groups: Using a parent group for permission inheritance

In a hierarchical group structure, all permissions assigned to a child group are passed on to its parent group. This structure allows you to easily organize larger groups in hierarchical order. If a group must have access to data belonging to different groups, assigning a parent group can simplify permission management.

The hierarchical group concept implemented in BMC Remedy ITSM is based on the BMC Remedy AR System hierarchical groups. For more information on hierarchical groups, see Using a parent group for permissions inheritance.

Using the hierarchical groups, you can extend the ticket access. For example, you can extend the ticket access to the entire IT Staff group and restrict the access to non-IT staff.


The following graphic depicts the hierarchical group structure within the support groups of Calbro Services:

In a hierarchical structure, the following members have access to ticket data:

  • Child groups can access their own tickets.
  • Parent groups can access their own tickets and tickets of their respective child groups.
  • All permissions assigned to a child group are passed on to its parent group.

This topic explains the following:

Need for hierarchical groups

BMC Remedy ITSM uses the hierarchical group structure:

  • Across companies — In a multi-tenant BMC Remedy ITSM environment (which includes multiple companies), some users might require access to ticket data of multiple companies. Assigning users access to the required companies allows them to view ticket data for all those companies. For example, if your organization opened new branches or if there is any other change in your organization, you will have to modify the user's access for each company, which might result in performance issues or maintenance challenges.

    Hierarchical groups allow you to structure the companies hierarchically and assign the users to the required groups to provide them relevant ticket data access. 


    Calbro Services  has several offices located across the globe. Multiple companies may be associated with each location. Rather than assigning users to all the companies associated with the location, you can create a group for each location and assign the users to that location group. Using the hierarchical group feature, you can configure the location group as a parent to all the companies associated with a location. Even when the companies associated with a location keep changing, you do not have to update the users' access as the users are part of the parent group and can access the the tickets of all child groups.

  • Within a company — In BMC Remedy ITSM, ticket data access is managed at support group level. There might be a need to extend this ticket data access to the support groups across your company. You can extend the ticket data access by creating a parent group and then defining the required support groups as children. 


    Calbro Services has a parent support group Calbro IT Data Access Support. Members belonging to this group can access the tickets of all its child groups. To restrict certain ticket types (for example, security), you can keep the relevant group separate and not define it as a child group of Calbro IT Data Access Support.

To configure hierarchical groups, select Application Administration Console > Foundation > Advanced Options > Hierarchical Group Configuration and update the required information on the Hierarchical Group Configuration form. Using this form, you can add/remove a parent group for a company or a support group.


A user with Contact Administrator permission can configure hierarchical groups across companies or support groups.

Working with hierarchical groups

If a group must have access to data belonging to different groups, you can assign a parent group to simplify permission management. 

Defining a parent group

To create parent-child hierarchy and maintain ticket data access efficiently between various support groups or companies, you must configure the required support group or company as a parent of support groups or companies. 


In this example, let us configure the hierarchy between the support groups of a company. You need the Service Desk Support group of Calbro Services to inherit the permissions of Backoffice Support group of Calbro Services. To define Service Desk Support group as the parent group for Backoffice Support group:

  1. On the Application Administration Console > Foundation > Advanced Options > Hierarchical Group Configuration form, Select Parent Group For field, select the Support Group option as you wish to define a support group as a parent for another support group. This displays a list of all the support groups existing in the application. 
  2. Select the Backoffice Support check box for which a parent group is to be configured.
  3. In the Select Parent Group Type field, select Support Group option as the parent to be defined is also a support group.
  4. In the Parent Group Name field, click  to display a list of support groups.
  5. Select Service Desk Support group. 
  6. Click Save. The Parent Group Name column displays the updated parent group for Backoffice Support group.

Unlinking a parent group

Due to organizational restructuring or other reasons specific to your organization, you might have to remove the parent-child relationship between support groups or companies. When you remove the parent group of a company or support group, the parent group is no longer associated with the child group and hence cannot access the data of the child group. 

Use the following procedure to remove the parent-child relationship between companies or support groups:

  1. On the Hierarchical Group Configuration form, Select Parent Group For field, select the Company or Support Group option to display a list of companies or support groups.
  2. Select the required company or support group from the list.
  3. In the Parent Group Name field, select the Set as Blank check box to remove the parent group.
  4. Click Save to save the changes. The Parent Group Name column displays blank for the selected company or support group.

Correct or delete invalid parent groups

If duplicate and invalid entries with the same parent group, support group, or permission group ID exist in the CTM:SYS-Access Permission Grps or Group form, you may encounter an error when upgrading BMC Remedy IT Service Management to a higher version, and the upgrade may fail due to the invalid and duplicate entries. To prevent the upgrade failure, BMC recommends you to:

  • Run the BMC Remedy Configuration Check utility before upgrade which verifies whether any duplicate and invalid entries exist in the CTM:SYS-Access Permission Grps or Group form. 
  • If duplicate and invalid entries exist in the CTM:SYS-Access Permission Grps or Group form, correct or delete them. For details see, BMC Remedy ITSM checks.

Related topics

Hierarchical groups in BMC Remedy AR System

BMC Remedy ITSM data access model 

Row level security


Was this page helpful? Yes No Submitting... Thank you


  1. Colin Rolls

    when you define a parent group or unlink a parent group does it update all existing transactional data? from my testing it seems like it does, what if there are many tickets, wouldn't this cause a performance hit? it seems like it takes about 5 minutes even if there is only one ticket for changes to apply so it might be worth putting need to wait for the update to complete. Also the last modified date/user don't get updated so how is the update done?

    Feb 16, 2016 10:28
    1. Keith Odom

      Yes. All tickets are updated. The update is handled by the AR Server and is an asynchronous process. If there are a lot of tickets then it will take some time but will eventually complete. The server intentionally does not update the last mod / user fields. 

      Feb 16, 2016 11:56
      1. Parul Mittal

        Hi Keith,


        As per my understanding, Performance issues related to Hierarchical Groups functionality in SP1 are addressed in 9.1 SP2.

        Do you know if we've hot-fix available instead of upgrading to SP2

        Jan 30, 2017 12:24
  2. Yann Baumgartner

    Please modify docs to indicate where to find the "Hierarchical Group Configuration" form.

    Application Administration Console -> Foundation -> Advanced Options

    Nov 22, 2016 10:55
    1. Sirisha Dabiru

      Hi Yann Baumgartner,

      I have addressed your comment. The example provided under Defining a parent group section mentions the path to the HG form.




      Dec 13, 2016 08:27
      1. Yann Baumgartner

        Hello Sirisha Dabiru,

        Can you also correct the "Unlinking a parent group" section. Steped procedure should never imply knowledge of another section unless clearly stated. Also describing the functional path only in an example is not best practices.

        Dec 13, 2016 08:36