The BMC Remedy ITSM applications use row-level security (RLS), a BMC Remedy Action Request System feature to control access to BMC Remedy ITSM ticket data. For a detailed description of the BMC Remedy AR System RLS feature, see Controlling access by using implicit groups: Row-level security.
RLS feature of BMC Remedy ITSM enables you to categorize tickets into different types. BMC Remedy ITSM ticket data access is granted to individuals (for example, submitter, on behalf of, and assignee) and support groups associated with a ticket. This restricts ticket data access to only those users who require it.
Using the hierarchical groups, you can extend the ticket access. For example, you can extend the ticket access to the entire IT Staff group and restrict the access to non-IT staff in a company. For details on hierarchical groups, see Hierarchical groups: Using a parent group for permission inheritance.
Row-level access: Permissions defined on Request ID
Every form defined in BMC Remedy AR System contains a set of core fields. The Request ID core field has a unique field ID of 1. The BMC Remedy AR System uses the permissions defined on the Request ID (Field ID 1) field to determine who should have access to a ticket. The following permissions are defined on most BMC Remedy ITSM forms. Individual or groups defined under these permissions can access a ticket.
|Request ID permission||Details|
|Assignee (field 4)||Individual who is assigned a ticket.|
|Submitter (field 2)||Individual who submitted a ticket.|
|Assignee Group (field 112)||
Individuals and groups to whom the ticket is assigned.
For a detailed description of data contained in this field, see BMC Remedy ITSM application usage of Assignee Group (field 112) field.
|Assignee Group Parent (field 60989)||Parent group of the Assignee Group. For details, see Hierarchical groups: Using a parent group for permission inheritance.|
|Unrestricted access (role)||Individuals with this role.|
|Vendor Assignee Group (field 60900)||
A group or individual defined in this field has access to a ticket. This field is left blank for all BMC Remedy ITSM applications and is meant for customer use. Customers can write their own workflow to populate this field for any additional data access requirement.
|Vendor Assignee Group Parent (field 60901)||Parent group of the Vendor Assignee Group. For details, see Hierarchical groups: Using a parent group for permission inheritance.|
Allen creates an Incident Management ticket with the following details:
- Customer: Allen
- Direct Contact: Ian
- Assigned Group: Backoffice Support (Parent of Backoffice Support is IT Data Access)
- Owner Group: Service Desk (Parent of Service Desk is IT Data Access)
Who can access the ticket?
- Allen (Customer)
- Ian (Contact)
- Members of Backoffice Support, Service Desk, and IT Data Access (Assigned support group, Owner support group, parent of Assigned and Owner support groups)
As RLS can further be rolled up using the hierarchical groups, in this example, IT Data Access group being a parent of Backoffice Support and Service Desk can access the ticket.
Assignee Group (field ID 112) values for various BMC Remedy ITSM applications
Individuals and groups mentioned in field 112 have access to ticket data. The table below lists the individuals and groups included in field 112 for various BMC Remedy ITSM applications.
|BMC Remedy ITSM application||Form name||Field 112 includes|
Note: For individual configuration item (CI) records, the tenancy is set by the value in the Company field on the CI, and by the Used by relationship of Company entries associated with the CI. For more details, see Working with Configuration Items.
|Service Request Management||WOI:WorkOrder||
The following topics provide additional information: