This documentation supports the 9.1 version of Remedy IT Service Management Suite.

To view the latest version, select the version from the Product version menu.

Row-level security in 9.1.03

The applications in BMC Remedy ITSM Suite 9.1.02 use row-level security (RLS), a BMC Remedy Action Request System (BMC Remedy AR System) feature to control access to BMC Remedy ITSM ticket data. For a detailed description of the BMC Remedy AR System RLS feature, see Controlling access by using implicit groups: Row-level security.     

The RLS feature in BMC Remedy ITSM enables you to categorize tickets into different types. Based on the Application Permission Model specified on the System Settings form, BMC Remedy ITSM ticket data access is granted to individuals (for example, submitter, on behalf of, and assignee), support groups, and companies associated with a ticket. This feature restricts ticket data access to only those users who are associated with the ticket. 

You can use hierarchical groups to control ticket access. For example, you can extend ticket access to the entire IT Staff group and restrict the access to non-IT staff in a company. For details about hierarchical groups, see Hierarchical groups: Using a parent group for permission inheritance.

This topic includes the following sections:

Row-level access: Permissions defined on Request ID

Every form defined in BMC Remedy AR System contains a set of core fields, which are available on every regular form. The Request ID core field has a unique field ID of 1. The BMC Remedy AR System uses the permissions defined on the Request ID (Field ID 1) field to determine who should have access to a ticket. The following permissions are defined on most BMC Remedy ITSM forms. Individual or groups defined under these permissions can access a ticket.

Request ID permission
Details
Assignee (field 4)Individual who is assigned a ticket.
Submitter (field 2)Individual who submitted a ticket.
Assignee Group (field 112)

The values displayed in this field depend on the Application Permission Model field value specified on the System Settings form.

  • Support Group—Individuals and groups to whom the ticket is assigned.
  • Support group and Company Individuals, groups to whom the ticket is assigned, and all the members of a company referenced on the ticket.

For a detailed description of data contained in this field, see BMC Remedy ITSM application usage of Assignee Group (field 112) field.

Assignee Group Parent (field 60989)Parent group of the Assignee Group. For details, see Hierarchical groups: Using a parent group for permission inheritance.
Unrestricted access (role)Individuals with this role.
Vendor Assignee Group (field 60900)

A group or individual defined in this field has access to a ticket. This field is left blank for all BMC Remedy ITSM applications and is meant for customer use. Customers can write their own workflow to populate this field for any additional data access requirement.

Vendor Assignee Group Parent (field 60901)Parent group of the Vendor Assignee Group. For details, see Hierarchical groups: Using a parent group for permission inheritance.

 Assignee Group (field ID 112) values for BMC Remedy ITSM applications

Individuals and groups mentioned in field 112 have access to ticket data. The following table lists the individuals and groups included in field 112 for different BMC Remedy ITSM applications.

BMC Remedy ITSM applicationForm nameField 112 options if Application Permission Model is set to Support GroupField 112 options if Application Permission Model is set to Support Group and Company
Incident Management

HPD:Help Desk

  • Customer Login ID
  • Contact Login ID  
  • Assigned Support Group ID  
  • Owner Support Group ID
  • Vendor Support Group ID
  • Customer Login ID
  • Direct Contact Login ID  
  • Assigned Support Group ID  
  • Owner Support Group ID
  • Owner Support Company Group ID
  • Assigned Support Company Group ID
  • Contact Company Group ID
  • Location Company Group ID
  • Vendor Company Group ID
Problem Management

PBM:Problem Investigation

  • Assigned Support Group ID
  • Problem Coordinator Support Group ID
  • Assigned Support Group ID
  • Problem Coordinator Support Group ID
  • Assigned Support Company Group ID
  • Support Company Problem Manager Group ID
  • Vendor Company Group ID

PBM:Known Error

PBM:LoadKnown Error

  • Company ID

Company ID

PBM:Solution Database

PBM:LoadSolution Database

  •  Company ID

 Company ID

Change Management

CHG:Infrastructure Change

CHG:LoadInfrastructureChange



  • Requested For Login ID
  • Requested By Login ID  
  • Coordinator Support Group ID  
  • Manager Support Group ID 
  • Implementer Support Group ID
  • Vendor Support Group ID
  • Requested For Login ID
  • Requested By Login ID
  • Coordinator Support Group ID
  • Manager Support Group ID
  • Implementer Support Group ID
  • Vendor Group ID
  • Customer Company Group ID
  • Assignee Support Company (ASCPY) Group ID
  • Manager Support Company(Company3) Group ID
  • Implementer Support Company(ChgImpCpy) Group ID
  • Location Company Group ID
  • Vendor Company Group ID
Release Management

RMS:Release

RMS:LoadRelease

  • Assigned Support Group ID
  • Assigned Support Group ID
  • Manager Support Company(Company3) Group ID
  • Location Company Group ID
Asset Management


AST:PurchaseRequisition
  • Company ID
  • Company ID

CTR:ContractBase

  • Company ID
  • Company ID
CTR:LoadContractBase
  • Company ID
  • Company ID
AST:CI Unavailability
  • Company ID
  • Company ID

Note: For individual configuration item (CI) records, the tenancy is set by the value in the Company field on the CI, and by the Used by relationship of Company entries associated with the CI. For more details, see Working with Configuration Items.

Task Management

TMS:Task

TMS:LoadTask

Field 112 of the task's parent record and Assigned Support Group ID
  • Parent 112 and Assigned Support Group ID
  • Location Company Group ID
  • Assigned Support Company Group ID
Service Request ManagementWOI:WorkOrder
  • Customer Login ID
  • Contact Login ID
  • Manager Support Group ID
  •  Assignee Support Group ID
  • Customer Login ID
  • Contact Login ID
  • Manager Support Group ID
  • Assignee Support Group ID
  • Customer Company Group ID
  • Assignee Support Company (ASCPY) Group ID
  • Manager Support Company(Company3) Group ID
  • Location Company Group ID
SRM:Request
  • Requested For Login ID  
  • Requested By Login ID  
  • Assigned Support Group ID
  • Requested For Login ID  
  • Requested By Login ID  
  • Assigned Support Group ID
  • Customer Company Group ID

    Location Company Group ID

  • Manager Support Company(Company3) Group ID

    • Assignee Support Company (ASCPY) Group ID

Note: Starting from 9.1.02, access to service requests of BMC Service Request Management remains at company level irrespective of the value selected in the Applications Permission Model field as the assignment of a service request is optional. All the members within a company can access all service requests. For more details, see System settings.

Related topics

Data access model in BMC Remedy ITSM 9.1.02PUBLISHED

Hierarchical groups: Using a parent group for permission inheritance

Controlling access by using implicit groups: Row-level security

Multi-tenancy

Working with Configuration Items

System settings

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Sabine Gruber

    hi, please specify the access to SRM:Request with Model set to "Support Group", I have the impression there is a contradiction: In the table it says "Assigned Support Group ID", "Requested For Login ID", "Requested By Login ID", but then below it states "Starting from 9.1.02, access to service requests of BMC Service Request Management remains at company level irrespective of the value selected in the Applications Permission Model " thanks, sabine

    Mar 20, 2019 10:26
    1. Jyoti Nerkar

      Hello Sabine,


      Thanks for your comment.

      The note "Starting from 9.1.02...", is to highlight that the accessing service requests data is allowed at company level regardless of the setting in Application Permission Model. This is because the assignee field for service requests is not mandatory. This behavior change has been implemented from 9.1.02 version.


      Hope this clarifies.


      Regards,

      Jyoti

      Mar 26, 2019 11:56
  2. Sabine Gruber

    Hi Jyoti, thanks for the explanation. However, I wonder why in the 19.02 documentation (https://docs.bmc.com/docs/itsm1902/row-level-security-841098559.html) is stated: "Assignee Group (field ID 112) values for various BMC Remedy ITSM applications" -> SRM:Request -> Requested For Login ID + Requested By Login ID + Assigned Support Group ID. Thanks again for checking - sabine

    Apr 03, 2019 03:41
    1. Jyoti Nerkar

      Hi Sabine,

      I am working with the SME on this. I will keep you posted with the updates.

      Regards,

      Jyoti

      Apr 10, 2019 12:54
      1. Jyoti Nerkar

        Hi Sabine,


        For SRM:Request, Assigned Support Group can be populated only from CFG:Assignment (if configured). If Assigned Support Group has no value, Company ID will be populated to field 112.


        Hope this answers your query. 


        Regards,

        Jyoti

        Apr 15, 2019 11:37
        1. Jyoti Nerkar

          In case you need further assistance on this. please reach out to the Customer Support Team.

          Regards,

          Jyoti

          Apr 15, 2019 11:38