Row-level security in 9.1.03
The applications in BMC Remedy ITSM Suite 9.1.02 use row-level security (RLS), a BMC Remedy Action Request System (BMC Remedy AR System) feature to control access to BMC Remedy ITSM ticket data. For a detailed description of the BMC Remedy AR System RLS feature, see Controlling access by using implicit groups: Row-level security.
The RLS feature in BMC Remedy ITSM enables you to categorize tickets into different types. Based on the Application Permission Model specified on the System Settings form, BMC Remedy ITSM ticket data access is granted to individuals (for example, submitter, on behalf of, and assignee), support groups, and companies associated with a ticket. This feature restricts ticket data access to only those users who are associated with the ticket.
You can use hierarchical groups to control ticket access. For example, you can extend ticket access to the entire IT Staff group and restrict the access to non-IT staff in a company. For details about hierarchical groups, see Hierarchical groups: Using a parent group for permission inheritance.
Row-level access: Permissions defined on Request ID
Every form defined in BMC Remedy AR System contains a set of core fields, which are available on every regular form. The Request ID core field has a unique field ID of 1. The BMC Remedy AR System uses the permissions defined on the Request ID (Field ID 1) field to determine who should have access to a ticket. The following permissions are defined on most BMC Remedy ITSM forms. Individual or groups defined under these permissions can access a ticket.
Request ID permission
|Assignee (field 4)||Individual who is assigned a ticket.|
|Submitter (field 2)||Individual who submitted a ticket.|
|Assignee Group (field 112)|
The values displayed in this field depend on the Application Permission Model field value specified on the System Settings form.
For a detailed description of data contained in this field, see BMC Remedy ITSM application usage of Assignee Group (field 112) field.
|Assignee Group Parent (field 60989)||Parent group of the Assignee Group. For details, see Hierarchical groups: Using a parent group for permission inheritance.|
|Unrestricted access (role)||Individuals with this role.|
|Vendor Assignee Group (field 60900)|
A group or individual defined in this field has access to a ticket. This field is left blank for all BMC Remedy ITSM applications and is meant for customer use. Customers can write their own workflow to populate this field for any additional data access requirement.
|Vendor Assignee Group Parent (field 60901)||Parent group of the Vendor Assignee Group. For details, see Hierarchical groups: Using a parent group for permission inheritance.|
Assignee Group (field ID 112) values for BMC Remedy ITSM applications
Individuals and groups mentioned in field 112 have access to ticket data. The following table lists the individuals and groups included in field 112 for different BMC Remedy ITSM applications.
|BMC Remedy ITSM application||Form name||Field 112 options if Application Permission Model is set to Support Group||Field 112 options if Application Permission Model is set to Support Group and Company|
Note: For individual configuration item (CI) records, the tenancy is set by the value in the Company field on the CI, and by the Used by relationship of Company entries associated with the CI. For more details, see Working with Configuration Items.
|Field 112 of the task's parent record and Assigned Support Group ID|
|Service Request Management||WOI:WorkOrder|
|Note: Starting from 9.1.02, access to service requests of BMC Service Request Management remains at company level irrespective of the value selected in the Applications Permission Model field as the assignment of a service request is optional. All the members within a company can access all service requests. For more details, see System settings.|