User permissions
BMC Helix Remedyforce uses profiles and permission sets to grant users access to different functions. Profiles contain basic access rights and permissions for a group of users. Permission sets can be used in addition to profiles to provide additional levels of access and permissions to a user or multiple users.
Permission assignment options
After you install BMC Helix Remedyforce, you add users. To control access to BMC Helix Remedyforce, the following options are available:
- Profiles
- Permission sets
Assigning a profile to a user is mandatory. The following profiles are provided out of the box:
- ServiceDesk Staff
- ServiceDesk Client
- ServiceDesk Change Manager
The following permission sets are provided out of the box:
- ServiceDesk Staff
- ServiceDesk Client
- ServiceDesk Change Manager
- Remedyforce Administrator
You need to assign profiles or permission sets only once.
You can choose to assign out-of-the-box profiles or permission sets or create custom profiles and permission sets. BMC recommends that you assign a profile to a user with minimal permissions. To control other permissions, you can assign permission sets. You can apply more than one permission set to a user.
The benefit of assigning out-of-the-box permission sets is minimal post upgrade manual steps because the out-of-the-box permission sets are upgraded automatically when BMC Helix Remedyforce is upgraded by BMC.
If you use any of the following to control permission, after upgrade you need to manually assign access to Visualforce pages, Apex classes, objects, and fields added to a release:
- Out-of-the-box profiles
- Custom profiles
- Custom permission sets
The out-of-the-box permission sets are upgraded automatically.
Functions granted to profiles and permission sets
Different profiles and permission sets have been granted different functions in BMC Helix Remedyforce.
- Remedyforce clients have access to Self Service only. In Self Service, the clients can create and view incidents and service requests raised by them. They can also view knowledge articles.
- Remedyforce change managers and staff members can access the Remedyforce Dashboard tab. Remedyforce staff members can also access Self Service.
System administrators and users with the Remedyforce Administrator permission set have access to the Remedyforce Administration tab.
System administrators can perform all the actions in BMC Helix Remedyforce. However, users with the Remedyforce Administrator permission set cannot access the Salesforce standard objects and some of the Salesforce links that are available on the Remedyforce Administration tab. For more information, see Limitations of the Remedyforce Administrator permission set.Note
Users with the Remedyforce Administrator permission set can access the Remedyforce Administration tab only if the View Setup and Configuration check box is selected for their profile.
Access to modules based on profiles and permission sets
The following table lists the modules in BMC Helix Remedyforce and the access that is given to the BMC Helix Remedyforce profiles and permission sets. In the table, R represents Read, C represents Create; E represents Edit, and D represents Delete.
Note
Although the private sharing rule is enabled for the Incidents
and Tasks
objects, users with the Remedyforce Administrator permission set can also view and edit the records of other users because of the View All and Modify All permissions on these objects.
Modules | Profiles | Permission sets | ||||
---|---|---|---|---|---|---|
ServiceDesk Change Manager | ServiceDesk Staff | ServiceDesk Staff | ServiceDesk Change Manager | ServiceDesk Release Coordinator | Remedyforce Administrator | |
Incidents | R, C, E, D | R, C, E, D | R, C, E | R, C, E | R | R, C, E, D, View All, Modify All |
Tasks | R, C, E, D | R, C, E, D | R, C, E | R, C, E | R | R, C, E, D, View All, Modify All |
Broadcasts | R, C, E, D | R, C, E, D | R, C, E | R, C, E | R, C, E, D, View All, Modify All | |
Problems | R, C, E, D | R, C, E, D | R, C, E | R, C, E | R | R, C, E, D, View All, Modify All |
Change Requests | R, C, E, D | R | R | R, C, E, D | R | R, C, E, D |
Releases | R, C, E, D | R | R | R, C, E, D | R, C, E, D | R, C, E, D |
Knowledge Articles | R, C, E, D, View All | R, C, E, D, View All | R, C, E, D, View All | R, C, E, D, View All | R, C, E, D, View All | |
Salesforce Reports tab | view, can create customized reports, run and export reports | view, can create customized reports, run and export reports | view, can create customized reports, run and export reports | view, can create customized reports, run and export reports | view, can create customized reports, run and export reports | |
CMDB | ||||||
| R, C, E, D | R, C, E, D | R, C, E | R, C, E | R, C, E, D | |
All other objects that map to CI and relationship classes | R, C, E, D | R, C, E, D | R, C, E, D | R, C, E, D | R, C, E, D |
Note
Although in CMDB 2.0, all CI data is stored in the Base Element
object, the R, C, E, D permissions are still configured for each object that maps to a CI or relationship class in CMDB 2.0. For example, to remove the edit access only for the Computer System CI in CMDB 1.0 and 2.0, you must update permissions for the Computer System
object and not the Base Element
object. However, if the Base Element
object is not given a specific permission, such as delete, users cannot delete a CI even if the corresponding object is given the delete permission. For example, users with the ServiceDesk Staff permission set cannot delete a Computer System CI in CMDB 1.0 or 2.0 because the Base Element
object is not given the delete permission.
Access to functionality based on profiles and permission sets
The following table lists the various functionalities in BMC Helix Remedyforce and the access that is given to the BMC Helix Remedyforce profiles and permission sets. In the table, R represents Read, C represents Create; E represents Edit, and D represents Delete.
Modules | Profiles | Permission sets | ||||
---|---|---|---|---|---|---|
ServiceDesk Change Manager | ServiceDesk Staff | ServiceDesk Staff | ServiceDesk Change Manager | ServiceDesk Release Coordinator | Remedyforce Administrator | |
QuickViews (custom) | R | R | R | R | R | |
Agreements | R, C, E, D | R | R | R, C, E, D | R, C, E, D | |
Request Definitions | R, C, E, D | R | R | R, C, E, D | R, C, E, D | |
Chatter | Default On | Default On | Default On | Default On | Default On | Default On |
Clients | R, C, E | R, C, E | R, C, E | R, C, E | R, C, E | |
Service Outages | R, C, E, D | R, C, E | R, C, E | R, C, E | R, C, E, D | |
Accounts | R, C, E, D | R, C, E, D | ||||
Templates | R, C, E, D | R, C, E, D | R, C, E | R, C, E | R | R, C, E, D |
Surveys | R, C, E | R, C, E | R, C, E | R, C, E | R, C, E, D, View All, Modify All | |
Global Search | R, C, E, D | R, C, E, D | R, C, E, D | R, C, E, D | R, C, E, D, View All, Modify All |
Note
Users who are assigned the Remedyforce Administrator permission set are granted only Read access to custom QuickViews. You must also select the Remedyforce Administrator check box for these users to enable them to create, edit, and delete custom QuickViews, and copy out-of-the-box QuickViews.
Limitations of the Remedyforce Administrator permission set
The following are a few limitations of the Remedyforce Administrator permission set:
- The Remedyforce Administrator permission set does not enable users to populate BMC Helix Remedyforce with demo data. On the Getting Started tab, for step 1 (Populate Remedyforce with demo data ), if the users select Click here to begin, an error message is shown.
To enable this link for users with the Salesforce license, the system administrator must grant the Manage Users profile-level permission. However, this profile-level permission is not available for users with the Salesforce Platform license. - The Remedyforce Administrator permission set does not grant access to any Salesforce standard object. Specifically, the Remedyforce Administrator permission set does not grant access to the following Salesforce standard objects and the BMC Helix Remedyforce custom objects that have a master-detail relationship with a Salesforce standard object.
- Account
- Account CI Link
- Broadcast Account Link
- Entitlement
- SLA Account Link
- User Account Link
The system administrator can grant the required permissions for these objects to the user's profile.
The Remedyforce Administrator permission set does not grant access to the Salesforce links on the Remedyforce Administration tab. To enable users to access the Salesforce links, the system administrator must assign the required profile-level permissions.
The following table lists the profile-level permissions that are required to access the Salesforce links on the Remedyforce Administration tab. The table also indicates the availability of the required profile-level permissions for Salesforce Platform license users. All the profile-level permissions listed in the table are available for Salesforce license users.Note
By default, the Salesforce Platform license users can only view all Salesforce pages listed in the table, except View Login History + and Storage History +.
Profile-level permissions required to access the Salesforce links on the Remedyforce Administration tab
Salesforce link on the Remedyforce Administration tab
Required profile-level permission to access the corresponding Salesforce page
Available for Salesforce Platform license users
Manage Users Tile
Add and Edit User +
On the profile page, in the Administrative Permissions section, select the Manage Users check box.
Not available
Edit Permission Set +
Manage Queues +
Manage Remedyforce Licenses +
Profiles +
Roles +
View Login History +
Create Dashboard and Reports Tile
Report Types +
On the profile page, in the Administrative Permissions section, select the Manage Custom Report Types check box.
Not available
Reports & Dashboards (Salesforce) +
On the profile page, in the Administrative Permissions section, select the Manage Dashboards check box.
Available
License and Storage Usage Tile
Remedyforce License Usage +
On the profile page, in the Administrative Permissions section, select the Manage Users check box.
Not available
Salesforce License Usage +
Storage Usage +
Configure Email Tile
Email Services +
On the profile page, in the Administrative Permissions section, select the Customize Application check box.
Not available
Email Templates +
On the profile page, in the Administrative Permissions section, select the Manage Public Templates check box.
Note: To enable users to edit custom email templates, you must select the Edit HTML Templates check box on the profile page, in the Administrative Permissions section.
Organization-Wide Addresses +
On the profile page, in the Administrative Permissions section, select the Modify All Data check box.
Manage Workflows and Other Processes Tile
Approval Processes +
On the profile page, in the Administrative Permissions section, select the Customize Application check box.
Not available
Email Alerts +
Field Updates +
Workflow Rules +
Related topic
Supported Salesforce platform versions, user types, and licenses
Comments
Log in or register to comment.