This documentation supports the 1.5 version of Remedy with Smart IT.

To view the latest version, select the version from the Product version menu.

How access to tickets and resources works in Smart IT

In Smart IT, functional role and permissions are not enough to access tickets and resources. Considering the fact that every user belongs to a company, and is part of one or more support groups, to resolve tickets, service desk agents sometimes might need access to other support groups of their own company or another company. Thus, access to tickets and resources depends on your access to the company, support groups, your functional role, and permissions. Your access to tickets also depends on the support group to whom the ticket is assigned, and how you are related to the ticket.

To a great extent, the way in which your company is structured, and support groups are organized decide your access to tickets and resources. This topic focuses on the model that governs your access to tickets and resources in Smart IT.

Overview of the data access model

For IT organizations, maintaining information secure, and controlling data access to appropriate users are the two major challenges. When controlling data access, the data access rules must not be so complex that they hurdle user's functioning, or become difficult for the company to implement and maintain. BMC Remedy IT Service Management (BMC Remedy ITSM) data access model helps companies to overcome these challenges. The data access model controls user's access to data, and also keeps information secure. Note that there is no change in user's functional role, permissions, or support groups. The data access model consists of the following features:

Row-level security (RLS)

The RLS feature belongs to BMC Remedy Action Request System (BMC Remedy AR System). It controls access to ticket data in BMC Remedy ITSM and Smart IT. RLS is based on the principle that only those associated with the ticket must have access to the ticket. In BMC Remedy AR System, every form contains a set of core fields. Permissions defined for the fields determine ticket access. Accordingly, users and groups included in the Assignee Group (field 112), and Submitter (field 2) in BMC Remedy AR System can access and view that ticket. Users who can access and edit tickets are defined in other fields such as Assignee (field 4), Assignee Group Parent (field 60989) and so on. To learn more about fields that provide access to tickets, and for additional information about the field 112, see Row-level security 9.1.02.

Note

Assignee Group is a field in BMC Remedy AR System, Smart IT does not support this field.

Hierarchical groups

In Smart IT, the hierarchy in which support groups are organized is based on the hierarchical group feature in BMC Remedy AR System. It is a structure that enables you to organize groups, especially larger groups in hierarchical order. Groups are organized in hierarchy, and user's access to ticket data depends on where they are placed in the hierarchy. In this structure, groups are organized in parent and child hierarchy. Parent groups have larger access as compared to child groups.

Impact of RLS on access to tickets and resources

With the implementaion of RLS in BMC Remedy ITSM and Smart IT, access to ticket data is streamlined and only those users who are directly related to tickets and resources can access it. This section covers the impact of RLS on Smart IT as per the released versions of BMC Remedy ITSM and Smart IT.

Access to ticket data is restricted only to users who are directly connected to the ticket or to a support group associated with the ticket

Prior to BMC Remedy ITSM 9.1 and Smart IT 1.3.01

Access to the configuration data and ticket data is based on the company specified on the ticket. When a ticket is created for example, an incident ticket, in BMC Remedy ITSM the Assignee Group (field 112) is populated with the Company ID. It gives all users of the company access to the ticket. There are two major concerns in this set up:

  • Users who are not directly related to the ticket or to the support group associated with the ticket have unnecessary access to tickets.
  • It creates security concerns because everybody from the company have access to all tickets.

In BMC Remedy ITSM 9.1 and Smart IT 1.3.01 and later versions

To overcome these challenges, RLS is implemented. Access to ticket data is now restricted to users who are directly connected to tickets and support groups associated with tickets. For example, when incident ticket is created, in BMC Remedy ITSM, the Assignee Group (field 112) is populated with the login ID of the customer, contact, submitter, assignee group ID, and the owner group ID.

Note

The access to configuration data continues to be managed at the company level because all users of company need access to the configuration data.

This graphic shows who can and cannot access tickets in Smart IT.

When a user can access tickets, they can perform the following activities:

  • Relate ticket to another incident, work order, change request, problem investigation, known error, asset, and knowledge article.
  • Submitter can relate only those tickets to which he has access, or the tickets that he submitted.
  • Search for ticket or resource from the global search option, and open them.
  • Add activity notes, and view them.
  • Filter tickets from the Ticket Console, and open them.
  • Search for tickets from the recommended tickets in Smart Recorder, and relate the ticket.
  • Open service request tickets, and add activity notes.
  • When chatting search for tickets to which you have access, and relate them to the chat conversation.
  • Search for ticket by using the Relationship Search option, and relate the ticket.
  • Access and open ticket from the Updates Feed on the Dashboard.

Example

In this example, all users belong to Calbro Services. Allen Allbrook creates an incident ticket with the following details:

  • Submitter—Allen Allbrook
  • AssigneeJohn Rambo member of Backoffice support group
  • OwnerIan Plyment member of Service Desk support group
  • CustomerMary Mann
  • ContactBob Baxter
  • Vendor support groupmembers of Front Desk support group

Users who can access this incident ticket are:

  • Allen, John, Ian, Mary, Bob, and members of the Front Desk support group.
  • Members of the Backoffice support group and Service Desk support group.
  • Users with unrestricted access.
  • Members of parent support group of Backoffice, Service Desk, and Front Desk support groups.

In BMC Remedy ITSM 9.1.02 and Smart IT 1.5.01

Instead of restricting access on the basis of company (prior to Smart IT 1.3.01) or the support group (1.3.01 through 1.5), in Smart IT 1.5.01, users can access tickets on the basis of support group or company and support group. In BMC Remedy ITSM, on the System Settings form, in the Applications Permissions Model list, the administrator can select one of the two options:

  • Support GroupTicket data access is managed on the basis of individuals (for example, submitter, on behalf of, and assignee) and support groups associated with tickets. This restricts ticket access to only those users who are directly connected to tickets or to support groups associated with tickets. If you select Support Group, the field 112 displays Support Group ID. Support Group includes the following users:
    • Submitter of the ticket.
    • Assignee of the ticket.
    • Owner group who owns the ticket.
    • Members of the support group associated with the ticket (child support group).
    • Members of the group that is the parent of a support group associated with the ticket (parent group of the child support group).
  • Support Group and CompanyTicket data access is based on the support group and company that are associated with the ticket. If you select Support Group and Company, the field 112 displays Support Group ID, Company ID, Contact Name, and Customer name. It includes the following users:
    • Users who are part of the Support Group (listed under Support Group).
    • All the members of a location and customer company referenced on the ticket.
    • All the members of a parent group of the location and customer companies.

Note

On the System Settings form, the setting is applied to data that is created after changing the setting. It does not affect existing tickets.

Example

 Allen Allbrook creates an incident ticket with the following details:

  • SubmitterAllen Allbrook, member of the IT Services support group, and belongs to Company A.
  • AssigneeJohn Rambo, member of the Backoffice support group, and belongs to Company A.
  • OwnerIan Plyment, member of the Service Desk support group, and belongs to Company B.
  • CustomerMary Mann belongs to Company C.
  • ContactBob Baxter belongs to Company C.
  • Vendor support groupFront Desk support group.
  • Location companyCompany C.
  • Owner companyCompany B.

Based on the option selected on the System Settings form, the following users can access this incident ticket

When the Support Group option is selectedWhen the Support Group and Company option is selected

Allen, John, Ian, Mary, Bob, and members of the Front Desk support group.

Allen, John, Ian, Mary, Bob, and members of the Front Desk support group.

Members of the Backoffice support group and Service Desk support group.

Members of the Backoffice support group and Service Desk support group.

Users with unrestricted access.

Users with unrestricted access.

Members of parent support group of Backoffice, Service Desk, and Front Desk support groups.

Members of parent support group of Backoffice, Service Desk, and Front Desk support groups.

 All members of Company A, Company B, and Company C.

Impact of hierarchical groups on access to tickets and resources

The hierarchical group feature that is introduced in BMC Remedy ITSM version 9.1, is based on the hierarchical group feature in BMC Remedy AR System. Hierarchical groups is a structure that enables you to organize larger groups in hierarchical order. Groups are organized in a hierarchy, and users' access to ticket data depends on the where they are placed in the hierarchy. In this structure, groups are organized in parent and child hierarchy. Parent groups have larger access as compared to child groups.

Organizing support groups in parent and child hierarchy

Prior to BMC Remedy ITSM 9.1 and Smart IT 1.3.01
Access to ticket data is based on the company specified on the ticket. All users of the company can access ticket data that belongs to different support groups. It is a challenge to organize data access in larger groups.

To access ticket data across multiple companies, service desk agents are given ticket access of another company at the company level. It allows them to access all the ticket data of that company. It gives them unnecessary access to tickets, and also creates data security concerns.

In BMC Remedy ITSM 9.1 and Smart IT 1.3.01 and later versions

Users with Contact Administrator permission can configure hierarchical groups across companies or support groups. To configure hierarchical groups, in BMC Remedy ITSM, select Application Administration Console > Foundation > Advanced Options > Hierarchical Group Configuration and update the required information on the Hierarchical Group Configuration form. Using this form, you can add or remove a parent group of a company or a support group.

Important features of the parent and child hierarchical groups are:

  • Child groups can access their own tickets.
  • Parent groups can access their own tickets and tickets of their respective child groups.
  • All permissions assigned to a child group are passed on to its parent group.

Example

 Mary creates an incident ticket with the following details:

  • CustomerAllen
  • Direct ContactIan
  • Assigned GroupBackoffice Support (parent of Backoffice Support is IT Data Access)
  • Owner GroupService Desk (parent of Service Desk is IT Data Access)

In this case, the following users can access the incident ticket:

  • Mary
  • Allen
  • Ian
  • Members of Backoffice Support, Service Desk, and IT Data Access (Assigned support group, Owner support group, parent of Assigned and Owner support groups)

Configure valid support groups

In BMC Remedy ITSM 9.1.02 and Smart IT 1.5.01

In BMC Remedy ITSM, on the Support Group Configuration form, for the Multiple support groups to single company mode, the Global option has been added under the Support Company list. This is a configuration for support group assignment. The support group is available at the global company level.

  • The Global company is available for all users irrespective of the customer or location company.
  • Users must have permission to access support groups configured under Global. Users with unrestricted access can access all groups under Global

Example

Business Zone is a IT company and has three companies. Company 1, Company 2, and Company 3. The three companies have their own support groups. Business Zone also has three support groups. They are:

  • BZCourier
  • BZSecurity
  • BZCafeteria

In BMC Remedy ITSM, on the Support Group Configuration form, for the Multiple support groups to single company mode, Global option is selected under Support Company list, and BZCourier, BZSecurity, and BZCafeteria support groups are added under Global company.

Service desk agents of Company 1, Company 2, and Company 3 are given access to support groups of Business Zone. Now, the service desk agents of Business Zone, Company 1, Company 2, and Company 3 can access BZCourier, BZSecurity, and BZCafeteria support groups.

Related topics

Row-level security

Hierarchical groups: Using a parent group for permission inheritance

Data access model enhancements in BMC Remedy ITSM 9.1

Defining valid support groups associated with a company

Controlling access by using implicit groups--Row-level security

Using a parent group for permissions inheritance

Row-level security 9.1.02

Data access model in BMC Remedy ITSM 9.1.02

Support group configuration for assignments

Support group configuration for assignments in version 9.1.02

Support group configuration for assignments in versions 9.1.00 and 9.1.01

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments

  1. Mcharry Chito

    So if I have a very simple structure like, Single Company with a lot of Support Groups, I will just set the Support Group as a Parent Group of their own to be able to achieve the restriction of access?

    Example: 

    Company X

    Parent Group: HR

    Support Group: HR


    Parent Group: Helpdesk

    Support Group: Helpdesk


    So that the member of the HR will only see tickets assigned to their group same with the helpdesk.


    Nov 20, 2017 03:49
    1. Jose pedro Teixeira

      Hi Mcharry. You only need to set a Parent Group if need that a group has access to both HR and HelpDesk. By default member of the HR will only see tickets assigned to their group same with the HelpDesk, no need to set Parent groups.

      Example: 

      Company X

      Parent Group: SuperGroup

      Support Group: HR


      Parent Group: SuperGroup

      Support Group: Helpdesk

      Nov 20, 2017 04:09
  2. Mcharry Chito

    Hello Jose Pedro,


    Thank you for your immediate response. I have a very simple structure here, like a technician should only see those tickets related on their support groups. Like if you are helpdesk you should only see those tickets assigned to helpdesk and if you're HR you should only see tickets assigned to HR. But by default, my problem is on SmartIT, On the ticket console, If I select a filter for example "All Open" "Service Request" I am able to see all tickets even not assigned to my group. Aside of setting a preset, is there any way on how to be able to forcefully restrict the access/view of each support group?


    Regards,

    Harry

    Nov 20, 2017 04:40