This documentation supports the 18.08 version of Remedy with Smart IT.

To view the latest version, select the version from the Product version menu.

How access to tickets and resources works in Smart IT

In Smart IT, functional role and permissions are not enough to access tickets and resources. Considering the fact that every user belongs to a company, and is part of one or more support groups, to resolve tickets, service desk agents sometimes might need access to other support groups of their own company or another company. Thus, access to tickets and resources depends on your access to the company, support groups, your functional role, and permissions. Your access to tickets also depends on the support group to whom the ticket is assigned, and how you are related to the ticket.

To a great extent, the way in which your company is structured, and support groups are organized decide your access to tickets and resources. This topic focuses on the model that governs your access to tickets and resources in Smart IT.

Overview of the data access model

For IT organizations, maintaining information secure, and controlling data access to appropriate users are the two major challenges. When controlling data access, the data access rules must not be so complex that they hurdle user's functioning, or become difficult for the company to implement and maintain. BMC Remedy IT Service Management (BMC Remedy ITSM) data access model helps companies to overcome these challenges. The data access model controls user's access to data, and also keeps information secure. Note that there is no change in user's functional role, permissions, or support groups. The data access model consists of the following features:

Row-level security (RLS)

The RLS feature belongs to BMC Remedy Action Request System (BMC Remedy AR System). It controls access to ticket data in BMC Remedy ITSM and Smart IT. RLS is based on the principle that only those associated with the ticket must have access to the ticket. In BMC Remedy AR System, every form contains a set of core fields. Permissions defined for the fields determine ticket access. Accordingly, users and groups included in the Assignee Group (field 112), and Submitter (field 2) in BMC Remedy AR System can access and view that ticket. Users who can access and edit tickets are defined in other fields such as Assignee (field 4), Assignee Group Parent (field 60989) and so on. To learn more about fields that provide access to tickets, and for additional information about the field 112, see Row-level security.

Note

Assignee Group is a field in BMC Remedy AR System, Smart IT does not support this field.

Hierarchical groups

In Smart IT, the hierarchy in which support groups are organized is based on the hierarchical group feature in BMC Remedy AR System. It is a structure that enables you to organize groups, especially larger groups in hierarchical order. Groups are organized in hierarchy, and user's access to ticket data depends on where they are placed in the hierarchy. In this structure, groups are organized in parent and child hierarchy. Parent groups have larger access as compared to child groups.

Impact of RLS on access to tickets and resources

With the implementation of RLS in BMC Remedy ITSM and Smart IT, access to ticket data is streamlined and only those users who are directly related to tickets and resources can access it. This section covers the impact of RLS on Smart IT as per the released versions of BMC Remedy ITSM and Smart IT.

Access to ticket data is restricted only to users who are directly connected to the ticket or to a support group associated with the ticket

Users can access tickets on the basis of support group or company and support group. In BMC Remedy ITSM, on the System Settings form, in the Applications Permissions Model list, the administrator can select one of the two options:

  • Support Group—Ticket data access is managed on the basis of individuals (for example, submitter, on behalf of, and assignee) and support groups associated with tickets. This restricts ticket access to only those users who are directly connected to tickets or to support groups associated with tickets. If you select Support Group, the field 112 displays Support Group ID. Support Group includes the following users:
    • Submitter of the ticket.
    • Assignee of the ticket.
    • Owner group who owns the ticket.
    • Members of the support group associated with the ticket (child support group).
    • Members of the group that is the parent of a support group associated with the ticket (parent group of the child support group).
  • Support Group and Company—Ticket data access is based on the support group and company that are associated with the ticket. If you select Support Group and Company, the field 112 displays Support Group IDCompany ID, Contact Name, and Customer name. It includes the following users:
    • Users who are part of the Support Group (listed under Support Group).
    • All the members of a location and customer company referenced on the ticket.
    • All the members of a parent group of the location and customer companies.

Note

On the System Settings form, the setting is applied to data that is created after changing the setting. It does not affect existing tickets.

Example

 Allen Allbrook creates an incident ticket with the following details:

  • Submitter—Allen Allbrook, member of the IT Services support group, and belongs to Company A.
  • Assignee—John Rambo, member of the Backoffice support group, and belongs to Company A.
  • Owner—Ian Plyment, member of the Service Desk support group, and belongs to Company B.
  • Customer—Mary Mann belongs to Company C.
  • Contact—Bob Baxter belongs to Company C.
  • Vendor support group—Front Desk support group.
  • Location company—Company C.
  • Owner company—Company B.

Based on the option selected on the System Settings form, the following users can access this incident ticket

When the Support Group option is selected When the Support Group and Company option is selected

Allen, John, Ian, Mary, Bob, and members of the Front Desk support group.

Allen, John, Ian, Mary, Bob, and members of the Front Desk support group.

Members of the Backoffice support group and Service Desk support group.

Members of the Backoffice support group and Service Desk support group.

Users with unrestricted access.

Users with unrestricted access.

Members of parent support group of Backoffice, Service Desk, and Front Desk support groups.

Members of parent support group of Backoffice, Service Desk, and Front Desk support groups.

  All members of Company A, Company B, and Company C.

Impact of hierarchical groups on access to tickets and resources

The hierarchical group feature that is introduced in BMC Remedy ITSM version 9.1, is based on the hierarchical group feature in BMC Remedy AR System. Hierarchical groups is a structure that enables you to organize larger groups in hierarchical order. Groups are organized in a hierarchy, and users' access to ticket data depends on the where they are placed in the hierarchy. In this structure, groups are organized in parent and child hierarchy. Parent groups have larger access as compared to child groups.

Organizing support groups in parent and child hierarchy

Users with Contact Administrator permission can configure hierarchical groups across companies or support groups. To configure hierarchical groups, in BMC Remedy ITSM, select Application Administration Console > Foundation > Advanced Options > Hierarchical Group Configuration and update the required information on the Hierarchical Group Configuration form. Using this form, you can add or remove a parent group of a company or a support group.

Important features of the parent and child hierarchical groups are:

  • Child groups can access their own tickets.
  • Parent groups can access their own tickets and tickets of their respective child groups.
  • All permissions assigned to a child group are passed on to its parent group.

Example

 Mary creates an incident ticket with the following details:

  • Customer—Allen
  • Direct Contact—Ian
  • Assigned Group—Backoffice Support (parent of Backoffice Support is IT Data Access)
  • Owner Group—Service Desk (parent of Service Desk is IT Data Access)

In this case, the following users can access the incident ticket:

  • Mary
  • Allen
  • Ian
  • Members of Backoffice Support, Service Desk, and IT Data Access (Assigned support group, Owner support group, parent of Assigned and Owner support groups)

Configure valid support groups

In BMC Remedy ITSM, on the Support Group Configuration form, for the Multiple support groups to single company mode, the Global option has been added under the Support Company list. This is a configuration for support group assignment. The support group is available at the global company level.

  • The Global company is available for all users irrespective of the customer or location company.
  • Users must have permission to access support groups configured under Global. Users with unrestricted access can access all groups under Global

Example

Business Zone is a IT company and has three companies. Company 1, Company 2, and Company 3. The three companies have their own support groups. Business Zone also has three support groups. They are:

  • BZCourier
  • BZSecurity
  • BZCafeteria

In BMC Remedy ITSM, on the Support Group Configuration form, for the Multiple support groups to single company mode, Global option is selected under Support Company list, and BZCourier, BZSecurity, and BZCafeteria support groups are added under Global company.

Service desk agents of Company 1, Company 2, and Company 3 are given access to support groups of Business Zone. Now, the service desk agents of Business Zone, Company 1, Company 2, and Company 3 can access BZCourier, BZSecurity, and BZCafeteria support groups.

Was this page helpful? Yes No Submitting... Thank you

Comments