Administering users, roles, and access permissions

Users are the base-level entity in BMC Release Process Management. Users access the system by logging in.

BMC Release Process Management enables the creation of custom roles and uses a security model in which groups of users own roles and individual users inherit their roles from the group. Teams consist of one or more groups. Access permissions are managed at the group and team levels, not the user level, which allows administrators to more easily manage users throughout the BMC Release Process Management product.

This topic consists of the following sections:

Custom roles and access permissions

The custom role functionality of BMC Release Process Management enables you to restrict access to each tab in the BMC Release Process Management application and to specific capabilities within those tabs. The roles assigned to groups give member users the ability to view and access the main tabs. Application assignments give users the ability to view and access an application and its objects (for example, environments, components, requests, and so on). Therefore, depending on roles and applications assignments, users can do such things as:

  • See and access specific tabs
  • Create, start, and edit requests
  • Create and edit steps

For example, consider the access permissions for the following groups:

  • Coordinator group—Member users can see and access all tabs; however, they cannot see or access the Users, Groups, and Teams options on the System tab and the Automations option on the Environment tab.
  • Deployer group—Member users have access to all tabs; however, they cannot see or access the Users, Groups, and Teams options on the System tab.
  • Requestor group—Member users can see the Dashboard, Plans, Requests and Reports tabs. Users can create, start, and edit requests and create and edit steps.
  • Executor group—Member users can see the Dashboard, Plans, Requests, and Reports tabs. Users can start requests and hold or move requests to the Problem state.

On the Dashboard tab, users can see the requests assigned to their application only. Users who have only permission to View Requests lists, however, cannot see requests in the Created state. Access permission for Created requests is added separately and applies to all Requests lists visible in the application, including the Dashboard. For example, if a user does not have permission to view Created requests, Created requests are not visible in the My Requests and Currently Running Steps subtabs on the Dashboard. Users who do not have access to the Requests list cannot view the requests in any Requests lists, including the Dashboard.

Users who do not have permission to view Servers lists cannot view servers in the My Servers subtab on the Dashboard.

Users in the Root group have access to all tabs and all objects. The Root group cannot be inactivated; the Root Group check box cannot be cleared; and the Root group must always have at least one user.

Use case—to manage user roles through groups and teams

The following use case shows how you can use groups and teams to manage user roles:

  1. As the Root user, create an application with name app1.

  2. Create a new user with the login name user1.

    Note

    If a group is not selected, by default, a new user is assigned to the group with the User role and the team with the application marked as default. A Root user (or any other user with the appropriate permissions) can manage which group is the default.

  3. Log in as user1.

    Note

    Notice that as user1 you can access the Dashboard, Plans, Requests, Reports, and Profile tabs in the BMC Release Process Management application due to the permissions granted by the User role, as well as information related to the default application. The User role of the default group determines access permissions for user1 and the associated default application grants user1 access to the tabs and objects in the BMC Release Process Management application.

    (click the image to expand it)

    administering_user_roles1.png

  4. As the Root user, create a new group with the name group1, and then select user1 as a member of this group.

    (click the image to expand it)
    group1.png

  5. Click Add Role and then select the Coordinator, Deployer, and User roles for group1.
    (click the image to expand it)
    group1_roles.png

    Note

    You can also create a new role with custom access permissions.

  6. Click Select Roles and Create to save your changes for group1.
  7. Change the group assignments for user1 and ensure that the default group is not selected.
    (click the image to expand it)
    user1_group_assignment.png
  8. Click Select Groups and Update User to save your changes for user1.
  9. Log in as user1.
    In the BMC Release Process Management application, all tabs are available due to the permissions of the Coordinator and Deployer roles, which by default, have access to all tabs. Notice, however, that as user1 only the Settings and Integrations options are available under the System tab.
  10. As the Administrator user, create a new team with name team1 and assign group1 and app1 to this team.
    (click the image to expand it)
    team_1.png
  11. After team1 is created, you can change user roles for group1 and each environment of the app1 application.
    (click the image to expand it)
    team_1_roles.png
  12. Log in as user1.
     In the BMC Release Process Management application, tabs are available based on the roles assignment through the group.
    (click the image to expand it)
    user_1_access.png

Related topics

Managing-access-permissions

Managing-user-roles

Managing-users

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*