Company-level access to subtenants in BMC Helix Digital Workplace

Single tenancy in BMC Helix Digital Workplace

By default, if only one subtenant is defined, BMC Helix Digital Workplace ignores information about companies to which users are assigned in BMC Helix ITSM. As a result, all users belong to the same company and share access to the same data and configurations in BMC Helix Digital Workplace, even if they are assigned to different companies in BMC Helix ITSM. 

To configure a single tenancy, an AR System administrator creates a single default subtenant from a record instance in BMC Helix Innovation Studio. In this created record definition for the single default subtenant, the administrator doesn't add a company name in the Name field to avoid associating the default subtenant with a specific company in BMC Helix ITSM. 

Multitenancy in BMC Helix Digital Workplace

If the administrator creates at least one subtenant in addition to the default subtenant, BMC Helix Digital Workplace becomes multitenant, and users get access only to the BMC Helix Digital Workplace configuration data of the company to which they are assigned in BMC Helix ITSM on the People form (on the Company field of the General tab). The administrator must define company names for the default subtenant and all subsequent subtenants. 

BMC Helix Digital Workplace supports multitenancy for on-premises and SaaS subscribers in the following ways:

• If BMC Helix Digital Workplace is deployed on-premises, BMC provides the Managed Service Provider (MSP) Config utility. For more information, see Configuring-multitenancy.
• If you have a SaaS subscription of BMC Helix Digital Workplace, create subtenants from a record instance in BMC Helix Innovation Studio.

The following diagram illustrates company-level access to subtenants in BMC Helix Digital Workplace.

How multitenancy works without a subtenant

By default, if a user is assigned to a BMC Helix ITSM company for which a subtenant hasn't been created in BMC Helix Digital Workplace, this user can't access BMC Helix Digital Workplace.

The following diagram shows that users without the subtenant can't access the application: 

However, you can change this default behavior and allow such users to access BMC Helix Digital Workplace via the default subtenant. To enable access via the default subtenant, contact BMC Support. 

The following diagram illustrates how users without the subtenant in BMC Helix Digital Workplace can access the application via the default subtenant after BMC Support enables this behavior: 

Multitenancy and access to data

In BMC Helix ITSM, multitenancy can be configured for data that comes from BMC Helix ITSM, such as users and service request definitions (SRDs). When users are set up, they are granted access to data for one or more companies. For data that is maintained in BMC Helix ITSM (such as SRDs), the same access is provided in BMC Helix Digital Workplace with no additional configuration. This data segregation is present in both single-tenancy and multitenancy modes. For example, if separate SRDs are created for the Apex Global and Petramco companies, and Britney Unser is granted access only to the Apex Global company, she can see and request SRDs only from the Apex Global company.

BMC Helix Digital Workplace also provides the following configuration in BMC Helix ITSM:

• Quick-pick lists of SRD catalog items that appear on the Catalog tab
• Catalog configuration
• How-to links
• Social posts not tied to any BMC Helix ITSM tickets or BMC Service Request Management service requests
• Broadcasts