This documentation supports the 22.1 version of BMC Helix Digital Workplace Basic and BMC Helix Digital Workplace Advanced. Icons distinguish capabilities available only for the Advanced and External license levels. For more information, see License-types-and-features.

Company-level access to subtenants in BMC Helix Digital Workplace


Administrators create subtenants in BMC Helix Digital Workplace to grant companies access to data and configurations in the application.

BMC Helix Digital Workplace supports the following approaches to granting access to data and configurations specific to individual companies in the application: 

  • Single tenancy—A single default subtenant is created in BMC Helix Digital Workplace. All users belong to the same company and share access to the same data and configurations. Data segregation is not supported. 
  • Multitenancy—At least one subtenant is created in addition to the default subtenant. Users get access only to the configuration data of the company to which they are assigned in BMC Helix ITSM on the People form (on the Company field of the General tab). Data is segregated between subtenants. 


Single tenancy in BMC Helix Digital Workplace

By default, if only one subtenant is defined, BMC Helix Digital Workplace ignores information about companies to which users are assigned in BMC Helix ITSM. As a result, all users belong to the same company and share access to the same data and configurations in BMC Helix Digital Workplace, even if they are assigned to different companies in BMC Helix ITSM

To configure a single tenancy, an AR System administrator creates a single default subtenant from a record instance in BMC Helix Innovation Studio. In this created record definition for the single default subtenant, the administrator doesn't add a company name in the Name field to avoid associating the default subtenant with a specific company in BMC Helix ITSM

Example of data access in single tenancy

On the People form in BMC Helix ITSM, Britney Unser, an end user, is assigned to the Apex Global company, and Bob Baxter, an end user, is assigned to the Petramco company. When Britney Unser and Bob Baxter log in to BMC Helix Digital Workplace, they can access the same data and configurations in the application. 


Multitenancy in BMC Helix Digital Workplace

If the administrator creates at least one subtenant in addition to the default subtenant, BMC Helix Digital Workplace becomes multitenant, and users get access only to the BMC Helix Digital Workplace configuration data of the company to which they are assigned in BMC Helix ITSM on the People form (on the Company field of the General tab). The administrator must define company names for the default subtenant and all subsequent subtenants. 

BMC Helix Digital Workplace supports multitenancy for on-premises and SaaS subscribers in the following ways:


The following diagram illustrates company-level access to subtenants in BMC Helix Digital Workplace.

multitenant_access.png

Example of data access in multitenancy

If Britney Unser, an end user, is assigned to the Apex Global company on the People form, she has access to how-to links and locations configured for Apex Global, but not to the how-to links and locations configured for Petramco. This configuration also applies to the BMC Helix Digital Workplace Admin console—if Britney Unser has MyIT Admin permissions for BMC Helix Digital Workplace, she can configure how-to links and locations only for the Apex Global company.

At the same time, Bob Baxter who is assigned to the Apex Global company and has the permissions of MyIT Super Admin for BMC Helix Digital Workplace, can configure how-to links and locations for both companies—Apex Global and Petramco.


How multitenancy works without a subtenant

By default, if a user is assigned to a BMC Helix ITSM company for which a subtenant hasn't been created in BMC Helix Digital Workplace, this user can't access BMC Helix Digital Workplace.

The following diagram shows that users without the subtenant can't access the application: 

no_access_multitenancy.png

However, you can change this default behavior and allow such users to access BMC Helix Digital Workplace via the default subtenant. To enable access via the default subtenant, contact BMC Support. 

The following diagram illustrates how users without the subtenant in BMC Helix Digital Workplace can access the application via the default subtenant after BMC Support enables this behavior: 

mutlitenancy_without_subtenant.png

Example of data access for users without a subtenant via the default subtenant

Mary Mann, an end user, is assigned to the Centari company on the People form in BMC Helix ITSM. In BMC Helix Digital Workplace, two subtenants exist—the default subtenant for Apex Global and another subtenant for Petramco. No subtenant exists for Centari. By default, Mary Mann can't access BMC Helix Digital Workplace. However, if users without subtenants are allowed to access BMC Helix Digital Workplace, Mary Mann can access data created for the Apex Global default subtenant in BMC Helix Digital Workplace.


Multitenancy and access to data

In BMC Helix ITSM, multitenancy can be configured for data that comes from BMC Helix ITSM, such as users and service request definitions (SRDs). When users are set up, they are granted access to data for one or more companies. For data that is maintained in BMC Helix ITSM (such as SRDs), the same access is provided in BMC Helix Digital Workplace with no additional configuration. This data segregation is present in both single-tenancy and multitenancy modes. For example, if separate SRDs are created for the Apex Global and Petramco companies, and Britney Unser is granted access only to the Apex Global company, she can see and request SRDs only from the Apex Global company.

BMC Helix Digital Workplace also provides the following configuration in BMC Helix ITSM:

  • Quick-pick lists of SRD catalog items that appear on the Catalog tab
  • Catalog configuration
  • How-to links
  • Social posts not tied to any BMC Helix ITSM tickets or BMC Service Request Management service requests
  • Broadcasts