Changing user access to cases
In BMC Helix Business Workflows, the Data access model determines which users can access which cases. If you have access to a case, you can add or remove other user access to it.
Case access can be defined in the following ways:
Automatically—Determined by the Data access model. According to the access model, the members of the assigned and submitter's support group can access a case. For more information, see Data-access-model.
If the case has no assignee, any member of the assigned support group can assign the case to themselves and change the case access, as required.
Manually—Determined by a user who has access to a case.
When you change the access settings of a case, these settings are also applied to the tasks and attachments in the case. For example, if you add a support group to a case, all the members of this group have access to all the tasks and attachments in the case.
Additionally, you can grant access to confidential support groups so that they can access the confidential data in a case. Case agents can view the user’s confidential data in a case or a task only if they are a part of the confidential support group for the case and have access to the case. For information about how to grant confidential data access, see To grant access to support groups to access confidential data in a case.
The flexibility to add or remove users enables you to restrict the case access only to the required users.
To add or remove user access to cases
- Log in to BMC Helix Business Workflows.
- Navigate to Workspace > Cases.
- From the Line of Business list, select the line of business for which you want to update a case.
If you have access to a single line of business, the line of business is selected by default. - To open a case on the Cases workspace, click the required case ID.
On the Case Access tab, you can view the list of support groups and agents who have access to the case:
(Optional) Use the buttons described in the following table to perform different actions on the Case Access list:
Button
Action
Result
Add a support group or agent.
The
on the support group denotes that the support group has write access to the case.The
on the support group denotes that the support group has read-only access to the case.Important: If there is an active domain, support groups only from that domain are displayed.
The support groups and agents that you add have access to the case and are displayed on the Case Access tab.
Select the Assign Write Access check box if you want to provide write access to the support group.
The support group has read and write access, and agents belonging to the support group can add or modify the case details.
Remove a support group with write access to the case.
Important: An agent with write access to the case can remove the support group.The support group no longer has access to the case.
Remove an agent.
The agent does not have access to the case.
Revert to default settings.
Important: If the button is enabled, case access is defined manually. Otherwise, case access is defined automatically.The case is accessible to the original support group and agent.
If you make changes to the assigned support group or assignee of the case, they are reflected in the following ways:
- When you do not make changes in the Case Access list and reassign the case to either a new support group or an assignee, the new support group replaces the old support group and the new assignee replaces the old assignee.
- When you make changes in the Case Access list and reassign the case to either a new support group or an assignee, the new support group and assignee are added to the Case Access list.
- When the case has no assignee, you cannot remove the assigned support group.
- When the case has an assignee, you can remove the assigned support group, but not the assignee.
To grant access to support groups to access confidential data in a case
As a case agent, you can grant access to confidential support groups so that they can view the confidential data. You can grant confidential data access only to support groups, and not to any specific individual, business unit, or department. You can assign read or read and write permission to the support groups.
Case agents can view the user’s confidential data in a case or a task only if they are a part of the confidential support group for the case and have access to the case. If the case agents have write access, they can edit the confidential data. The following table describes the case details that a case agent can view and update based on the confidential access to a case:
Case access | Confidential data access | View case details | View confidential data | Update case details | Update confidential data |
|---|---|---|---|---|---|
Read | None | ✅️ | ❌️ | ❌️ | ❌️ |
Read | Read | ✅️ | ✅️ | ❌️ | ❌️ |
Read | Write | ✅️ | ✅️ | ❌️ | ❌️ |
Write | None | ✅️ | ❌️ | ✅️ | ❌️ |
Write | Read | ✅️ | ✅️ | ✅️ | ❌️ |
Write | Write | ✅️ | ✅️ | ✅️ | ✅️ |
To grant access to support groups to access confidential data in a case, perform the following steps:
- Log in to BMC Helix Business Workflows as a case agent.
- Select Workspace > Cases.
- From the Line of Business list, select the line of business for which you want to update a case.
If you have access to a single line of business, the line of business is selected by default.
- To open a case on the Cases workspace, click the required case ID.
- On the case details page, click the Case Access tab.
In the Confidential Support Groups area, click the Support Group Access box and select the support group to which you want to grant confidential data access.
- If you want to provide write access to the support group, select the Assign Write Access check box
- Click Add.
Related topics
Configuring-default-access-for-cases
Identifying-and-protecting-users-confidential-data