This documentation supports the 21.05 version of BMC Helix CMDB.To view an earlier version, select the version from the Product version menu

Providing users with permissions to access the CMDB Portal by using groups and roles

As an administrator, you can assign users to groups on the AR System server to restrict users' access to specific features of the CMDB Portal. The groups that have restricted access to the CMDB Portal are created automatically during the installation of BMC Helix CMDB and BMC Helix ITSM. You only need to assign users to these groups.


Related topics

AR System: Creating users, groups, and roles

AR System: Regular, computed, and dynamic groups

Access control overview

Creating support groups

Roles-and-permissions

To provide users with access to the CMDB Portal by using groups

You can provide users with access to BMC Helix CMDB by adding them to a group which has the appropriate access.

  1. Open the Users form in the Mid Tierfrom the following location:
    AR System Administration > AR System Administration Console > Application > Users / Groups / Roles > Users.
    The form opens in search mode.
    User permissions_GIF.gif 
  2. Perform one of the following steps:
    • To create a new user, click New request.
      image2018-7-20_10-31-47.png
    • To find existing users, enter search criteria in the User Name or any other field and click Search
  3. Select a user that you want to add to a group.
    To find the correct group, open the Groups form and perform a search:
    AR System Administration > AR System Administration Console > Application > Users / Groups / Roles > Groups.
  4. In the Group List, select the appropriate group based on this table.

Permissions model to provide access to the new CMDB Portal

Based on the groups users are assigned to, the features they can access varies. The AR System server groups referenced in the following table are created automatically when you install BMC Helix CMDB and BMC Helix ITSM:

Persona and their requirements

Access level in the new CMDB UI

Groups to which you can assign the user

BMC Helix CMDB only

BMC Helix CMDB with BMC Helix ITSM

Administrator

Requires all features of the CMDB Portal.

All areas of BMC Helix CMDB

Administrator (Fixed license)

Not applicable

CMDB configuration manager

Requires all features of the CMDB Portal except those which are related to Atrium Integrator.

Create jobs, edits jobs, creates rules, uses the dashboard, and so on.

All of the CMDB Portal except the following:

  • Can only view classes and attributes.
  • Cannot edit CIs.
  • Cannot create or edit classes.
  • Cannot access Atrium Integrator via the data flow diagram or Atrium Integrator job console.

RE Definition Author (Floating license)

Not applicable

CMDB data publisher

Performs asset related work, creates and edits CIs and other activities related to service modeling.

Requires access to Search and the CMDB Explorer in the CMDB Portal and also needs to be able to edit CIs in the CMDB Explorer.


  • Can access Search, CMDB Explorer, and can also edit all CIs in CMDB Explorer in the CMDB Portal.
  • Can access CMDB Explorer, CMDB Impact Simulator, and dataset configuration in the Atrium Core console.

Important: An Asset Admin additionally requires RE Definition Author permission for unrestricted access to all CMDB pages in  CMDB Portal.

CMDB Data Change Group


 

Asset Admin (Floating license)

CMDB user

Perform asset related work.

Needs to only access the Search and the Explorer in the CMDB Portal. Does not need to edit CIs in the CMDB Explorer and cannot create or edit CIs.


Can access only CMDB Explorer in  CMDB Portal with at least Asset User or Asset Admin permissions. 

CMDB Data View Group

Minimum level of access required: Asset User.

  • Asset viewer
  • Asset user

In addition, you can assign the following groups:

Task Manager, Task User, Task Viewer, Asset Viewer, Asset Config, Infrastructure Change Master, Infrastructure Change User, Infrastructure Change Submit, Infrastructure Change Viewer, Infrastructure Change Config, Release Master, Release User, Release Viewer, Activity User, Activity Viewer, Release Config, Activity Config, Incident Master, Incident User, Incident Viewer, Incident Config, Problem Master, Problem User, or Problem Viewer

Important

  • Users who have permissions to create and edit CIs must also have CI level permissions to be able to edit CIs.
  • Certain features may not be accessible to a user from the CMDB Portal because of the access level that the user has as mentioned in the preceding table. But, if the user has permissions to the AR System forms, the same features can be accessed by using the AR System APIs.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*