This documentation supports the 21.05 version of BMC Helix CMDB.To view an earlier version, select the version from the Product version menu

Normalization and instance permissions

You can use the Normalization Engine to set the row-level permissions for specified classes and, with AR System qualifications, specific instances.

To use the Normalization Engine for instance permissions, you must complete the following steps:

  1. Define the rules for setting the row-level permissions. (See Creating-normalization-rules-to-set-row-level-permissions.)
  2. For each data set, enable the Row-Level Security feature. (See Configuring-normalization-settings-for-datasets.)

In addition to the CMDB Data View and CMDB Data Change roles, users must also have row-level access to instances. Each class has two attributes that specify users with read and write access to the class instances.


  • CMDBRowLevelSecurity — Users who are members of a group with row-level access have permission to view the instance if they also have the CMDB Data View or CMDB Data Change role.
  • CMDBWriteSecurity — Users who are members of a group with write access have permission to modify the instance if they also have row-level access and the CMDB Data Viewer role. This permission gives a user write access to a specific instance without giving write access to all instances with one of the CMDB Data Change roles.

You can define groups for the following permissions:

  • View — Members of these groups and roles can view the attribute in the class form, but cannot modify its value.
  • Change — Members of these groups and roles can view and modify the attribute value.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*