Drift management permission groups

Drift management offers a flexible permissions model that lets you grant role-based permission to specific areas of drift management functionality. Permission groups are used to grant users access to specific consoles and modules within drift management and for notifications.

In addition to inheriting the instance access within BMC Helix CMDB, specify access to various drift management components such as drift reports, baselines, targets, jobs, qualification sets, include sets, and exclude sets on the basis of a group membership.

To give users access to drift management, you must first create an AR System user for the AR System server where drift management is installed. You can then create groups of these users and assign those groups to roles that allow them access to different parts of the application and its data.

The following table lists the default permission groups available for drift management:

Drift management permission groups

Permissions group

Description

Drift Master

Grants full access to drift management with additional access to the following consoles, independent of functional roles or support group affiliations:

  • Authoring Console (edit or view access)
  • Job Console (edit or view access)
  • Drift Console (edit or view access)
  • Drift Dashboard (select or view access) 

Note: This permission supersedes the Drift Admin and Drift Viewer permission groups.

Drift Admin

Grants execution and management access to drift management with access to the following consoles, independent of functional roles or support group affiliations:

  • Authoring Console (view access)
  • Job Console (edit or view access)
  • Drift Console (edit or view access)
  • Drift Dashboard (select or view access) 

Note: This permission supersedes the Drift Viewer permission group.

Drift Viewer

Grants view access to drift management. With view access, users can view reports on the Drift Console. These permissions also grant you access to the following consoles:

  • Authoring Console (view access)
  • Job Console (view access)
  • Drift Dashboard (select or view access)
    This permission is superseded by the Drift Master and Drift Admin permission groups.

Public

If guest users are configured in the AR System server, the Public role grants select or view access to the Drift Dashboard, as part of the AR System Public group. With select or view access to the Drift Dashboard, you can perform the following tasks:

  • Change the date range to refresh the charts.
  • Select Business Services that you have permission to view.
  • Select baselines that you have permission to view.
    For more information about the Public group and its role in AR System, see Key concepts in Action Request System online documentation.

For information about creating users and working with groups and roles, see the Creating users, groups, and roles in  Action Request System online documentation.

Permission groups for BMC Helix ITSM: Change Management and BMC Helix ITSM: Change Management

BMC Configuration drift management integrates with Change Management and Incident Management. Application roles and permissions for integration are also provided to control who can create Change Management and Incident Management forms and submit change requests or incident requests. 

The following table lists BMC Helix ITSM permission groups that are important for integrating drift management with Change Management and Incident Management.

Important

Use the Application Administration Console to grant these permissions to users. For more information, see Configuring after installation in BMC Helix ITSM online documentation.

Permission groups for Change Management and Incident Management

Permissions group

Description

Form access

Infrastructure Change Master

For integration between drift management and Change Management.

Grants access to Change Management with additional privileges to modify infrastructure change requests and tasks independent of functional roles or support group affiliations. This permission group also grants access to users to create and modify approval mappings. This permission supersedes the Infrastructure Change User and Infrastructure Change Viewer permission groups. Requires an application fixed or floating license.

Provides access to:

  • Infrastructure Change form
  • Approval Mappings form

Infrastructure Change User

For integration between drift management and Change Management.

Grants general access to open, query, submit, and modify change requests in Change Management.

Note: Modification access can be restricted through the additional use of functional roles and support group relationships.

This permission is superseded by the Infrastructure Change Master permission group and supersedes the Infrastructure Change Viewer permission group. Requires an application fixed or floating license.

Provides access to the Infrastructure Change form.

Incident Master

For integration between drift management and Incident Management.

Grants access to Incident Management, with additional privileges to modify incidents independent of functional roles or support group affiliations. This permission supersedes the Incident User, Incident Submitter, and Incident Viewer permission groups. Requires an application fixed or floating license.

Provides access to the Incident form.

Incident User

For integration between drift management and Incident Management.

Grants access to open, query, submit, and modify incidents in Incident Management.

Note: Modification access can be restricted through the additional use of functional roles and support group affiliations.

This permission is superseded by the Incident Master permission group and supersedes the Incident Viewer permission group. Requires an application fixed or floating license.

Provides access to the Incident form.

For troubleshooting the issues encountered during automatic incident creation from drift management, see Drift-management-issues.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*