Change Management permissions

While implementing the Change Management application, it is important to identify the people in your organization who need access to the Change Management application. Within the BMC Helix ITSM application, there are the following types of roles:

Permission roles
Functional roles (see Change-Management-roles)

Permission roles

Service Management applications use the concept of permissions groups to control access to the various BMC Helix ITSM or Smart IT applications such as forms, views, consoles, and functions. Permission groups are defined within the applications with a prescribed hierarchy. For example, the Master permission supersedes the User permission, which in turn supersedes the Submitter permission, which finally supersedes the Viewer permission. So, if you want to give access to a user to change requests, give access to one of these four permission group types depending on the requirements.

In addition to the above permission group types, you can use the Config permission group type for application administrative purposes in conjunction with any one of the above permission group types.

Basic access requirements

The following sections describe the basic permissions required to access the BMC Helix ITSM .

Types of access	Description
IT user	An IT user is anyone who accesses BMC Helix ITSM with the change agent role. Additionally, users accessing BMC Helix ITSM should have access to records belonging to one or more companies. Company access is defined in each user's People record, under Access Restrictions in the Login/Access Details tab. BMC Helix ITSM uses access restrictions to determine what company information is displayed on the Dashboard and in the Consoles. Basic access requirements for a BMC Helix ITSM user might look like the following example: Access restrictions defined + permissions for the change agent role
IT administrator access	A IT administrator (IT Admin) is anyone who performs BMC Helix ITSM configuration or administration activities. IT Admins have access to the Knowledge Template Styles and Screen Configuration options in the Configuration menu. For minimum access permissions, see IT Admin permissions.

Types of access

Description

IT user

An IT user is anyone who accesses BMC Helix ITSM with the change agent role.

Additionally, users accessing BMC Helix ITSM should have access to records belonging to one or more companies. Company access is defined in each user's People record, under Access Restrictions in the Login/Access Details tab. BMC Helix ITSM uses access restrictions to determine what company information is displayed on the Dashboard and in the Consoles.

Basic access requirements for a BMC Helix ITSM user might look like the following example:

Access restrictions defined + permissions for the change agent role

IT administrator access

A IT administrator (IT Admin) is anyone who performs BMC Helix ITSM configuration or administration activities. IT Admins have access to the Knowledge Template Styles and Screen Configuration options in the Configuration menu. For minimum access permissions, see IT Admin permissions.

Change permissions

Infrastructure Change Master - Infrastructure Change Master is an administrator for Change Management. This level of permission is the highest access level for creating and updating change requests. The administrator must grant the Master permissions groups only to key personnel who own a process or who have full control over schedules.
Infrastructure Change User - The Infrastructure Change Users perform the role of a change manager or change coordinator within the Change Management process. You should grant these permissions to users who perform the role of a support group lead within the Incident Management process or a problem coordinator role within the Problem Management process, or both, and who might need to modify changes that result from Incidents, Problems, or Known Errors. Additionally, these permissions should be granted to users who perform the role of a continuity manager.
Infrastructure Change Viewer - Infrastructure Change viewer permission is superseded by the Infrastructure Change Master and Infrastructure Change User permission.
Infrastructure Change Submitter - Infrastructure Change Submitter permission is granted to Problem Coordinator and IT specialists to create change requests.

The following table describes the scope of the change permissions:

Tasks	Infrastructure Change Master	Infrastructure Change User	Infrastructure Change Viewer	Infrastructure Change Submitter	Remarks, if any
Create change request	✅️	✅️	❌️	✅️
Modify change request	✅️	✅️	❌️	❌️	The following conditions apply: Only the user with Infrastructure Change Master permissions can modify the change request after the change request is closed. The user with Infrastructure Change User permission needs multiple conditions to modify the change request. For more information, see change user conditions.
View change requests	✅️	✅️	✅️	✅️
Create approval mappings	✅️	❌️	❌️	❌️	The use with Infrastructure Change Master cannot modify the class, status, and dates in the change request.
Modify approval mappings	✅️	❌️	❌️	❌️
Create change templates	✅️	❌️	❌️	❌️	Users with the Infrastructure Change User permission and Support Group Admin functional role can create support group change templates
Modify change templates	✅️	✅️	❌️	❌️	Users with the Infrastructure Change User permission and Support Group Admin functional role can modify support group change templates. For users with the Infrastructure Change User permission, modification of templates is restricted to those templates where the user is a member of the Authoring Group.
Create tasks within the change request	❌️	❌️	❌️	❌️
Modify the tasks within the change request	✅️	✅️	❌️	❌️	The user with Infrastructure Change User permission can edit tasks if this user belongs to the assigned support group for that task, even if the user does not belong to the assigned support group for that change.
Execute the change request to completion	✅️	❌️	❌️	❌️

Modification of a change request by a Infrastructure Change User

A user with Infrastructure Change User permission can modify a change request if the following conditions are met:

Condition 1
Condition 2
Condition 3
Condition 4

Permissions required to configure BMC Helix ITSM: Change Management

Users with the Infrastructure Change Config permission can perform all change administration functions that include the following four components. The user with this permission access Mid Tier to make the configuration changes.

Component	Functions
Change Management Configuration	Configure the Mid Tier Change calendar Configure the change prioritization values Configure the process flow next stage status transitions Configure the change rules (general field enforcement and notification rules) Configure the change risk factors Configure the change templates
Foundation	Configure the approval process Register applications that will use Command Automation Interface, or CAI (advanced feature) Define commands, command parameters, and command parameter mappings for the CAI (advanced feature) KPI—configure the Mid Tier Flashboards parameters KPI—configure and register the KPI titles (advanced option)
Requestor Console	Create and update the summary definitions
Task Management System	Configure the task assignment mappings Configure the task group templates Configure the task templates Configure the variable templates

Best practice
Grant the Infrastructure Change Config permission to users requiring access to configure the component functions described in the preceding lists. Typically, you grant these permissions to a user performing the role of an Application Administrator.

Permissions required for a Change Agent

The following table lists the required permissions for Change Agents:

Important

Access to Change Management functionality in BMC Helix ITSM depends upon the level of permissions. For example, Infrastructure Change Viewers cannot create change requests, and users with only Infrastructure Change Submit or Infrastructure Change Viewer permissions cannot perform collision management or impact analysis. Users with Infrastructure Change User permission can perform these functions for change requests assigned to their support group.
In BMC Helix ITSM, users with Infrastructure Change User permissions can modify a change request if they belong to either the Change Manager group or the Change Coordinator group specified on the change request. In BMC Helix ITSM, a user with Infrastructure Change User permissions can only modify a change request if one of the following conditions is true:
- The user has the change manager functional role and belongs to the Change Manager group specified on the change request.
- The user has the change coordinator functional role and belongs to the Change Coordinator group specified on the change request

Category	Permission	Additional information
Change Management	At least one of the following permissions is required: Infrastructure Change User Infrastructure Change Master Infrastructure Change Viewer Infrastructure Change Submit	None
Asset Management	At least one of the following permissions is required: Asset Viewer Asset User Asset Admin	With the optional Receiving User permission, Change Agents can also scan assets, compare them with a purchase order, and mark them as received.

IT Admin permission

An IT Admin must have AR System Administrator permissions to perform screen configuration (for example, adding custom fields to Smart IT views) and to create knowledge template styles.

In addition, if an IT Admin provides administration for support groups in BMC Helix ITSM, that person needs Contact Organization Admin permissions. For more information, see Foundation module permission groups in the BMC Helix ITSM documentation.

Change Management Dashboard User

Users with Change Management Dashboard User permission can view the Change Management Dashboard form.

Best practice
Grant these permissions to users performing the role of a change manager or change process owner.