Data access in a multitenant environment

Access control to data in a multitenant environment is the same as in a single tenant environment. Row Level Security (RLS) is used to control data access between companies and works in the same manner as it does within a company. Members who belong to several companies in a multitenant environment use the following types of data through BMC Helix ITSM applications:

Related topics

Access-control-for-ticket-data

Data type	Description
Configuration	A company’s configuration data is accessible to the following users: A member of the company or its parent company A user with access to the company
Transactional (ticket)	Each ticket is treated as a row in BMC Helix ITSM. Access to this data can be of the following types: Unrestricted: Users with the BMC Helix ITSM Unrestricted Access role can access all ticket data. Row-level: You can choose to provide ticket data access at support group level or support group and company level. According to the Application Permissions Model setting available in System Settings form, the following users can access ticket data: Support Group: If you select this option for the Applications Permissions Model field, the following users can access ticket data: User who submits the ticket User who is assigned the ticket Owner group that owns the ticket A member of the support group associated with the ticket A member of the parent group of the support group associated with the ticket Support Group and Company: If you select this option for the Applications Permissions Model field, the following users can access ticket data: User who submits the ticket User who is assigned to the ticket Owner group or owner group company that owns the ticket A member of the parent group of the owner group or owner group company associated with the ticket A member of a support group or support group company associated with the ticket A member of the parent group of the support group or support group company associated with the ticket All the members of a location and customer company referenced on the ticket All the members of the parent group of a location and the customer companies referenced on the ticket For details, see Access-control-with-implicit-groups-Row-level-security and Inheriting-permissions-by-using-hierarchical-groups. Important This setting is not available to BMC Service Request Management. Service Requests contains additional information that is required by the agents who work on the fulfilment of the Service Request. The fulfilment of the Service Request is done through incident, work order, or other ticket that is related to the Service Request. The agent working on the fulfilment record needs to be able to see the Service Request and the related information. This is why the Service Request row level security is only enforced at the Company level.

Data type

Description

Configuration

A company’s configuration data is accessible to the following users:

A member of the company or its parent company
A user with access to the company

Transactional (ticket)

Each ticket is treated as a row in BMC Helix ITSM. Access to this data can be of the following types:

Unrestricted: Users with the BMC Helix ITSM Unrestricted Access role can access all ticket data.
Row-level: You can choose to provide ticket data access at support group level or support group and company level. According to the Application Permissions Model setting available in System Settings form, the following users can access ticket data:
- - Support Group: If you select this option for the Applications Permissions Model field, the following users can access ticket data:
    - User who submits the ticket
    - User who is assigned the ticket
    - Owner group that owns the ticket
    - A member of the support group associated with the ticket
    - A member of the parent group of the support group associated with the ticket
  - Support Group and Company: If you select this option for the Applications Permissions Model field, the following users can access ticket data:
    - User who submits the ticket
    - User who is assigned to the ticket
    - Owner group or owner group company that owns the ticket
    - A member of the parent group of the owner group or owner group company associated with the ticket
    - A member of a support group or support group company associated with the ticket
    - A member of the parent group of the support group or support group company associated with the ticket
    - All the members of a location and customer company referenced on the ticket
    - All the members of the parent group of a location and the customer companies referenced on the ticket
- For details, see Access-control-with-implicit-groups-Row-level-security and Inheriting-permissions-by-using-hierarchical-groups.

Important

This setting is not available to BMC Service Request Management. Service Requests contains additional information that is required by the agents who work on the fulfilment of the Service Request. The fulfilment of the Service Request is done through incident, work order, or other ticket that is related to the Service Request. The agent working on the fulfilment record needs to be able to see the Service Request and the related information. This is why the Service Request row level security is only enforced at the Company level.

Data access in a multitenant environment

On this page