Asset Management user roles and permissions

To access Asset Management, you need one of the following permissions:

Asset admin—A user with Asset admin permission can create and modify an asset and perform all Asset Inventory functions. A user with this permission can also copy an existing asset and create a new asset.
Asset user—A user with Asset user permission, who is part of a support group that has Created by, Managed by, or Supported by roles to an asset, can modify the asset and perform all the Asset Inventory functions, except creating an asset-to-asset relationship. Users with Asset user permission who are not part of these support groups can only view the asset information.
Asset viewer—A user with the Asset viewer permission can only view the asset information.

Task	Asset admin	Asset user (is part of the support group that has a Supported by role to an asset)	Asset viewer
Create asset	✅️ (Create asset by copying an existing asset)	✅️ (Create an asset)	❌️
Copy asset	✅️	✅️ (With asset creator functional role)	❌️
View asset	✅️	✅️	✅️
Modify asset	✅️	✅️	❌️
Add related Items	✅️	✅️	❌️
Delete related Items	✅️	✅️	❌️
View related Items	✅️	✅️	✅️
Add related assets	✅️	❌️	❌️
Delete related assets	✅️	❌️	❌️
View related assets	✅️	✅️	✅️
View contracts	✅️	✅️	✅️
Add outages	✅️	✅️	❌️
Delete outages	✅️	✅️	❌️
View outages	✅️	✅️	✅️
Add people relationships	✅️	✅️	❌️
Delete people relationships	✅️	✅️	❌️
View people relationships	✅️	✅️	✅️
Add financial details	✅️	✅️	❌️
Edit financial details	✅️	✅️	❌️
View financial details	✅️	✅️	❌️

To assign the Asset Automation Admin functional role to a user

Log in to Mid Tier.
In the Application Administration Console, click the Custom Configuration tab.
From the Application Settings list, select Foundation > People > People, and click Open.
On the People form, select the user to whom you want to assign the functional role.
Select Login/Access Details > IS Personas.
In the Login ID field, enter the login id of the user.
Click Update Personas.
On the IS Personas form, enter the following details:
Field
Description
Application Name
Select com.bmc.dsm.asset-automation.
Persona
Select Asset Automation Admin.
Click Add/Modify.
Click Close and then click Save.

Field	Description
Application Name	Select com.bmc.dsm.asset-automation.
Persona	Select Asset Automation Admin.

Instructions for classic interfaces

View instructions for Mid Tier

To access the various modules in Mid Tier, you need the following permissions and authorizations:

Asset Management permissions
Contract Management permission model
Cost module permission model

Asset Management permissions

This table describes the Asset Management permissions for the following user roles.

Important

Add licenses only for the features and number of users that correspond to your license entitlements. Your subscription or purchase determine your license entitlements.
If you select the Application user license type as None, you get only Asset Inventory permissions. For information about these permissions, see Asset Inventory permissions.

Permissions	Description	Application user license type	Best practice
Asset Admin	Users with Asset Admin permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions: Create, modify, and administer contracts Create and modify license certificates from the Software Asset Management (SAM) console Create and modify CIs Create, modify, view and delete CI Unavailability records (also referred to as Outage records) Manage configurations Manage schedules Manage costs Perform bulk update functions Configure costing and charge back periods from the Application Administration console Important: This permission does not grant access to purchasing or receiving functions. A person with Asset Admin permissions does not need Asset User and Asset Viewer permissions. Users with Asset Admin permissions have full access to contracts and Software License Management (SWLM) features, which means they do not need any other Contract permissions unless they must create new Contract Types (this ability comes with Contract Admin permissions) or configure certain aspects of SWLM (this ability is given with Contract Config permissions).	Fixed Floating None	We recommend that you grant these permissions only to users performing a Configuration Administrator role.
Asset User	Users with Asset User permissions can perform the following Asset Management functions: Modify contracts Create, modify, and delete the following items within a CI record to which the user has access. Important They cannot perform these functions from the Asset Management console: Contracts Configurations Costs Outages Returns Schedules Important To modify the CI, the user with Asset User permission must be a member of the Supported by role that is associated with the CI. Asset Admin permission is required to access inventory management and bulk update features. The Asset User permission does not have access to the following functions: Inventory management Bulk update Purchasing Receiving Creating CI to CI relationship A user with Asset User permissions does not automatically get the equivalent permissions as the Contract User permissions group. If a user requires the ability to either modify license certificates or manage License jobs as part of SWLM, they must also be given Contract User permissions.	Fixed Floating None	We recommend that you grant these permissions to users who are directly supporting specific CIs and who must update CI attributes. Users with the Asset User permission can also update relationships for the following Request types: Incident Infrastructure Change Known Error Problem Investigation Release Solution Database
Asset Viewer	Users with Asset Viewer permissions have access to all of the Asset Inventory functions as well as the following Asset Management functions: Read access to contracts Read access to the following items within a CI record: Contracts Configurations Outages Schedules Important The Asset Viewer permission does not grant access to: Inventory management Bulk update Cost management Purchasing Receiving functions Software Asset Management console Asset Viewer permissions are granted automatically when any of the following permissions are assigned: Incident User Incident Master Problem User Problem Master Infrastructure Change User Infrastructure Change Master Infrastructure Change Config Release Config Release Master Release User Task Manager Task User Purchasing User Contract Admin Contract User Contract Viewer Request Catalog Manager	None	We recommend that you grant the Asset Viewer permission to all Support personnel (that is, users who do not already have the Asset Admin or Asset User permissions). Having access to CI information is vital for most ITIL processes.
Asset Config	Users with Asset Config permission have access to all of the Asset Inventory functions as well as the following Asset Management functions: Configuring CI depreciation criteria Configuring CI notifications Configuring CI Unavailability status Configuring License Types Configure Inbox preferences for SWLM Configuring License Engine for SWLM Configuring Asset Management rules Configuring CI Unavailability priority Setting up server information for AR System License Type for Software License Management Important Users with Asset Config permissions do not need Contract Config permissions.	Fixed Floating None	We recommend that you grant these permissions only to users who administer the Asset Inventory and Asset Management system (that is, to a user who acts as an Application Administrator).
Purchasing User	Users with Purchasing User permissions can access the following functions within BMC Helix ITSM: Asset Management: Create and modify purchase requisitions that are assigned to the user's support group (including line items). Create and modify purchase orders. This permission grants access to only the purchasing functions (excludes receiving) and does not provide any access to areas where an Asset or Contract type permission is required.	Fixed Floating	We recommend that you limit the use of these permissions to users who perform the following roles in the Asset Management Purchasing feature: Configuration Administrator—These users might submit purchase requests issued through the Change Management process. Purchasing Agent
Receiving User	Users with Receiving User permissions can access the Receiving console to receive CIs from the Purchasing system.	None	We recommend that you grant these permissions only to users who use the Asset Management Purchasing feature, such as Purchasing Agents.
Contract Admin	Users with Contract Admin permissions can perform the following functions: Create and modify all contracts from the Contract console Create and modify license certificates from SAM console Configure new Contract Types from the Application Administration console Manage license jobs from the SAM console Important A user with Asset Admin permissions can do everything that a user with Contract Admin permissions can with the exception of creating new Contract Types.	Fixed Floating	We recommend that you grant these permissions to users who need full access to the Contract Management features, but who don't need the full Asset Management access given by the Asset Admin permissions group.
Contract User	Users with Contract User permissions can perform the following functions: Modify public contracts from the Contract console Modify internal contracts from the Contract console (if the user belongs to the Support Group that manages the contract) Create and modify license certificates for contracts users have access to from the SAM console Manage license jobs from SAM console	Fixed Floating	We recommend that you grant these permissions to users who need controlled access to create and modify contracts, but who do not require access to modify CI information. If a user also needs to modify CI information, also give that user Asset User permissions.
Contract Viewer	Users with Contract Viewer permission can view all contracts from the Contract console. Important: This permission does not grant access to the SAM console. The Asset Viewer permission grants the same type of access to contracts and CI information as the Contract Viewer permission. Users with Asset Viewer permissions do not also need Contract Viewer permissions.	None	We recommend that you grant these permissions to users who require view access to contracts.
Contract Config	Typically, an application administrator requires this set of permissions. Users with Contract Config permission can perform the following functions: Configure License Types. Configure Inbox preferences for SWLM Configure the License Engine for SWLM Configure Asset Management rules Set up server information for the AR System License Type for SWLM Important: This permission does not grant access to the SAM console. If a user has Asset Config permission they do not need Contract Config permissions because the Asset Config permissions group can configure the same SWLM features that the Contract Config permissions can configure.	Fixed Floating	We recommend that you grant these permissions to users who must only configure Software License Management (SWLM) features.

Contract Management permission model

Contract Management permission groups are defined as computed groups in the Group form. Each Contract Management permission group is mapped to an Asset permission group to support the deployable application functionality. To remove specific users from the computed group, remove the BMC Helix ITSM: Asset Management groups for each Contract permission group.

Cost module permission model

The cost module uses the following permissions:

Cost Viewer — Can only view cost data
Cost User — Can add costs
Cost Manager — Can update and manage the charge-back process

Asset Management roles

The following table describes the several roles and their permissions that a user in Mid Tier can be associated with :

Role	Permission	Description
Asset Creator	Asset User	Asset user with an asset creator functional role can create an asset.
Asset administrator	Asset Admin Contract User Purchasing User Receiving User Incident Viewer Problem Viewer Release Viewer Infrastructure Change Viewer Knowledge Viewer (Optional) Contact Organization Admin This permission is needed only when the user must create support groups that manage CIs. Otherwise, the user must have the functional role of Support Group Admin. (Optional) Contact Categorization Admin This permission is needed only if the user must create and update the product categorization data structures for the CI data.	The asset administrator requires an overall view of the CIs for which their support groups are responsible. Some organizations refer to this role as asset manager or configuration administrator.
Contract manager	Contract Admin	The contract manager is responsible for managing IT contracts. In some organizations, the contract manager also takes on the role of software asset manager.
Financial manager	Cost Manager permission	The finance manager uses BMC Helix ITSM: Asset Management to review cost information and prepares periodic charge-back and cost-recovery reports.
Purchasing agent	Purchasing User (needed only if you use the Purchasing module) Receiving User (needed only if you use the Purchasing module) Incident Viewer Problem Viewer Infrastructure Change Viewer Release Viewer Contract Viewer Asset Viewer Knowledge Viewer	The purchasing agent is in charge of the purchases in an organization.
Software asset manager	Asset Admin	The software asset manager is responsible for optimizing software assets and for managing compliance with software license contracts. The software asset manager also evaluates the usage of software licenses to make sure that the organization is not over purchasing licenses.
Approver	Asset Viewer Incident Viewer Infrastructure Change Viewer Problem Viewer	An approver can be any person in your organization.