Roles and permissions
Application administrator
In , application administrator is an individual responsible for the management of the applications. However, application administrator is not a user role. Instead, a sample administrator user is provided with the capabilities that include customizing forms, setting access rights for users, and creating configurations.
User permissions
You can assign user permissions from the People form. There are different aspects to the user permissions, which together make up the permission model:
- Permission groups, which control access to basic applications, modules, and subcomponent functions.
- Support groups, which control access to the data.
- Functional roles, which provide extended access to applications, modules, and subcomponent functions.
permission groups
The Administrator permission is used in the applications. This permission grants administrator access to applications through . Administrator responsibilities include installing and maintaining the applications and making changes within .
This permission is generally reserved for developers who need access to and system administrators who need access to the system forms. This permission does not grant user access to forms. Additional application and module permissions are required for form access. For information about license types and applicable permissions, see:
How licenses relate to permissions
In , the permission groups control what areas of the application a user can access. Each permission group can access only certain areas of the application. A user can belong to more than one permission group. Typically, you assign permissions groups to the users in your IT organization based on their roles and responsibilities. The combinations suggested in the following topics are defined by ITIL as typical and are used by the BMC Service Management Process Model.
Key permission groups
When you assign permissions to someone, it is important to use only the minimum number of permissions that allow that person to perform their job.
Key user permission groups for each application
The following table illustrates the most commonly used permission groups needed by users to perform their duties. For a detailed description of all of the permission groups that are available for a particular application, click the link in the Application permissions column.
Application permissions | Key permission groups |
|---|---|
| |
Infrastructure Change Master, User or Viewer | |
Release Master, User or Viewer | |
Incident Master, User, or Viewer | |
Problem Master, User or Viewer | |
| |
Knowledge Admin, User or Viewer | |
Task User (This is only required in certain permission combinations. |
Subcomponent permission groups
Subcomponents contain features or functionality that are shared among some, or all of the applications. For example, the
subcomponent provides task management functions for and for .
Subcomponent | Permissions |
|---|---|
| |
| |
|
user and group synchronization to BMC Helix Portal
For users to use their existing credentials to authenticate , the BMC SaaS Operations team needs to perform some configurations to sync the users in . For more information, see User identities in BMC Helix Portal and contact BMC Customer Support.
Administration and process owner permissions
The remaining permissions control access to the application configuration functions and are typically assigned to either an Application Administrator or to an Application Process Owner. These permissions are described in the following table.
Application permissions | Application Administrator/Process Owner permissions |
|---|---|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|