This documentation supports the 22.1 and consecutive patch versions of BMC Helix Multi-Cloud Broker.To view an earlier version, select the version from the Product version menu.

Assigning roles and permissions

BMC Helix Multi-Cloud Broker provides out-of-the-box functional roles that administrators can assign to their users. A functional role is a collection of multiple application roles and enables users to access different applications and perform various actions. As an administrator, you assign the functional roles and associated permissions only to users who need to configure and manage BMC Helix Multi-Cloud Broker; for example configuring the system, creating and managing data, setting up integrations.

The following image illustrates an example of a functional role:

Example of functional role.png


The following table lists the out-of-the-box functional roles:

Functional role

Core task

Out-of-the-box permissions

Multi-Cloud Service Admin

Perform administrative tasks such as configuring BMC Helix Multi-Cloud Broker, adding and managing user data, managing integration templates.

Ticket Brokering Library permission

  • Multi-Cloud Service Admin

Remedy AR System permission

  • AR System Administrator

BMC Helix Innovation Suite Foundation library permissions:

  • AR Foundation Organization Read
  • AR Foundation Categorization Read
  • AR Foundation Location Read
  • AR Foundation Person Read
  • AR Foundation Geography Read

Service Level Management (SLM) library permission:

  • SLM Admin

Multi-Cloud Service Owner

View data in BMC Helix Multi-Cloud Broker and track the health of a service by using the Service Dashboard.

Ticket Brokering Library permission:

  • Multi-Cloud Service Owner

BMC Helix Innovation Suite Foundation library permissions:

  • AR Foundation Organization Read
  • AR Foundation Categorization Read
  • AR Foundation Location Read
  • AR Foundation Person Read
  • AR Foundation Geography Read

Service Level Management (SLM) library permission:

  • SLM User

Task 1: To create a people record

For a new user, you need to create a people record in Mid Tier that contains the user details; for example, contact information, support staff, access credentials.

You can create a people record by using a template or without using a template. For more information, see any of the following topics:

Important

When you create a people record, in the Login/Access Details section, in the License Type field, make sure you select Fixed, as shown in the following image:

Fixed license type.png

After you complete the steps, you can view the details of the user you created in the User form in Mid Tier.

To view the user details

The following image shows the steps to navigate to the User form in Mid Tier:

Navigate to User form.png

After you search for the user, Mid Tier displays the user details as shown in the following image:

After you search for a user, the user details are displayed in the User form.

Task 2: To assign an out-of-the-box functional role to a user

After you create the user, assign one of the out-of-the-box functional roles to the user.

To do this, perform the following steps:

  1. Log in to Mid Tier.

  2. Select Applications > Administrator Console > Application Administration Console:

    Application admin console navigation.png

  3. Click the Custom Configuration tab.

  4. In Application Settings, select Foundation > People > People and click Open.

    Open people form.png

  5. In the People form, click New Search.
  6. By using any of the fields displayed, search for the person to whom you want to assign the functional role and click Search.
    For example, search for a person by using the First Name field as shown in the following image:
    User search by first name.png

  7. Select Login/Access Details > IS Personas.

    Update personas.png

  8. In the Login ID field, enter the ID for the selected person record.
  9. Click Update Personas

  10. In the IS Personas form, enter the following details:

    Field

    Action

    Application Name

    From the list, select com.bmc.dsm.ticket-brokering-lib.

    Select application name.png

    IS Persona

    From the list, select any of the following roles:

    • Multi-Cloud Service Admin
    • Multi-Cloud Service Owner

    Select IS persona.png

  11. Click Add/Modify .
  12. Click  Close and then click  Save.


Important

If the user that you are creating is responsible to set up integrations, perform Task 3 and Task 4.

Task 3: To assign an application permission

If the user you have created is responsible to set up and manage integrations, assign an application permission relevant to that integration to the user. For example, if the user needs to set up an integration between BMC Helix ITSM incident and Jira issue, the user needs incident-specific permission to create incidents in BMC Helix ITSM.

To assign the permission, perform the following steps:

  1. After you have assigned a functional role in the previous procedure, in the People form, click the Application Permission tab.

  2. Click Update Permission Groups.

    Update permission groups.png

  3. In the Permission Group dialog box, from the Permission Group list, select a group based on the type of integration user needs to set up.
    Select permission group.png
    After you select a permission group, the text box below the License Type field provides a description of the permission group. For example, if you select Incident Master, the text box provides a description as shown in the following image:
    Permission group description.png
  4. If required, select the License Type as Fixed.
  5. Click Add/Modify.
  6. Click Close and then click Save.

Task 4: To provide access to a bundle

After you assign an application permission to the user, provide user the access to different bundles that BMC Helix Multi-Cloud Broker depends on. This access enables users to perform various activities related to those bundles; for example, receiving notifications, adding attachments to BMC Helix ITSM tickets.

To provide the bundle access, perform the following steps:

  1. After you have assigned an application permission in the previous procedure, in the People form, click the IS Bundle Access tab. 
  2. Click Update IS Bundle Access.
    Click Update IS Bundle Access.png
  3. In the IS Bundle Access pane, from the Bundle Access list, select the following bundles one by one and then click Add/Modify:
    • com.bmc.dsm.attachment-service-lib
    • com.bmc.dsm.flowsets-lib
    • com.bmc.dsm.mcsm
    • com.bmc.dsm.notification-lib
    • com.bmc.dsm.risk-management-service-lib
    • com.bmc.dsm.search-lib
    • com.bmc.dsm.shared-components-lib
    • com.bmc.dsm.shared-services-lib
    • com.bmc.dsm.slm-lib
    • com.bmc.dsm.social-lib
    • com.bmc.dsm.ticket-brokering-lib
    • com.bmc.dsm.ticketing-lib
      Select IS bundles.png
  4. Click Close and then click Save.

To view out-of-the-box roles and permissions

You can view the out-of-the-box roles and permissions that BMC Helix Multi-Cloud Broker provides in BMC Helix Innovation Studio.

To do this, perform the following steps:

  1. Log in to BMC Helix Innovation Studio.
  2. Click the Administration tab.

  3. Select Server settings > Application permissions and click Functional roles or Role permissions.

    Option clicked

    Type of information displayed

    Functional role

    Details about the functional role and a list of associated roles.

    List of roles.png

    Role permissions

    Permission details for the role.

    Role permissions.png

Licensing

Licensing BMC Helix Multi-Cloud Broker enables organizations to:

  • Control access to their application
  • Protect their intellectual property
  • Reduce management costs, and adhere to their compliance policies

When BMC provisions BMC Helix Multi-Cloud Broker for a customer, BMC SaaS Operations licenses the BMC Helix Multi-Cloud Broker application.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*