Foundation module permission groups

The Foundation module is installed along with service management applications. The service management applications use the Foundation module to manage common data structures used by all applications. These data structures include Company, Organization, Location, Support Groups, People, Categorization and Product Catalog information. Foundation data is also used to configure the AR Approval, Assignment, and the Notification engine.

Best practice
In the permissions listed in the table below, the following key permissions that give configuration access to the main data structures of the service management applications:

  • Config Categorization Admin (used to configure the main categorization data structures)
  • Config Group Mapping Admin (used to configure assignment routing mappings)
  • Contact Location Admin (used to configure the Company and Location data structures)
  • Contact Organization Admin (used to configure the Company, Organization and People data structures)

We recommend that you use these permissions when starting the configuration process.


Description of the Foundation module permission groups

Important

None of the permissions listed in this table need an application user license.


Permissions

Description

Approval Admin

Users with Approval Admin permissions can access the Approval Server administration console. The Approval Server comes with the Action Request System platform and is installed independently of the BMC Helix ITSM applications.

Best practice: We recommend that you are also as registered as an active Process Administrator with Full Admin authority or an AR System Administrator to access theApproval Server administration console. Typically, these permissions are needed only if you are extending or customizing the out-of-the-box approval server configurations. These permissions are not needed to manage the BMC Helix ITSM applications Approval Mappings.

ASE-Administrator

Users with ASE-Administrator permission have configuration access to the BMC Assignment Engine. The Assignment Engine comes with the Action Request System platform and is installed independently of the BMC Helix ITSM applications.

Typically, these permissions are only needed if you are extending or customizing the out-of-the-box assignment engine configuration options. These permissions are not needed to manage the BMC Helix ITSM applications Assignment Mappings.

Command Event Master

Users with Command Event Master permission can perform the following functions:

  • Register applications that use CAI - an advanced feature.
  • Define commands, command parameters and command parameter mappings for the CAI - an advanced feature.

The Infrastructure Change Config and the SRM Administrator permissions also grant access to the same two functions in the preceding list. Users with these permissions do not need the Command Event Master permission. Typically, these permissions are needed only if you are extending or customizing the CAI plug-in.

Config Categorization Admin

Users with Config Categorization Admin permission can perform the following functions:

  • Configure catalog mappings.
  • Configure generic catalog structures (for example, the Resolution Category and Root Cause categories).
  • Configure operational categories.
  • Configure product categories.
  • Access the Product Catalog console.

This is a key permissions group for Application Administrators who are implementing and administering BMC Helix ITSM applications.

Config Categorization User

This permission grants the same level of access as the Config Categorization Admin permission.

Config Group Mapping Admin

Users with Config Group Mapping Admin permission can configure Assignment Mappings.

This is a key permissions group for Application Administrators who are implementing and administering BMC Helix ITSM applications.

Contact Location Admin

Users with Contact Location Admin permission can perform the following functions:

  • Create and modify company data.
  • Configure country currencies.
  • Create and update country, state or province and city data.
  • Create and update site data.
  • Access the product catalog console.

This is a key permissions group for Application Administrators who are implementing and administering BMC Helix ITSM applications.

Contact Organization Admin

Users with Contact Organization Admin permission can perform the following functions that span the following three components:
Foundation component
Organization data:

  • Create company data.
  • Modify support group data.

People data:

  • Create and modify all people records (full access to people data including both support and non-support staff excluding access to HR specific attributes).
  • Access the people management console to perform bulk updates.
  • Perform support company access configuration.
  • Configure people templates.
  • Access the product catalog console.
  • Give unrestricted access to other users. For this, the Contact Organization Admin must have unrestricted access. To grant unrestricted access, see Granting-people-access-to-companies.

Change Management component (when Change component is installed)

  • Configure Approval Mappings..

Release Management component (when Release component is installed)

  • Configure Approval Mappings.
    This is a key permissions group for Application Administrators who are implementing and administering BMC Helix ITSM applications.

Users with Contact Organization Admin permissions do not need Contact Support Admin, Contact People Admin and Contact People User permissions.

Contact Support Admin

Users with Contact Support Admin permission can perform the following functions that span the following three components:

Foundation component

  • Create and modify all people records (full access to people data including both support and non-support staff excluding access to HR specific attributes).
  • Access the people management console to perform bulk updates.
  • Configure people templates.

Change Management component (when Change component is installed)

  • Configure approval mappings.

Release Management component (when Release component is installed)

  • Configure approval mappings.

People with Contact Support Admin permissions do not need the Contact People Admin and Contact People User permissions.

Contact People Admin

Users with Contact People Admin permission can perform the following functions:

  • Create and modify all non-support people records (these permissions do not allow a user to create support staff people records, nor does it give access to HR specific attributes).
  • Access the people management console to perform bulk updates.

People with Contact People Admin permissions do not need Contact People User permissions.

Contact People HR Admin

Users with Contact People HR Admin permissions can access the following information from the Attributes tab on the People form:

  • HR attendance management
  • HR time management
  • Benefit information
  • Travel profile

Best practice: We recommend that you give these permissions with one of the following permissions to give access to the HR specific attributes mentioned in the preceding list:

  • Contact Organization Admin
  • Contact Support Admin
  • Contact People Admin
  • Contact People User

Contact People User

Users with Contact People User permission can create and modify all non-support People records. These permissions, however, do not allow a user to create or modify Support Staff people records, nor do they give access to HR specific attributes. People records can be created only in the "Proposed" state and access to change Profile Status is not permitted with these permissions.

Users with Contact People User can create person profile only from the Standard Configuration tab of the Application Administration Console. 
The Contact People User permissions are superseded by the Contact Organization Admin, Contact Support Admin and Contact People Admin permissions.

DMT Admin

DMT Admins can create, view, modify, cancel, or delete all jobs, steps, and templates for the companies that they have been given access to (including jobs that have been created by other users). If required, they can create company-specific templates.

If DMT Admins are given unrestricted access they can update all jobs for all companies in the system.

DMT Admins can select custom templates and modify any custom template if they are a member of the associated company.

DMT Admins can copy out-of-the-box dataload spreadsheets to create their own spreadsheets. They can view, modify, or delete all dataload spreadsheets that they have been given company access to.

DMT = Data Management Tool

DMT User

DMT Users can create jobs, steps, and templates for the companies that they have access to. They are able to view all jobs that belong to their companies but they can only modify, cancel, or delete the jobs, steps, and templates that they have created. If required, they can create company-specific templates.

DMT Users can select custom templates if they are a member of the associated company.

DMT Users can copy out-of-the-box dataload spreadsheets to create their own spreadsheets. They can view all dataload spreadsheets for their companies but can only modify or delete spreadsheets that are created by them.

DSL Master

Users with DSL Master permissions can perform the following functions from the Product Catalog console:

  • Create products and suites.
  • Create patch files.
  • Create SLIs.

The following foundation permissions groups grant the same access to the Product Catalog console, so users with any of these permissions don't need DSL Master permissions:

  • Contact Location Admin
  • Contact Organization Admin
  • Config Categorization Admin

DSL Viewer

Users with DSL Viewer permissions have access to the following functions from the Product Catalog console:

  • View products and suites
  • View patch files
  • View SLIs

Give these permissions to users who need to view Product information using the Product Catalog console.

Licensing

Users with Licensing permissions can grant AR Fixed or Floating licenses to a person from within the People form.

Give these permissions with one of the following permissions to give grant access for the Action Request System licenses as mentioned above:

  • Contact Organization Admin
  • Contact Support Admin
  • Contact People Admin
  • Contact People User

Notification Admin

Users with Notification Admin permissions can perform the following functions:

  • Configure country code option for paging services.
  • Configure prefix numbers that appear on numeric pager messages to identify which application sent the page.
  • Configure pager service parameters.

Give the Notification Admin permission to an Application Administrator who configures the paging parameters used in the Notification Engine. There are additional configuration forms used by the Notification Engine that can be configured, however you need AR Administrative permissions to access these forms.

Security

Users with Security permissions can reset other user's passwords from the Password Rest form.

Grant the security permission to the Application Administrator who resets passwords. This permission can also be given to user's performing the role of a Service Desk Agent.

Archive Administrator

Archive Administrator permission grants access to the Archive Manager console.