Defining default permissions

Setting default permissions is most appropriate for a development server. When developing an application or a workflow component, first create the groups or roles that will have access to all the objects in the application or workflow. Then, configure default permissions to use those groups or roles. Thereafter, when you create these objects and fields, AR System applies the default permissions and you only need to set individual object or field permissions in cases where the default permissions are not correct.

The objects created after setting the default permissions will not derive the default permissions assigned before creating the objects.

Default permissions defined for forms on a server are shown here. The groups listed will be granted visible permissions or hidden permissions to any new forms.

Server default permissions

The Default Permissions dialog box for an application is shown here. In this case, the administrator is assigning permission for new active link guides created in the application.

Application default permissions

 The default permissions for the object type are automatically applied to the object or field when it is created, and are displayed in the Permissions property. To reset permissions to the defined default permissions for an existing object or field, open the Permissions dialog box for the object or field, and then click Restore Defaults.

To define default permissions for a server or an application

1. Open the appropriate Default Permissions dialog box.
   To set default permissions for an application:
   1. Open the application in the application editor.
   2. Select Application > Default Permissions.
       To set default permissions for a server:
   3. Select Window > Preferences.
   4. In the Preferences dialog box, expand Developer Studio and select Default Permissions.
   5. Select the appropriate server from the Server drop-down list.
2. In the Default Permissions preferences page or dialog box, select the appropriate object type.
3. To add default permissions, click Add.
    For a server, all appropriate groups are listed. For an application, the roles for that application and appropriate implicit groups are listed.
4. In the Add Groups dialog box, select the groups or roles to add and click OK.

5. In the Default Permissions page or dialog box, set the access level in the Permissions column.

   Object Types	Access level	Access for users in the group or groups mapped to the role
   Active link guide, application, form, web service	Visible	View and access the object in the user client.
   Active link guide, application, form, web service	Hidden	Access to the object only through workflow.
   Field	View	View the field.
   Field	Change	View and change the field.
   Active link, packing list	(none)	View and access the object in the user client.

6. For fields only, select or clear the Allow Any User to Submit check box. Use this mode to determine security for the field when a request is submitted. If the check box is:
   • Selected—Any user can assign a value to the field, regardless of whether the submitter belongs to an explicit group with Change permission to the field.
   • Cleared (the default)—Only users who belong to one or more explicit groups with Change permission to the field (or users who belong to explicit groups mapped to roles with Change permission to the field) can enter data into the field. Row-level security permissions cannot grant access during entry creation.

To remove default permissions

1. Select the group or role in the Permissions list and click Remove or click Remove All.
2. Click OK to save your changes and close the Preferences dialog box. The default permissions are defined for the server or application you selected and the current administrator login. Each administrator can have different default permissions for objects created on each server.

Modifying the permissions of components by using Centralized Configuration

An AR System Administrator (-110) and AR System Configuration Administrator (-100) can access the Centralized Configuration components and modify permissions of all components in the Centralized Configuration. Additionally, each component can be modified by a specific role and permission. For example, the com.bmc.arsys.approval component has Approval Administrator permission in addition to AR System Administrator and AR System Configuration Administrator permissions. For more information about the default permissions, see Default permissions for components below.

An administrator can set different permissions than the default permissions by using the AR System Configuration Permission Model Registry form.

Before you begin

Review the following information before modifying permissions:

• If you change the default permission of a component, it might create an impact on default behavior. For example:
  
  • If you remove Assignment Administrator permission from the com.bmc.arsys.assignment component, Assignment Administration Console does not show the server settings.
  • If you remove Approval Administrator permission from the com.bmc.arsys.approval component, the Approval Server cannot fetch data from the Centralized Configuration.
• If you change the permissions to access different forms of the Remedy Management Console, you must also change the same access permissions in the AR System Configuration Permission Model Registry form. For more information about the permissions to access Remedy Management Console, see Navigating-the-AR-System-Management-console-to-manage-server-groups.
• Before modifying permissions, post upgrade, ensure that the following conditions exist:
  • If you have a custom workflow that reads data from Centralized Configuration, ensure that you have the correct permissions set in the AR System Configuration Permission Model Registry form.
  • If your customized report that fetches data from Centralized Configuration does not show data, ensure you have the correct permissions set in the AR System Configuration Permission Model Registry form.
  • If you notice that the Remedy Management Console is not showing customized display, ensure that you update permission of components on the AR System Configuration Permission Model Registry form.

To modify permissions of components by using Centralized Configuration

1. Open the AR System Configuration Permission Model Registry form by using the following URL:
   http://serverName:port number/arsys/forms<server name>AR+System+Configuration+Permission+Model+Registry/Default+Administrator+View
   
2. From the Component Type list, select a component name.
3. (Optional) To configure plug-in permissions, perform the following steps:
   1. From the Component Type list, select the com.bmc.arsys.pluginServer component type. 
      
      
   2. From the Plugin Type list, perform one of the following actions:
      • If you want to change permissions for all plug-ins, do not select any option in the Plugin Type list.
      • To change permissions for normalization engine, select BMC:NormalizationEngine.
      • To change permissions for Atrium Shared plug-in server, select BMC:AtriumSharedPluginServer.
4. Click Search.
   The search results for selected component type are displayed. The Group with Change Permission list and the Group with View Permission list is populated with default values.
5. From the Group with Change Permission list, select groups and roles that you want to assign for a component.
   You can select multiple groups and roles. 
6. From the Group with View Permission list, select groups and roles that you want to assign for a component.
   You can select multiple groups and roles. 
7. Click Save.
   Permissions for the selected component are modified.

Default permissions for components

The following table describes default permissions for components: