Creating and modifying users

A user is any person to whom you give permission to access BMC Helix Innovation Suite. Users can be members of multiple groups or no group at all. Users in BMC Helix Innovation Suite range from an administrator (who maintains the entire system) to employees (who submit requests or view data).

BMC Helix Innovation Suite includes one predefined user. You can use the User form in a browser to rename this user and create additional users.

Users are assigned to groups according to their need to access information. For example, you might create a group called Employee Services Staff whose members are permitted to view and change only certain fields in an Employee Information form. You might have another group called Employee Services Managers whose members are permitted to view and change all fields in the Employee Information form, including salary information. You can also configure a hierarchical relationship between groups to allow the parent group to inherit the permissions of the child group. For more information about creating groups, see Creating-and-managing-access-control-groups.

Use the following procedures to create, modify, or delete BMC Helix Innovation Suite users and to enable users to change their information. You can apply the three Fixed licenses included with BMC Helix Innovation Suite to new users.

User form access

BMC Helix Innovation Suite provides following access to User form:

• The Public group has Hidden permission to the User form.
• The Dynamic Group Access field on the User form gives users read permission to the following fields: Login Name, Password, and Request ID. These permissions are automatically given to all new users that the administrator creates.

If you customized the User form, these changes might affect your customizations.

These changes enable you to enforce a password policy. See Enforcing-a-password-policy-introduction.

To create users

1. Log in to a browser.
   If you are the first administrator to log in, you must log in as an administrator and leave the Password field empty. (Remedy AR System user names are case-sensitive.)
   During initial installation, the Demo user is installed as Administrator without a required password. To keep Remedy AR System secure, add a password for this user as soon as possible.
2. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
   The User form opens in Search mode.
   
3. Select Actions > New to switch to New mode.

4. Enter information in the appropriate fields.

   
   
5. Save your changes.

Adding and modifying user information

In BMC Helix Innovation Suite, you can have registered users and guest users. Each type of user has different privileges within the system, as discussed in the following sections. 

You enter data in the User form to define the components that work together to determine each user's access to AR System: login name, password, group membership, and license type. You also define notification information for each user in this form. For more information, see Restrictions for users and groups.

To grant a user permission for BMC Helix Innovation Suite objects, add the user to the groups to which access will be given. To make a user part of a group, choose the appropriate group from the Group List menu in the User form. (Multiple group names in the Group List field are separated by spaces.) You can select from the reserved BMC Helix Innovation Suite groups.

If the group information is returned through external authentication, you cannot be a part of any administrator group. You can be a part of the administrator group only from the User form. For information, see Setting-external-authentication-options and Specifying-internal-and-external-authentication.

You can get group information from external authentication only if the Group List is NULL.

For more information, see User-and-group-access.

Restrictions for users and groups

You cannot create other users with more administrative rights than yourself, and you cannot modify your own rights.

The new restrictions are applied to prevent:

• Creation of an administrative user by a non-administrative user.
• Creation of an administrative user with access to more overlay groups than the administrative user who created them.

The following restrictions are applied before and after you create or modify any user in the User and Group form.

• Only an administrator can create, modify, or delete other users belonging to the Administrator, Sub-Administrator, Struct Admin, or Struct Sub-Admin groups. 
  A user must have Group ID 1 (AR Administrator) in the group list to create/modify/delete another user with any of the four administrative class groups in their group list.

• No Admin user can create or modify a user (themselves included) with lesser administrative restrictions than the user making the modification. 
  For example, an administrator user with Overlay Group 1 cannot create or modify users with no overlay groups. Consider a situation where you have created an ABCGroup with an Overlay Group set to 1. User ABCAdmin is part of Administrator group and ABCGroup. However, ABCAdmin is restricted only to the ABCGroup. ABCAdmin can change (create/modify/delete) any user belonging only to the ABCGroup. For more information about creating a group as an overlay group, see Creating-and-managing-access-control-groups.
  Additionally, a user cannot create another admin user with the ability to modify base objects if they themselves cannot do it. 

  Best practice
  We recommend that you restrict your users to make modifications only to custom objects and overlays.

• Only an unrestricted administrator can create, modify, or delete groups that restrict a user’s administrative capabilities.
  Only an administrator with no overlay specific groups can create, modify, or remove overlay specific groups.

To modify user information

1. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
   The User form opens in Search mode.
2. Click Search to retrieve a list of defined users.
3. Select the appropriate user from the list.
4. Modify information in the appropriate fields. (See the table above.)

5. Save your changes.

   Warning

   If you modify the Administrator's Fixed license or Administrator group membership before you create another Administrator user, you lose administrator privileges.

To delete users

1. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
   The User form opens in Search mode.
2. Click Search to retrieve a list of defined users.
3. Select the appropriate user from the list.
4. Choose Actions > Delete.
   A confirmation box appears to verify that you want to delete the selected users.

5. Click OK.

   Warning

   If you delete the Administrator before you create another Administrator user, you lose administrator privileges.

To enable users to change user record information

1. Open the User form in Developer Studio.
2. Make the User form's Assigned To field visible. (By default, the field is hidden.)
   1. Double-click the Assigned To field to open the field Properties dialog box.
   2. In the Display tab, clear the Hidden check box.
3. Give the Assignee group Change permission for the Password, Default Notify Mechanisms, or Email Address fields.
4. Give public "visible" permissions.
   See Field-permissions.
5. Save your changes, and close Developer Studio.
6. In a browser, open the AR System Administration Console, and select System > Application > Users / Groups / Roles > Users.
   The User form opens in Search mode. The Assigned To field is visible in the User form.
7. Retrieve a list of defined users.
8. Select the appropriate user from the list.
9. Copy the Login name to the Assigned To field to make the user the Assignee.
   By using the Assignee group, you enable the user to modify the user's password, default notification mechanism, or email address.
   You can also make the user the Submitter by entering the same name in the Login name field and in the Creator field.
10. Save your changes.