Creating and modifying users

A user is any person to whom you provide permission to access BMC Helix Innovation Suite. Users can be members of multiple groups or no group at all. Users in BMC Helix Innovation Suite range from an administrator who maintains the entire system, to employees who submit requests or view data.

BMC Helix Innovation Suite includes one out-of-the-box, predefined user named Demo, with administrator access and permissions. You can use the User form via Mid Tier to rename this user and create additional users.

Users are assigned to groups according to their need to access information.

Important

Login IDs or login names must not contain ampersand (&) or question mark (?) characters.

Example

You might create a group called Employee Services Staff whose members are permitted to view and change only certain fields in an Employee Information form. You might have another group called Employee Services Managers whose members are permitted to view and change all fields in the Employee Information form, including salary information. You can also configure a hierarchical relationship between groups to allow the parent group to inherit the permissions of the child group.

Use the information in the following sections to create, modify, or delete users and to enable users to change their information. You can apply the three Fixed licenses included with BMC Helix Innovation Suite to new users.

BMC Helix Innovation Suite

User form access

BMC Helix Innovation Suite provides the following access to User form:

  • The Public group has Hidden permission to the User form.
  • The Dynamic Group Access field on the User form provides users read permission to the following fields: Login Name, Password, and Request ID. These permissions are automatically given to all new users that the administrator creates.

If you customized the User form, these changes might affect your customizations.

These changes enable you to enforce a password policy. For more information, see Enforcing-a-password-policy-for-BMC-Helix-Innovation-Suite.

To create users

Important

Creating new users might consume additional write licenses in the system depending on the license type. You might want to look at the license usage report to see the impact on licensing.

  1. Log in to Mid Tier.
    If you are the first administrator to log in, you must log in as an administrator and leave the Password field empty. 
    AR System user names are case-sensitive.
    During initial installation, the Demo user is installed as Administrator without a required password. To keep AR System secure, add a password for this user as soon as possible.
  2. From the AR System Administration Console, select System > Application > Users/Groups/Roles > Users.
    The User form opens in Search mode.
    221_User form.png
  3. Select Actions > New to switch to New mode.

  4. Enter the information in the appropriate fields:


  5. Save your changes.

Adding and modifying user information

Important

If you use BMC Helix Innovation Suite-based applications, set up users in People form, not in the User form. For more information, see Creating and modifying People data.

In BMC Helix Innovation Suite, you can have registered users and guest users. Each type of user has different privileges within the system, as discussed in the following sections. 

You enter data in the User form to define the components that work together to determine each user's access to BMC Helix Innovation Suite: login name, password, group membership, and license type. You also define notification information for each user in this form. For more information, see Restrictions for users and groups. The following image shows the fields in the User Information section of the User form:

221_User form_user info section.png

To grant permission to a user for BMC Helix Innovation Suite objects, add the user to the groups to which you want to give them access. To add a user to a group, select the appropriate group from the Group List menu on the User form. Use spaces to separate multiple group names in the Group List field. You can select from the reserved BMC Helix Innovation Suite groups.

If the group information is returned through external authentication, you cannot be a part of any administrator group. You can be a part of the administrator group only from the User form. For information, see Setting-external-authentication-options and Specifying-internal-and-external-authentication.

You can get group information from external authentication only if the Group List is NULL.

For more information, see User-and-group-access.

Restrictions for creating users and groups

You cannot create other users with more administrative rights than yourself, and you cannot modify your own rights.

These restrictions help you to prevent the following conditions:

  • Creation of an administrative user by a non-administrative user.
  • Creation of an administrative user with access to more overlay groups than the administrative user who created them.

The following restrictions are applied before and after you create or modify any user in the User and Group form.

  • Only an administrator can create, modify, or delete users belonging to another Administrator, Sub-Administrator, Struct Admin, or Struct Sub-Admin groups. 
    A user must have Group ID 1 (AR Administrator) in the group list to create/modify/delete another user with any of the four administrative class groups in their group list.

  • No Admin user can create or modify a user (themselves included) with lesser administrative restrictions than the user making the modification. 
    For example, an administrator user with Overlay Group 1 cannot create or modify users with no overlay groups. Consider a situation where you have created an ABCGroup with an Overlay Group set to 1. User ABCAdmin is part of Administrator group and ABCGroup. However, ABCAdmin is restricted only to the ABCGroup. ABCAdmin can change (create/modify/delete) any user belonging only to the ABCGroup. For more information about creating a group as an overlay group, see Creating-and-managing-access-control-groups.
    Additionally, a user cannot create another admin user with permission to modify base objects if they themselves do not have the necessary permissions. 

    Best practice
    We recommend that you restrict your users to make modifications only to custom objects and overlays.

  • Only an unrestricted administrator can create, modify, or delete groups that restrict a user’s administrative capabilities.
  • Only an administrator with no overlay specific groups can create, modify, or remove overlay specific groups.

Restrictions for editing the service account details

Only the BMC SaaS operations team can edit the service account details on the User form.  The AR System administrator cannot edit service accounts by using the User form. 

The following warning is displayed when you attempt to edit service account details:

23_3_03_Service_Account_Error_Msg.png

To modify user information

  1. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
    The User form opens in Search mode.
    221_User form.png
  2. Click Search to retrieve a list of defined users.
  3. Select the appropriate user from the list.
  4. Modify information in the appropriate fields. 

  5. Save your changes.

    Warning

    If you modify the Administrator's Fixed license or Administrator group membership before you create another Administrator user, you lose administrator privileges.

To delete users

  1. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
    The User form opens in Search mode.
  2. Click Search to retrieve a list of defined users.
  3. Select the appropriate user from the list.
  4. Select Actions > Delete.
    A confirmation box appears to verify that you want to delete the selected users.
    221_user form_delete user.png

  5. Click OK.

    Warning

    If you delete the Administrator before you create another Administrator user, you lose administrator privileges.

To enable users to change user record information

  1. Open the User form in Developer Studio.
    221_DevStudio_User Form.png
  2. Make the User form's Assigned To field visible by performing the following steps:
    221_assignedTo_hidden.png 
    By default, the field is hidden.
    1. Double-click the Assigned To field to open the field Properties dialog box.
      221_Properties tab.png
    2. On the Display tab, clear the Hidden check box.
  3. Grant the Assignee group Change permission for the Password, Default Notify Mechanisms, or Email Address fields.
  4. Grant public Visible permissions.
    See Field-permissions.
  5. Click Save and close Developer Studio.
  6. In a browser, open the AR System Administration Console, and select System > Application > Users / Groups / Roles > Users.
    The User form opens in Search mode. The Assigned To field is visible in the User form.
  7. Retrieve a list of defined users.
  8. Select the appropriate user from the list.
  9. Copy the Login name to the Assigned To field to make the user the Assignee.
    By using the Assignee group, you can enable the user to modify the user's password, default notification mechanism, or email address.
    You can also make the user the Submitter by entering the same name in the Login name field and in the Creator field.
  10. Click Save.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*