Defining default permissions

Setting default permissions is most appropriate for a development server. When developing an application or a workflow component, first create the groups or roles that will have access to all the objects in the application or workflow. Then, configure default permissions to use those groups or roles. Thereafter, when you create these objects and fields, AR System applies the default permissions and you only need to set individual object or field permissions in cases where the default permissions are not correct.

The following figure shows the default permissions defined for forms on a server. The highlighted groups in the figure are granted visible or hidden permissions to any new forms:

The following figure shows the Default Permissions dialog box for an application. In this case, the administrator assigns permissions for new active link guides created in the application.

The default permissions for the object type are automatically applied to the object or field when it is created, and are displayed in the Permissions property. To reset permissions to the defined default permissions for an existing object or field, open the Permissions dialog box for the object or field, and then click Restore Defaults.

To define default permissions for a server or an application

1. Log in to Developer Studio.
2. Open the appropriate Default Permissions dialog box.

3. Select an option from the table and perform the corresponding steps as required:

   Task	Steps
   To set default permissions for an application	Open the application in the application editor. Select Application > Default Permissions.
   To set default permissions for a server	Select Window > Preferences. In the Preferences dialog box, expand Developer Studio and select Default Permissions. Select the appropriate server from the Server drop-down list.

4. On the Default Permissions preferences page (for server) or dialog box (for an application), select the appropriate object type.
5. To add default permissions, click Add.
   For a server, all appropriate groups are listed. For an application, the roles for that application and appropriate implicit groups are listed.
6. In the Add Groups dialog box, select the groups or roles to add and click OK.

7. On the Default Permissions page or dialog box, set the access level in the Permissions column. The following table describes the access levels:

   Object Types	Access level	Access for users in the group or groups mapped to the role
   Active link guide, application, form, web service	Visible	View and access the object in the user client.
   Active link guide, application, form, web service	Hidden	Access to the object only through workflow.
   Field	View	View the field.
   Field	Change	View and change the field.
   Active link, packing list	(none)	View and access the object in the user client.

8. For fields only, set the Allow Any User to Submit check box with the following options:
   Use this mode to determine security for the field when a request is submitted.
   
   • Selected—Any user can assign a value to the field, regardless of whether the submitter belongs to an explicit group with Change permission to the field.
   • Cleared (Default)—Only users who belong to one or more explicit groups with Change permission to the field (or users who belong to explicit groups mapped to roles with Change permission to the field) can enter data into the field. Row-level security permissions cannot grant access during entry creation.

To remove default permissions

1. Select the group or role in the Permissions list and click Remove or click Remove All.
2. Click OK to save your changes and close the Preferences dialog box.
   The default permissions are defined for the server or application you selected and the current administrator login. Each administrator can have different default permissions for objects created on each server.

Modifying the permissions of components by using Centralized Configuration

An AR System Administrator (-110) and AR System Configuration Administrator (-100) can access the Centralized Configuration components and modify permissions of all components in the Centralized Configuration. For example, the com.bmc.arsys.approval component has Approval Administrator permission in addition to AR System Administrator and AR System Configuration Administrator permissions.

For more information about the default permissions, see Default permissions for components below.

An administrator can set different permissions than the default permissions by using the AR System Configuration Permission Model Registry form.

Before you begin

Review the following information before modifying permissions:

• Changing the default permission of a component can create an impact on default behavior.
  Consider the following examples:
  
  • If you remove Assignment Administrator permission from the com.bmc.arsys.assignment component, Assignment Administration Console does not show the server settings.
  • If you remove Approval Administrator permission from the  com.bmc.arsys.approval component, the Approval Server cannot fetch data from the Centralized Configuration.
• If you change the access permissions for the different forms of the AR System Management Console, you must change the same access permissions in the AR System Configuration Permission Model Registry form. For more information about the permissions to access AR System Management Console, see Navigating-the-AR-System-Management-console-to-manage-server-groups .
• In case of an upgrade, before modifying the permissions, make sure that the following conditions exist:
  • If you have a custom workflow that reads data from Centralized Configuration, make sure that you have the correct permissions set in the AR System Configuration Permission Model Registry form.
  • If your customized report that fetches data from Centralized Configuration does not show data, make sure that you have the correct permissions set in the AR System Configuration Permission Model Registry form.
  • If you notice that the AR System Management Console is not showing customized display, make sure that you update the permission of components on the AR System Configuration Permission Model Registry form.

To modify permissions of components by using Centralized Configuration

1. Open the AR System Configuration Permission Model Registry form by using the following URL:
   http://serverName:port number/arsys/forms<server name>AR+System+Configuration+Permission+Model+Registry/Default+Administrator+View.
2. From the Component Type list, select a component name.
3. (Optional) To configure plug-in permissions, perform the following steps:
   1. From the Component Type list, select the com.bmc.arsys.pluginServer component type. 
      
   2. From the Plugin Type list, perform one of the following actions:
      • To change permissions for all plug-ins, do not select any option in the Plugin Type list.
      • To change permissions for the normalization engine, select BMC:NormalizationEngine.
      • To change permissions for tje Atrium Shared plug-in server, select BMC:AtriumSharedPluginServer.
4. Click Search.
   The search results for selected component type are displayed. The Group with Change Permission list and the Group with View Permission list are populated with default values.
5. From the Group with Change Permission list, select groups and roles that you want to assign for the component.
   You can select multiple groups and roles. 
6. From the Group with View Permission list, select groups and roles that you want to assign for the component.
   You can select multiple groups and roles. 
7. Click Save.
   Permissions for the selected component are modified.

Default permissions for components

The following table describes default permissions for components: