Creating and assigning functional roles

Administrators create and assign a functional role to a Person record to provide a person with access to one or more BMC Heliux Innovation Studio applications. For information about function al roles, see Functional-role-overview.

Functional role use case

Scenario

Consider a scenario where Chris, the Case Agent, uses the BMC Helix Business Workflows application application to create a case for an issue. Along with the BMC Helix Business Workflows application, Chris uses the following applications to issue and resolve the ticket:

  • Knowledge Management, to refer to an existing knowledge article to resolve the issue, or create a new Knowledge article for future use.
  • SLM Service, to provide the correct level of service to meet the needs of the issue.
  • Notification Service to notify users of the case details. 

Chris, therefore, requires permissions for these applications to resolve a ticket. The administrator creates a functional role for Chris which enables Chris to perform his tasks.

The following table explains the tasks involved in creating a functional role for Chris:

Task

Description

Reference

Example

1

Before you create a functional role, define the permissions of each deployed application by creating application roles.

Define the following application roles with the associated permission levels:

  • Knowledge Management
    • Knowledge Contributor
    • Knowledge Candidate
  • SLM Service
    • SLM Viewer
    • SLM Administrator
    • SLM User
  • Notification Service
    • Notification Administrator
    • Notification User
    • Event Report access role

2

Create a functional role to grant permission to the person to access and use the applications.

To resolve a ticket by using BMC Helix Business Workflows, Chris requires access to applications like Knowledge Management and SLM Service and should have all the necessary permissions to perform the tasks on these applications.

Create a Case Agent functional role which is a collection of all the following roles:

  • Knowledge Contributor
  • Notification User
  • SLM Viewer

3

Assign the functional role to the person.

Assign the Case Agent functional role to Chris, so that he can easily access and use the applications with all of the required permission levels.

When you create a functional role and assign it to a person, the server performs certain tasks. For more information, see Server behavior.

To create a functional role

  1. Log in to BMC Helix Innovation Studio, navigate to the Administration tab.
  2. Select Server settings > Application permissions > Functional roles to open the Functional Roles UI.

  3. Click New and perform the following actions: 

    Field

    Action

    Application/Library

    Select the name of the deployable application or library for which you are defining a functional role.

    Functional role name

    Enter a unique name for the functional role.

    Description

    Enter a description for the functional role.

    Roles

    Select the application roles that you want to combine into one functional role.

    The Roles section displays the list of application roles from multiple applications or libraries.

    221_create functional role.png

  4. Click Save.

You can also modify or delete the functional roles by using the Functional Roles UI.

To assign additional permissions to a functional role

The administrator can assign additional permissions to functional roles.

Important

Make sure you do not delete the out-of-the-box roles that are assigned to a functional role. If you do, your changes will be reverted to the default settings when your BMC Helix Innovation Studio applications and servers are upgraded.

  1. Log in to BMC Helix Innovation Studio, and navigate to the Administration tab. 
  2. Select Server settings > Application permissions > Functional roles.
  3. From the Functional Roles page, open the functional role to which you want to assign additional permissions.
    The Edit Functional Role pane is displayed.
  4. From Select Role, expand a functional area whose roles you want to assign.
  5. Select the check boxes that correspond to the roles you want to assign.
    In Selected Role, the selected roles are added to the corresponding application name.
  6. Click Save.

To assign a functional role to a person

  1. Log in to Mid Tier.
  2. From the Application Administration Console, click the Custom Configuration tab.
  3. From the Application Settings list, select Foundation > People > People, and click Open
  4. On the People form, select the person to whom you want to assign a functional role.
  5. Select Login/Access Details > IS Personas.
  6. Click Update Personas

  7. On the IS Personas form, enter the following details:

    Field

    Description

    Application Name

    Select the name of the deployable application for which you are defining an IS persona.

    IS Persona

    From the list, select the IS persona that you want to assign for the person.

  8. Click Add/Modify.
  9. Click Close and then click Save

Server behavior

When you create, update, or delete functional or application roles, or when you export or deploy your applications, the server automatically performs certain tasks. After every action, the server rebuilds the group list and updates the user record. The following table provides the details:

Action

Role

Tasks performed by the server

Create

Functional role

  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    By default, the groups are named after the application role name. For example, Knowledge Contributor.
    However, if the group name already exists, the group is named by using a combination of application name and application role name. 
  • Maps application roles to corresponding groups.
    If one application role is added to multiple functional roles, the mapping between the application role and the group is created only for the first instance.
  • Identifies the person record associated with the functional role and updates the group list for the corresponding user record.

Application role

  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    By default, the groups are named after the application role name. For example, Knowledge Contributor.
    However, if the group name already exists, the group is named using a combination of application name and application role name.
  • Maps application roles to corresponding groups.

Update (modify)

Functional role

  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    By default, the groups are named after the application role name. For example, Knowledge Contributor.
    However, if the group name already exists, the group is named using a combination of application name and application role name. 
  • Maps application roles to corresponding groups.
    Identifies the person record associated with the functional role and updates the group list for the corresponding user record.
  • Updates the groups mapped to the application roles.

Application role

  • Updates the group list for user records associated to the functional role.

Delete

Functional role

  • Updates the group list for user records associated to the functional role.


Application role

  • Updates the group list for user records associated to the functional role.
  • If a new group was created automatically by the server, the group is not deleted even after the application role is deleted.
    This group is reused, if you create an application role with the same name later. You can manually delete the unwanted groups. 

Export

Application

  • Exports the functional role associated with that application in its bundle as schema data.

During deployment

Application

  • Creates or updates application roles.
  • If an application role is added to a functional role, the server performs the following tasks:
    • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
      By default, the groups are named after the application role name. For example, Knowledge Contributor
      However, if the group name already exists, the group is named using a combination of application name and application role name. 
    • Maps application roles to corresponding groups.
    • Identifies the person record associated with the functional role and updates the group list for the corresponding user record.

After deployment

Application

  • Creates or updates the functional role on the target system.
  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    • By default, the groups are named after the application role name. For example, Knowledge Contributor.
      However, if the group name already exists, the group is named using a combination of application name and application role name. 
  • Maps application roles to corresponding groups.
  • Identifies the person record associated with the functional role and updates the group list for the corresponding user record.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*