This documentation supports the 20.02 version of BMC Helix Platform.To view the documentation for the current version, select 20.08 from the Product version menu.

Creating Functional roles

To provide a person with access to one or more applications, administrators create and assign a functional role to a person record.

Functional role use case

Scenario

Consider a scenario where Chris, the Change Assignee uses the Change Management application to issue and resolve a change ticket. Along with Change Management application Chris uses the following applications to issue and resolve the ticket:

  • Knowledge Management, to refer to an existing knowledge article to resolve the issue, or create a new Knowledge article for future use.
  • Service Level Management, to provide correct level of service to meet the need of the issue.

Chris, therefore, requires permissions to these applications to resolve a ticket. The administrator creates a functional role for Chris which enables Chris to perform his tasks.

The following table explains the tasks involved in creating a functional role for Chris:

Task

Description

Reference

Example

1

Before you create the functional role, define the permissions if each deployed application by creating application roles.

Define the following appliction roles with these associated permission levels:

  • Change Management
    • Change Read
    • Change Write
    • Change Admin Write
  • Knowledge Management
    • Knowledge Read
    • Knowledge Write
  • Service Level Management
    • SLM Read
    • SLM Write

2

Create a functional role to grant permission to the person to access and use the applications.

To resolve a ticket using Change Management, Chris requires access to applications like Knowledge Management and Service Level Management and should have all the necessary permissions to perform the tasks on these applications.

Create Change Manager functional role which is a collection of all the following roles:

  • Change Write
  • Change Admin Write
  • Knowledge Write
  • SLM Write

3

Assign the functional role to the person.

Assign the Change Manager functional role to Chris. This enables Chris to easily access and use the applications with all of the required permission levels.

When you create a functional role and assign it to a person, the server performs certain tasks. For more information, see Server behavior.

To create a functional role

  1. Log in to BMC Helix Innovation Studio, navigate to the Administration tab, and select Configure My Server > Application Permissions > Manage Functional Roles to open the Functional Roles UI.

  2. Click New to add a new role and perform the following actions: 

    Field

    Action

    Application Name

    Enter the name of the deployable application for which you are defining a functional role.

    Role Name

    Enter a unique name for the functional role.

    Description

    Enter a description for the functional role.

    Select Role

    Select the application roles that you want to combine into one functional role. The Selected Role section displays the list of application roles from multiple applications.

  3. Click Save.

You can also update (modify) or delete the functional roles using the Functional Roles UI.

To assign a functional role to a person

  1. In BMC Helix Innovation Studio, navigate to the Administration tab, select Foundation Data > Manage People.
  2. Select the appropriate person type: Employees, Agents, Customers, or Vendors.
  3. Select the person record for which you want to add the functional role and click Edit.
  4. From the Functional Roles field select the appropriate functional role.
  5. Click Save.

Server behavior

When you create, update, or delete functional or application roles, or when you export or deploy your applications, the server automatically performs certain tasks. After every action the server rebuilds the group list and updates the user record.

The following table provides the details:

Action

Role

Tasks performed by the server

Create

Functional role

  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    • By default, the groups are named after the application role name. For example, Change Read.
      However, if the group name already exists, the group is named using a combination of application name and application role name. For example, ChangeManagementChangeRead.
  • Maps application roles to corresponding groups.
    • If one application role is added to multiple functional roles, the mapping between application role and group is created only for the first instance.
  • Identifies the person record associated with functional role and updates the group list for the corresponding user record.

Application role

  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    • By default, the groups are named after the application role name. For example, Change Read.
      However, if the group name already exists, the group is named using a combination of application name and application role name. For example, ChangeManagementChangeRead.
  • Maps application roles to corresponding groups.

Update (modify)

Functional role

  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    • By default, the groups are named after the application role name. For example, Change Read.
      However, if the group name already exists, the group is named using a combination of application name and application role name. For example, ChangeManagementChangeRead.
  • Maps application roles to corresponding groups.
    • Identifies the person record associated with functional role and updates the group list for the corresponding user record.
  • Updates the groups mapped to the application roles.

Application role

  • Updates the group list for user records associated to the functional role.

Delete

Functional role

  • Updates the group list for user records associated to the functional role.

 

Application role

  • Updates the group list for user records associated to the functional role.
  • If a new group was created automatically by the server, the group is not deleted even after the application role is deleted.
    This group is reused, if you create an application role with same name later. You can manually delete the unwanted groups. For more information, see Creating and managing groups.

Export

Application

  • Exports functional role associated with that application in its bundle as schema data.

During deploy

Application

  • Creates or updates application roles.
  • If an application role is added to a functional role, server performs the following tasks:

      • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
        • By default, the groups are named after the application role name. For example, Change Read.
          However, if the group name already exists, the group is named using a combination of application name and application role name. For example, ChangeManagementChangeRead.
      • Maps application roles to corresponding groups.
      • Identifies the person record associated with functional role and updates the group list for the corresponding user record.

After deploy

Application

  • Creates or updates functional role on the target system.
  • Creates a new group for the corresponding application role, if the application role is not mapped to any group.
    • By default, the groups are named after the application role name. For example, Change Read.
      However, if the group name already exists, the group is named using a combination of application name and application role name. For example, ChangeManagementChangeRead.
  • Maps application roles to corresponding groups.
  • Identifies the person record associated with functional role and updates the group list for the corresponding user record.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*