Creating and mapping roles

Roles are permissions similar to groups, except that they belong to a particular application, instead of a particular server. Roles are used exclusively in deployable applications.

Roles are defined for each deployable application and then mapped to explicit groups on the server. You can map a deployable application's roles to different groups on different servers, depending on how the groups are defined on each server. This allows you to develop and test the application on one server and deploy it to a number of other servers without having to redefine permissions on each server. You can also map roles to different groups for each development state, such as Test or Production. You can then switch between states using BMC Remedy Developer Studio or workflow.

Because roles are mapped to groups, the groups you define on the server and the users that belong to them are the foundation of access control.

Use the Roles form in a browser to create roles to which you grant or deny access to objects in deployable applications. In deployable applications, you assign permissions using implicit groups (including dynamic groups) and roles. You then map roles to explicit groups on the server. For more information about deployable applications, see Defining-and-managing-an-application. This section provides the steps to create roles and map them to explicit groups. Although there is no limit to the number of roles that you can create, for maintenance purposes you might want to limit the number.

You can map roles to regular or computed groups for the Test and Production application development states. You can also create custom states and map roles for those states. To enable a particular mapping, change the application's state. For more information, see Working-with-deployable-application-states.

Use the following procedures to create, modify, or delete BMC Remedy AR System roles:

• • To create and map roles
  • To modify roles and role mappings
  • To delete roles

The following table lists the key fields in the Roles form.

To create and map roles

1. In a browser, open the Roles form in New mode for the server that contains the deployable application for which you are creating roles.
2. Enter information in the Application Name, Role Name, and Role ID fields, as described in the previous table.
    If you save the role now, you can begin assigning permissions for this role to objects within the application. A role is listed only for object in the deployable application to which the role belongs.
3. Enter a regular or computed group ID in each Mapped Group field to define access permissions for each application state.

4. Save your changes.

    

   Note

   -  BMC Remedy AR System does not maintain the list of Application names. The BMC Remedy AR System Administrator should keep a note of all the Application names.

   - Newly created roles appear in Permissions dialogs after the server recaches (about 5 seconds, depending on your system).

To modify roles and role mappings

1. In a browser, open the Roles form in Search mode for the server that contains the deployable application for which you are creating roles.
2. Search the form to retrieve a list of currently defined roles for a particular application.
3. Select the appropriate roles and modify information in the appropriate fields.
4. Save your changes.

To delete roles

1. In a browser, open the Roles form in Search mode for the server that contains the deployable application for which you are creating roles.
2. Search the form to retrieve a list of currently defined roles for a particular application.
3. Select the appropriate role.
4. Choose Actions > Delete.
    A confirmation box appears to verify that you want to delete the role entry.
5. Click OK.