Remedy Applicatin Permissions

BMC Software, Inc., Confidential

White Paper

BMC Remedy Application

Permissions: Best Practices

August 2010

www.bmc.com


Contacting BMC Software

You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information about the company, its products, corporate offices, special events, and career opportunities.

United States and Canada

Address BMC SOFTWARE INC 2101 CITYWEST BLVD HOUSTON TX 77042-2827 USA

Telephone 713 918 8800 or 800 841 2031

Fax 713 918 8000

Outside United States and Canada

Telephone (01) 713 918 8800 Fax (01) 713 918 8000

If you have comments or suggestions about this documentation, contact Information Design and Development by email at [email protected].

© Copyright 2009 BMC Software, Inc.

BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners.

ITIL® is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office, and is used here by BMC Software, Inc., under license from and with the permission of OGC.

IT Infrastructure Library® is a registered trademark of the Office of Government Commerce and is used here by BMC Software, Inc., under license from and with the permission of OGC.

The information included in this documentation is the proprietary and confidential information of BMC Software, Inc., its affiliates, or licensors. Your use of this information is subject to the terms and conditions of the applicable End User License agreement for the product and to the proprietary and restricted rights notices included in the product documentation.

Restricted Rights Legend

U.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to restrictions, as applicable, set forth in FAR Section 52.227-14, DFARS 252.227-7013, DFARS 252.227-7014, DFARS 252.227-7015, and DFARS 252.227-7025, as amended from time to time. Contractor/Manufacturer is BMC Software, Inc., 2101 CityWest Blvd., Houston, TX 77042-2827, USA. Any contract notices should be sent to this address.


Customer Support

You can obtain technical support by using the Support page on the BMC Software website or by contacting Customer Support by telephone or email. To expedite your inquiry, please see “Before Contacting BMC Software.”

Support website

You can obtain technical support from BMC Software 24 hours a day, 7 days a week at http://www.bmc.com/support. From this website, you can:

• Read overviews about support services and programs that BMC Software offers.

• Find the most current information about BMC Software products.

• Search a database for problems similar to yours and possible solutions.

• Order or download product documentation.

• Report a problem or ask a question.

• Subscribe to receive email notices when new product versions are released.

• Find worldwide BMC Software support center locations and contact information, including email addresses, fax numbers, and telephone numbers.

Support by telephone or email

In the United States and Canada, if you need technical support and do not have access to the Web, call 800 537 1813 or send an email message to [email protected]. (In the Subject line, enter SupID:<yourSupportContractID>, such as SupID:12345.) Outside the United States and Canada, contact your local support center for assistance.

Before contacting BMC Software

Have the following information available so that Customer Support can begin working on your issue immediately:

• Product information

o Product name

o Product version (release number)

o License number and password (trial or permanent)

• Operating system and environment information

o Machine type

o Operating system type, version, and service pack

o System hardware configuration

o Serial numbers

o Related software (database, application, and communication) including type, version, and service pack or maintenance level

• Sequence of events leading to the problem

• Commands and options that you used

• Messages received (and the time and date that you received them)

o Product error messages

o Messages from the operating system, such as file system full

o Messages from related software


License key and password information

If you have a question about your license key or password, contact Customer Support through one of the following methods:

• E-mail [email protected]. (In the Subject line, enter SupID:<yourSupportContractID>, such as SupID:12345.)

• In the United States and Canada, call 800 537 1813. Outside the United States and Canada, contact your local support center for assistance.

• Submit a new issue at http://www.bmc.com/support.


Contents

BMC Remedy application permissions groups ......................................................... 7

Permissions group hierarchy ................................................................................. 8

Functional Roles .................................................................................................... 9

Permissions ............................................................................................................ 9

Typical permissions combination setups ................................................................. 66

BMC Remedy Application Permissions: Best Practices 7 BMC Software, Inc., Confidential

White paper

BMC Remedy Application Permissions: Best Practices

This white paper discusses BMC recommended best practices for assigning BMC Remedy application permissions (specifically for ITSM, SRM, RKM and SLM). The discussion covers the following subjects:

• permissions groups • permission model hierarchy • functional roles • best practices— mapping permissions to the BMC Service Management

Process Model (SMPM)—where applicable • best practices—permissions group definitions

Note: The information in this white paper is based the permissions groups used in the 7.6.03 version of the BMC Remedy suite of applications.

BMC Remedy application permissions groups

BMC Remedy applications use the concept of permissions groups to control access to their various forms, consoles, and functions. By using a limited number of role-based permissions groups, you can simplify the creation of mid tier pre-cache files and ease the permission model administration. Each of the BMC Remedy applications is made up of components and sub components. The permissions groups are packaged or grouped together within these components. The Permissions section of this paper describes the function of each of these components and lists the permissions groups that are related to them.

White paper

8 BMC Remedy Application Permissions: Best Practices BMC Software, Inc., Confidential

For your reference, the following table lists the BMC Remedy applications with their main components and sub components.

Applications

BMC Remedy

Asset

Management

BMC Remedy

Change

Management

BMC Remedy

Incident

Management

BMC Remedy

Problem

Management

BMC Service

Level

Management

(BMCSLM)

BMC Service

Request

Management

(SRM)

BMC Remedy

Knowledge

Management

(RKM)

Main components

Asset

Inventory X X X X X

Asset

Manage-

ment

X

Change X

Release X

Incident X

Problem X

Request X X X X

BMC SLM X

RKM X

Sub-components

Activity X X X X

Financial X X X X

Foundation X X X X X* X X

ROI X X X X

Task X X X X X

* The Contract sub component is part of the Foundation sub component and is installed with BMC Service Level Management (BMC SLM).

Permissions group hierarchy

There is a hierarchical relationship among the BMC Remedy application permissions groups. The following table lists the permissions groups from greatest to least access.

Permissions group Access level

Admin or Master

The Admin and the Master permissions groups are at the top of the hierarchy. They grant users the highest level of access within a given application component. This permissions group typically includes the ability to create and modify all records within the component. Admin or Master permissions group access supersedes the User permissions group.

User Grants users the standard level of access within a given application component. This permissions group typically includes the ability to create and modify records.



Permissions group Access level

There are, however, some limitations imposed when modifying records. These limitations are described in more detail in the Permissions section, later in this white paper. User permissions group access supersedes the Submitter permissions group.

Submitter Grants users permission to create records but not to modify them. This permission does not require an application license. Submitter permissions groups access supersedes the Viewer permissions group.

Viewer Grants users read access within a given application component. This permission does not require an application license.

Each higher-level permissions group grants all of the access rights of the permissions groups below it in the hierarchy. For example, if you assign someone to the Change Admin permissions group, you do not have to assign them to the Change User permissions group. As a member of the Admin permissions group, they automatically have User permissions, and so on.

If you do assign a user to more than one permissions group for the same application component, you create a variance in the recommended permission combinations. These permission combinations are discussed later in this white paper.

Note: In some cases, the functions from one permissions group are automatically granted to another permissions group. For example, if you grant someone Incident User permissions, you do not have to grant them Task User permissions. Incident User permissions automatically inherit the functions of the Task User permissions. The permissions list later in this white paper notes when this type of permission inheritance occurs.

Functional Roles The ITSM applications also support the concept of ‘Functional Roles.’ Functional roles extend the access granted by the permissions groups and should not be confused with the permissions groups themselves. You can assign functional roles only to support staff, according to the support groups to which they belong. For more information about functional roles, see Appendix A of the BMC Remedy IT Service Management Administration Guide.

Permissions

Main Components

Description

Asset Inventory The Asset Inventory component is installed with most BMC Remedy ITSM applications and lets you access CI information within the CMDB.

White paper


Main Components

Description

It provides two key features: • IT CI Lifecycle management, which allows users to manage

CIs through their lifecycle (that is, from requisition, to deployment, to retirement).

• Inventory Management, which allows users to manage CIs and bulk items in inventory.

When you are assigning permissions to users, the permissions related to this component are found under the Asset Management heading. For more information, see the BMC Remedy Asset Management User Guide.

Note: The information about the four Asset Inventory component permissions also applies to the BMC Remedy Asset Management application. This means that when BMC Remedy Asset Management is installed, users with these permissions also inherit access to the features described in the Asset Management section below.

Permissions Description Application Licence Required?

Asset Admin Users with Asset Admin permission can perform following functions:

• create and modify all CI data

• create CI relationships (to other CIs and well as People, Organizations and Support Groups)

• manage CI’s in Inventory Best practice: Limit the use of these permissions to individuals with a Configuration Administrator role. Asset Admin supersedes the Asset User and Asser Viewer permissions group. Users with Asset Admin permissions do not need Asset User or Asset Viewer permissions.

No application license is required

Asset User Users with Asset User permissions can:

• modify CI data • create CI relationships

with other records such as




Main Components

Description

incidents requests, people records, organizations and support groups (they cannot, however, create relationships with other CIs)

• read all CI data

Note: The permission allows users to modify only the data of CIs for which they have been granted update access. Update access is granted by relating a CI to one or more of the user`s Support Groups. For more information about granting access to CI data, see the BMC Remedy IT Service Management Administration Guide. Best practice: Limit the use of these permissions to individuals who are directly supporting specific CIs and who must update CI attributes and relationships. Users with Asset User permissions do not need Asset Viewer permissions.

Asset Viewer Users with Asset Viewer permission can view all CI data. The Asset Viewer permission is automatically granted when any of the following permissions are granted:

• Incident Master • Problem User • Problem Master • Infrastructure Change User • Infrastructure Change

Master • Infrastructure Change

Config • Release Config • Release Master • Release User


White paper


Main Components

Description

• Task Manager • Task User • Purchasing User • Contract Admin • Contract User • Contract Viewer

• Request Catalog Manager

Best practice: Grant these permissions to all Support personnel. Having access to CI information is vital for most IT Infrastructure Library (ITIL) processes.

Asset Config Users with Asset Config permissions can configure the follow areas within the Asset Inventory component:

• Asset Management settings

• Bulk CI Reorder Level and Lead Time Specifications

They can also perform CI deletion functions. Best practice: Grant these permissions only to individuals who must configure the Asset Inventory component functions. Typically, these people fill the role of an Application Administrator.


Asset Management

The Asset Management component is installed with the BMC Remedy Asset Management application. This component enables the following Asset management functions:

• CI Configurations • CI Scheduling (specifically, maintenance and audit

schedules) • CI Costing • CI Unavailability or Outages

This component also enables the performance of specific Bulk Update functions against CIs. The following modules are also installed:

• Purchasing • Contract Management • Software Licence Management

For more information, see the BMC Remedy Asset Management User Guide.



Main Components

Description

Permissions Description App Licence Required

Asset Admin Users with Asset Admin permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions:

• create, modify, and administer contracts

• create and modify license certificates from the Service Activation Management console

• create and modify CI Unavailability records (also referred to as Outage records)

• manage configurations • manage schedules • manage costs • perform bulk update

functions • configure costing and

charge back periods from the Application Administration console

This permission does not grant access to purchasing or receiving functions. Best practice: Grant these permissions only to individuals playing a Configuration Administrator role. Users with Asset Admin permission have full access to contracts and SWLM features, which means they do not need any other Contract permissions unless they must create new Contract Types (this ability is given with Contract Admin permissions) or configure certain aspects of SWLM (this ability is given with Contract Config permissions).

An application license is required

White paper


Main Components

Description

A person with Asset Admin permissions does not need Asset User and Asser Viewer permissions.

Asset User Users with Asset User permissions can perform all of the Asset Inventory functions as well as the following Asset Management functions:

• create and modify contracts

• create, modify, and delete the following within a CI record to which the user has access (but they cannot perform these functions from the Asset Management console): - contracts - configurations - costs - outages - returns - schedules

Asset Admin permission is required to access inventory management and bulk update features. This permission does not grant access to the following functions:

• inventory management • bulk update • purchasing

• receiving

Best practice: Grant these permissions to individuals who are directly supporting specific CIs and who must update CI attributes and relationships. The Asset User permissions do not have equivalent permissions to the Contract User permissions group. If a user requires the ability to either modify license certificates or manage License jobs as part of




Main Components

Description

SWLM, then they must also be given Contract User permissions. A person with Asser User permissions does not need Asset Viewer permissions.

Asset Viewer Users with Asset Viewer permissions have access to all of the Asset Inventory functions as well as the following Asset Management functions:

• read access to contracts • read access to the

following areas within a CI record: - contracts - configurations - outages - schedules

This permission does not grant access to:

• inventory management • bulk update • cost management • purchasing • receiving functions • the Software Asset

Management console

Best practice: Grant these permissions to all Support personnel (that is, users who do not already have the Asset Admin or Asset User permissions). Having access to CI information is vital for most ITIL processes.

Note: Asset Viewer permissions are automatically granted when assigning any of the following permissions: Incident User

• Incident Master • Problem User • Problem Master


White paper


Main Components

Description

• Infrastructure Change User • Infrastructure Change

Master • Infrastructure Change

Config • Release Config • Release Master • Release User • Task Manager • Task User • Purchasing User • Contract Admin • Contract User • Contract Viewer

• Request Catalog Manager

Asset Config Users with Asset Config permission have access to all of the Asset Inventory functions as well as the following Asset Management functions:

• configuring CI depreciation criteria

• configuring CI notifications

• configuring CI Unavailability status

• configuring License Types • configure Inbox

preferences for SWLM • configuring License

Engine for SWLM • configuring Asset

Management rules • configuring CI

Unavailability priority • setting up server info for

AR System License Type for Software License Management (SWLM)

Best practice: Grant these permissions only to individuals who administer the Asset Inventory and Asset Management




Main Components

Description

system (that is, to someone who acts as an Application Administrator). Users with Asset Config permission do not need Contract Config permissions.

Purchasing User

Users with Purchasing User permissions can access the following functions within the BMC Remedy Asset Management application:

• Create and modify purchase requisitions that are assigned to the user’s support group (this includes line items)

• Create and modify purchase orders

This permission only grants access to the purchasing functions (excludes receiving) and does not provide any access to areas where an ‘Asset’ or ‘Contract’ type permission are required. Best practice: Limit the use of these permissions to individuals who perform the following roles in the Asset Management Purchasing feature:

• Configuration Administrator—these individuals might must submit purchase requests issued through the Change Management process

• Purchasing Agent


Receiving User Users with Receiving User permissions can access the Receiving console to receive CIs from the Purchasing system. Best practice: These permissions grant access only to the receiving functions. Therefore, grant them only to people who use the Asset


White paper


Main Components

Description

Management Purchasing feature, for example, Purchasing Agents.

Contract Admin

Users with Contract Admin permissions can perform the following functions:

• create and modify all contracts from the Contract console

• create and modify license certificates from the SAM console

• configure new Contract Types from the Application Administration console

• manage license jobs from the SAM console

Best practice: Grant these permissions to people who need full access to the Contract Management features, but who don’t need the full Asset Management access given by the Asset Admin permissions group.

Note: a user with the Asset Admin permission can do everything that a user with Contract Admin permission with the exception of creating new Contract Types.


Contract User Users with Contract User permissions can perform the following functions:

• modify public contracts from the Contract console

• modify internal contracts from the Contract console (if the user belongs to the Support Group that manages the contract)

• create and modify license certificates for contracts they have access to from the SAM console

• Manage license jobs from




Main Components

Description

SAM console Best practice: Grant these permissions to individuals who need controlled access to create and modify contracts, but who do not require access to modify CI information. If a user is also needs to modify CI information, you should also give them Asset User permissions.

Contract Viewer

Users with Contract Viewer permission can view all contracts from the Contract console. This permission does not grant access to the SAM console. Best practice: Grant these permissions to individuals who require view access to contracts.

Note: The Asset Viewer permission grants the same type of access to contracts and CI information as the Contract Viewer permission.

Users with Asset Viewer permissions do not also need Contract Viewer permissions.


Contract Config

Users with Contract Config permission can perform the following functions:

• configure License Types • configure Inbox

preferences for SWLM • configure the License

Engine for SWLM • configure Asset

Management rules • set up a server information

for the AR System License Type for SWLM

This permission does not grant access to the SAM console. Best practice: Grant these


White paper


Main Components

Description

permissions to individuals who must only configure Software Licence Management (SWLM) features.

Note: If a user has Asset Config permission they do not need Contract Config permissions. This is because, the Asset Config permissions group can configure the same SWLM features that the Contract Config permissions can configure.

Typically, an Application Administrator requires this set of permissions.

Change The Change component is installed with the BMC Remedy Change Management application. You use the Change component to plan, schedule, implement, and track changes within your organization. Management of the Change lifecycle is based on ITIL best practices for Change Management. For more information, see the BMC Remedy Change Management User Guide. Permissions Description App

Licence Required

Infrastructure Change Master

Users with Infrastructure Change Master permission can perform the following functions:

• create change request • modify all change requests

and tasks independently of any functional roles or support group affiliations

• create and modify approval mappings

• create and modify Change templates (modification of templates is restricted to those templates where the user is a member of the Authoring Group)

• access the Product Catalog console

Best practice: Limit the use of these permissions to individuals




Main Components

Description

playing a Change Manager role and who require full access to all Change requests.

Note: The Master permissions groups should be granted in a limited fashion and only to key personnel who own a process or who have full control over schedules, in the case of Change Management.

Infrastructure Change User

Users with Infrastructure Change User permission can perform the following functions:

• create change request • modify, with restrictions,

change requests and tasks based on functional roles and support group affiliations:

- A user with these permissions and no Change Management Functional roles can only modify Changes where they are the Requestor or they belong to the Change Implementer Group

- A user with these permissions and the Change Coordinator Functional role can only modify Changes where they are the Requestor or they belong to the Change Implementer or Change Coordinator Group, or both

- A user with these permissions and the Change Manager functional role can only modify Changes where they are the Requestor or they belong to the Change Implementer or


White paper


Main Components

Description

Change Manager Group, or both

• access to the Product Catalog console

Best practice: Grant these permissions to individuals performing the role of a Change Manager, Change Coordinator or Change Implementer within the Change Management process. Also grant these permissions to users who play the role of a Group Coordinator within the Incident or Problem Management processes, or both. These people might need to create and modify Changes that result from Incidents, Problems or Known Errors. Additionally, these permissions should be grated to users who play the role of a Continuity Manager.

Infrastructure Change Submit

Users with Infrastructure Change Submit permission can perform the following functions:

• create and query all change requests


Users with these permissions cannot modify change requests. Best practice: Grant these permissions to individuals who must submit and view change requests. Typically, these permissions are given to Problem Coordinators and IT Specialists, who often must create Change requests.


Infrastructure Change Viewer

Users with Infrastructure Change Viewer permission can perform the following functions:

• query all change requests • access to the Product

Catalog console

Users with these permissions




Main Components

Description

cannot submit or modify change requests.

Best practice: Grant these permissions to individuals who need only read access to view change requests. Typically, these permissions should be given to most ITSM applications users (that is, users who do not already have the ‘Master’, ‘User’ or ‘Submitter’ permissions) for them to access information about changes being made to your infrastructure.

Infrastructure Change Config

Users with Infrastructure Change Config permission can perform functions that include the following four components: Change Management Configuration functions:

• configure the Change Calendar

• configure the Change Prioritization values

• configure the Process Flow next stage status transitions

• configure the Change rules (general field enforcement and notification rules)

• configure the Change Risk factors

• configure the Change Templates

Foundation functions:

• configure the Approval Process

• register applications that will use Command Automation Interface, or CAI (advanced feature)

• Define commands, command parameters and command parameter mappings for the CAI (advanced feature)

• KPI – configure the


White paper


Main Components

Description

Flashboard parameters • KPI – configure and

register the KPI titles (advanced option)

Requestor console:

• Create and update the Summary Definitions

Task Management System:

• configure the Task Assignment mappings

• configure the Task Group Templates

• configure the Task Templates

• configure the Variable Templates

Best practice: Grant these permissions to individuals requiring access to configure the component functions mentioned in the preceding lists. Typically, you grant these permissions to a person playing the role of Application Administrator.

CM Dashboard User

Users with CM Dashboard User permission can view the BMC Remedy Change Management Dashboard form. Best practice: Grant these permissions to users performing the role of a Change Manager or Change process owner.


Release The Release component is installed with the BMC Remedy Change Management application. You use the Release component to plan, schedule, and control the movement of releases into test and live environments. Management of the Release lifecycle is based on ITIL beast practice Release Management methodologies. For more information, refer the BMC Remedy Change Management User Guide.

Release Master Users with Release Master permission can perform the following functions:

• create release requests




Main Components

Description

• modify all release requests independently of any functional roles or support group affiliations

• create and modify approval mappings

• create and modify Release templates (modification of templates is restricted to templates where user is a member of the Authoring Group)

Note: Asset Viewer and Infrastructure Change Viewer permissions are also granted automatically from the application UI whenever these permissions are granted.

Best practice: Limit the use of these permissions to individuals playing a Release Coordinator role that requires full access to all Release requests.

Note: Use of the Master permissions groups should be limited to key personnel who either own a process, or have full control over Release Management schedules.

Release User Users with Release User permissions can perform the following functions:

• create release request

• modify, in a restricted way, release requests based on functional roles and support group affiliations

Note: A user must have the Release Coordinator Functional Role to be able to modify Release request and they must be a


White paper


Main Components

Description

member of the Release Coordinator Group.

Note: Asset Viewer and Infrastructure Change Viewer permissions are also granted automatically from the application UI when these permissions are granted.

Best practice: Limit use of these permissions permission to individuals playing a Release Coordinator role.

Release Viewer

Users with Release Viewer permissions can query all release requests. They cannot submit or modify release requests.

Note: Infrastructure Change Viewer permissions are also granted automatically from the application UI when these permissions are granted.

Best practice: Grant these permissions to individuals who need only read access to view release requests. Typically, these permissions are given to most ITSM applications users (that is, users who do not already have the ‘Master’, or ‘User’ permission) for them to access information regarding release planning activities.


Release Config Users with Release Config permissions can perform functions that span the following five components: Activity component:

• configure Activity rules • configure Activity

Templates Change Management component

• configure Change Calendar




Main Components

Description

Foundation component • KPI – configure

Flashboard parameters • KPI – configure and

register KPI titles (advanced option)

Release component

• configure milestone phases and exit criteria

• configure Release Prioritization values

• configure Release rules • configure Approval

mappings • configure Release

Templates Task Management System component

• configure applications that integrate with Task Management System

• configure phase management functionality for those applications that integrate with Task Management System

• configure Task Status and Status Reason values for application return codes

Best practice: Grant these permissions to individuals requiring access to configure the functions in the preceding list. People with this set of permissions typically are Application Administrators.

Incident The Incident component is installed with BMC Remedy Incident Management application. You use the Incident component to restore normal service operations quickly by managing all aspects of an incident, from their creation to their resolution and closure. For more information, see the BMC Remedy Incident Management User Guide. Incident Master

Users with Incident Master permissions can perform the

An application

White paper


Main Components

Description

following functions: • create incidents • modify all incidents

independently of any functional roles or support group affiliations

• view Incident templates • configure Cost Category,

Cost Center information, Cost Rate templates and Financial rules as well as Chargeback periods

Note: To create and modify templates, you need the Support Group Admin Functional role. With this role, the modification of templates is restricted to those for which the user is a member of the Authoring Group

Note: Chargeback is a function of the costing sub-system and is given automatically with the other costing features, for example, access to the Product Catalog console.

Best practice: Limit the use of these permissions to individuals playing a Service Desk Analyst role who require full access to all Incidents.

Note: Use of the Master permissions groups should limited to key personnel who either own a process or require full control of all Incidents.

Users with these permissions must also belong to a Support Group before they can open the Incident form.

license is required

Incident User Users with Incident User permission can perform the following functions:

• create incidents • modify incidents based on




Main Components

Description

functional roles and support group affiliations (that is you must be a member or either the Assigned or Owner Group to have modify access to the Incidents with this permission)

• view Incident templates

Note: You must grant the Support Group Admin functional role to create and modify templates. With this role, template modification is restricted to templates for which the user is a member of the authoring group.

Best practice: Limit the use of these permissions to individuals playing one of the following Service Desk roles:

• Group Coordinator • On-Duty Manager • Operations Manager • Operator and Specialist • Problem Coordinator, • Change and Release

Coordinator • Service Level Manager

• Service Owner

Users with these permissions must also belong to a Support Group to open the Incident form.

Incident Submitter

Users with Incident Submitter permission can create and query all incidents. They cannot modify incidents. Best practice: Grant these permissions to individuals who need to submit and view incidents. Typically, these permissions are given to any who fulfills one of the roles mentioned under the Incident User permissions (take note that,


White paper


Main Components

Description

‘User’ permissions are required if the person needs modification access). Users with these permissions must also belong to a Support Group to open the Incident form.

Incident Viewer

Users with Incident Viewer permission can query all incidents. They cannot submit or modify incidents. Best practice: Grant these permissions to individuals who need only read access to incidents. Typically, these permissions are given to most ITSM applications users (that is, users who do not already have the ‘Master’, ‘User’ or ‘Submitter’ permission) for them to access incident information. Users with these permissions must also belong to a Support Group to open the Incident form.


Incident Config

Users with Incident Config permission can perform functions that span the following three components: Incident Management component

• configure Incident Management application settings

• configure Incident Impact values

• configure Incident Urgency values

• configure Incident Priority weight ranges

• configure Incident Prioritization

• configure Incident rules (general field enforcement and assignment rules)

• configure Work Info Inbound and Outbound communications counters

• configure Decision Trees • configure Scripts • configure Incident Templates




Main Components

Description

(can create and modify all templates regardless of Authoring group affiliation)

Foundation component

• KPI – configure Flashboard parameters

• KPI – configure and register KPI titles (advanced option)

Requestor component

• Create and update Summary Definitions

Best practice: Grant these permissions to individuals who configure the component functions in the preceding list. Typically, people who fulfill this role are Application Administrators.

Problem The Problem component is installed with the BMC Remedy Problem Management application. You use the Problem component to manage problem investigations, known errors, and solution database entries. Problem management focuses on reducing the number of incidents; either reactively, by preventing them from recurring, or proactively by preventing them from occurring. For more information, see the BMC Remedy Problem Management User Guide. Problem Master

Users with Problem Master permission can perform the following functions:

• create problem investigation, known error and solution database records

• modify all problem investigation, known error and solution database records independently of any functional roles or support group affiliations

• configure Cost Category information, Cost Center information, Cost Rate templates, and Financial rules as well as Chargeback periods


White paper


Main Components

Description


Note: Chargeback is a function of the costing sub-system and is given automatically with the other costing features.

Best practice: Limit the use of these permissions to individuals who play the role of Problem Coordinator and who require full access to all Problem Investigation, Known Error and Solution Database records.

Note: Use of the Master permissions group should be limited to key personnel who either own a process or require full control of all Problem Management records.

Users with these permissions must also belong to a Support Group to open the Problem forms.

Problem User Users with Problem User permission can perform the following functions:

• create problem investigations, known error records, and solution database records

• modify problem investigation and known error records based on functional roles and support group affiliations:

- A user with these permissions and no Problem Management Functional Roles can modify only Problem Investigations and Known Errors where they belong to the Assigned Group

- A user with these permissions and




Main Components

Description

Problem Coordinator Functional Role can modify only Problem Investigations and Known Errors where they belong to the Problem Coordinator Group

• modify solution database records based on support group affiliations


Best practice: Grant these permissions to individuals performing the role of a Problem Coordinator within the Problem Management process. You should also grant these permissions to users that play any of the following roles:

• Group Coordinator or a Specialist within the Incident and Problem Management processes

• Change Coordinator • Release Coordinator • Availability Manager • Capacity Manager

These permissions give them the ability to create and modify Problems and Known Errors. Users with these permissions must also belong to a Support Group to open the Problem forms.

Problem Submitter

Users with Problem Submitter permissions can create and query all problem investigation, known error and solution database records. They cannot modify problem investigations, known errors, and solution database records.


White paper


Main Components

Description

Best practice: Grant these permissions to individuals who must submit and view Problem Investigations, Known Errors and Solution Database records. Typically, you give these permissions to any of the roles mentioned in the preceding list of Problem User permissions (take note that ‘User’ permissions are required when the user needs modification access). Users with these permissions must also belong to a Support Group to open the Problem forms.

Problem Viewer

Users with Problem Viewer permissions can query all problem investigation, known error and solution database records. They cannot submit or modify problem investigation, known error and solution database records. Best practice: Grant these permissions to individuals who need only read access to view Problem Investigations, Known Error and Solution Database records. Typically, these permissions are given to most ITSM applications users (that is, users who do not already have the ‘Master’, ‘User’ or ‘Submitter’ permission) so they can access information in the Problem Management records. Users with these permissions must also belong to a Support Group to open the Problem forms.


Problem Config

Users with Problem Config permissions can perform functions that span the following three components: Problem Management component

• configure Problem Impact values

• configure Problem




Main Components

Description

Urgency values • configure Problem Priority

weight ranges • configure Problem

Prioritization • configure Problem rules

(general field enforcement and assignment rules)

Foundation functions component

• KPI – configure Flashboard parameters

• KPI – configure and register KPI titles (advanced option)

Incident Management component (Incident component must be installed):

• configure decision trees (this configuration option is available to a Problem applications administrator, because you can create decision trees to relate Incidents directly to Known Error and Solution Database records)

Best practice: Grant these permissions to individuals who configure the component functions in the preceding list. You typically give these permissions to someone fulfilling the role of an Application Administrator.

Request (without SRM)

The Request component gets installed when either the BMC Remedy Incident Management, BMC Remedy Problem Management, or BMC Remedy Change Management applications are installed.

Note: The Request component is also installed when the BMC Service Request Management (SRM) application gets installed however this version of the Request component is different compared to the version installed when SRM is not installed. This Request component is used to provide an interface for employees of your organization to submit requests that can be fulfilled from either the Incident or Change management

White paper


Main Components

Description

processes. The previously mentioned interface is referred to as the Requestor console. Users of the Requestor console do not must be granted permissions. The permissions listed below are for administrating the Requestor console.

For more information, see the BMC Service Request Management documentation that is available from the BMC Customer Support website. Requester Console Config

Users with Requester Console Config permission can perform the following functions:

• configure Application Settings specific to the Requester console functions

• create and update Summary Definitions that are used within the Requester console

• configure Survey questions • configure Request rules

Best practice: Grant these permissions to individuals requiring access to configure the previously mentioned component functions. Typically, you grant these permissions to someone playing the role of an Application Administrator.


Requester Console Master

Users with Requester Console Master permission can perform the following functions:

• configure Application Settings specific to the Requester console functions

• create and update Summary Definitions that are used within the Requester console

• configure Survey questions • configure Request rules • view and limited update

access to the Service Request form




Main Components

Description


Note: The Requester Console Master permissions supersede the Requester Console Config permission. Therefore Users with these permissions do not need to be granted the Requester Console Config permission.

Summary Definition Config

Users with Summary Definition Config permission can create and update Summary Definitions that are used within the Requester console Best practice: Grant these permissions to individuals requiring access to configure the previously mentioned component functions. Typically, you grant these permissions to someone playing the role of an Application Administrator.

Note: The Requester Console Config and Requester Console Master permissions supersede the Summary Definition Config permission. Therefore Users with either of these permission does not need to be granted the Summary Definition Config permission.


Request (with SRM)

The Request component gets installed when the BMC Service Request Management (SRM) application is installed.

Note: If you were installing the BMC Service Request Management application on top of an installation that previously had an ITSM application installed (that is, Asset, Incident, Problem or Change/Release Management) the Request component will be

White paper


Main Components

Description

replaced with the SRM version.

This Request component is the entry point from which IT customers can interact with the IT organization. Users select IT or other business services from a Service Catalog, which the Business Service Manager sets up. Service requests can be fulfilled using the BMC Remedy Change Management or BMC Remedy Incident Management process. In addition SRM supports any generic work-order process. IT Customers that use the Request Entry form to submit requests do not must be granted permissions. The permissions listed below are for administrating the SRM application and working with Requests and Work Orders. For more information, see the BMC Service Request Management documentation that is available from the BMC Customer Support website. Business Analyst

Users with Business Analyst permission can perform the following functions:

• create Service Requests Definitions (SRD) using the Service Request Designer

• view and update SRDs created by this user (Take note that the user cannot view SRDs with a status of Cancelled or Expired)

Best practice: Grant these permissions to individuals performing the role of a Business Analyst (that is, a liaison between the IT customers and IT support)


Business Manager

Users with Business Manager permission can manage service requests using the Business Manager Console (that is, view requests, add additional information to a request, cancel requests, review the approval cycle of requests and run reports) Best practice: Grant these permissions to individuals performing the role of a Business Manager responsible for managing user requests. Their activities and




Main Components

Description

responsibilities include monitoring the current number of open and late requests, approving requests, running request reports, and examining request trends.

Entitlement Administrator

Users with Entitlement Administrator permission can perform the following functions:

• configure Entitlement rules for SRDs

• configure Entitlement groups



Request Catalog Manager

Users with Request Catalog Manager permission can perform the following functions:

• create Service Requests Definitions (SRD) using the Service Request Designer

• view and update SRDs using the Service Request Designer

• manage (create, update and delete) SRDs and Process Definition Templates (PDTs) using the Service Catalog Manager console

Note: Users with these permissions have access to the Service Requests Definition and Process Definition forms accessible from the console.

• import and export SRDs and PDTs using the Import Export console

Best practice: Grant these


White paper


Main Components

Description

permissions to individuals performing the role of a Service Catalog Manager responsible for defining SRDs and PDTs (the fulfillment process definitions within the service catalog). Service Catalog Managers work closely with business relationship managers (liaisons between the business and IT) to build and implement the requests from the business.

Service Request User

Users with Service Request User permission can perform the following functions:

• manage Service Requests using the Service Request Coordinator console

• view requests , create requests on behalf of others, update work info on request, reviewing suggestions and troubleshooting requests.

Best practice: Grant these permissions to individuals performing the role of a Service Request Coordinator (or service request agent) responsible for planning and tracking the service request, as well as monitoring the current number of open and late service requests.


SRM Administrator

Users with SRM Administrator permission can perform functions that span the following two components: SRM Configuration component

Advanced settings: • configure general Application

settings • configure Advanced Interface

data • configure Service Request

preferences • configure Service Request




Main Components

Description

definition settings • configure Service Request

HTML • configure Surveys Application Configuration: • define Application fields • define Application Object

Template • defined Application Target

data • define Questions Library Approval settings: • configure Approval Chains • configure Approval

Mappings Entitlement settings: • configure Entitlement rules

for SRDs • configure Entitlement

groups • configure On Behalf of rules Navigational Category settings: • configure Navigation

categories Request Entry Management settings: • configure Default console

preferences • manage Service Request

Definition images • configure Service Request

images • configure Service Request

Search Exclusion word list SRD Level setting: • setup SRD levels BMC SLM setting: • Configure the defaults for

Service Target for SRDs. Work Order settings: • configure Work Order rules • configure Work Order

templates Foundation component

• setup Approval Application Registration to allow parallel processes based on form name

• configure Approval Process phases

White paper


Main Components

Description

• register applications that will use CAI (advanced feature)



Note: The SRM Administrator permissions supersede the Entitlement Administrator permission. Therefore Users with these permissions do not need to be granted the Entitlement Administrator permission.

Work Order Config

Users with Work Order Config permission can perform functions that span the following two components: SRM Configuration functions:

Work Order settings: • configure Work Order rules • configure Work Order

templates Task Management System functions:

Assignment settings: • configure Assignment

mappings Task Configuration settings: • configure Task Group

templates • configure Task templates • configure Variable templates

Best practice: Grant these




Main Components

Description

permissions to individuals requiring access to configure the previously mentioned component functions. Typically, you grant these permissions to someone playing the role of an Application Administrator.

Work Order Master

Users with Work Order Master permission can perform the following functions:

• create, manage and fulfill Work Orders using the Work Order console

• access to the Product Catalog console

Note: The Work Order Manager functional role is required to be assigned as the Work Order Manager and the Work Order Assignee functional role is required to be assigned as the Work Order Assignee

Best practice: Limit the use of these permissions to individuals who manage and work with the Work Order fulfillment process.


BMC SLM The BMC SLM component gets installed when BMC SLM is installed. The BMC SLM component is used define SLAs, OLAs and Underpinning contacts that can be used measure the level of service you are providing for your service offerings. For more information, see the BMC Service Level Management documentation that is available from the BMC Customer Support website. SLM Manager Users with SLM Manager

permission can perform the following functions that span the following two components: BMC SLM component

• create, modify, delete, and view agreements, service targets and contracts from the Service Level Manager console

• view SLM Dashboards


White paper


Main Components

Description

Asset Management component (Asset Management must be installed)

Note: The functions below are automatically granted, because Asset Management and BMC SLM use the same contract sub-system component, which is installed with the Foundation component):

• create and modify all contracts from Contract console

• create and modify license certificates from SAM console

• Manage License Jobs from the SAM console

Best practice: Grant these permissions to individuals performing the role of a Service Level Administrator, Service Level Manager or a Business Relationship Manager, or both.

Note: Users with the SLM Manager permissions do need Contract Admin or Contract User permissions.

SLM Unrestricted Manager

Users with SLM Unrestricted Manager permissions can perform functions that span the following two components: BMC SLM component

• create, modify, delete, and view agreements, service targets and contracts from the Service Level Manager console. In addition, this role has complete MSP (multi-tenancy) data access and can access data for all contracts (has access to




Main Components

Description

data regardless of any Company restrictions). This role does not include rights to the Application Administration console

• view SLM Dashboards Asset Management component (Asset Management component must be installed) Note: The following functions are automatically granted, because Asset Management and BMC SLM use the same contract sub-system component. This component is installed with the Foundation component.


• create and modify license certificates from SAM console

• Manage License Jobs from SAM console

Best practice: Grant these permissions to individuals performing the role of a Service Level Administrator, Service Level Manager or a Business Relationship Manager, or both, who requires access to all data regardless of any Company restrictions (that is, they can see all data regardless of Company row-level access restrictions).

Note: Users with the SLM Manager permissions do need the Contract Admin or Contract User permissions.

SLM Console and Dashboards User

Users with SLM console and Dashboards User permissions can perform the following functions:

• view agreements and


White paper


Main Components

Description

service targets from the Service Level Manager console

• view BMC SLM Dashboards

Note: Users with these permissions cannot add comments to agreements.

Best practice: Grant these permissions to Specialists or technicians who are responsible for providing support to services that require information about their service commitments.

SLM Customer Users with SLM Customer permission can view the BMC SLM Customer Dashboards. Best practice: Grant these permissions to either internal or external customers who need information about their service level agreements.


SLM Config Users with SLM Config permission can perform functions that span the following two components: SLM components

• create, modify, delete, and view agreements, service targets and contracts from the Service Level Manager console

• view SLM Dashboards

SLM Configuration components Configure Application Settings • configure Agreement

Owner lists to receive notifications

• configure Contracts Menu Items

• configure Data Source and applications to work with Service Target




Main Components

Description

• configure custom Goal Types

• manual update of SLA Compliance

• configure SLM preferences

• configure retroactive update of Measurement data

• configure the Review Periods for Compliance Performance

• configure custom SLM comments

• configure Service Target Group assignment

• configure Templates Configure Business Time • configure Business Time

Entity and Segments Configure collector module properties • configure Bulk

Performance Manager Nodes

• configure Collection Nodes

• configure Collection Points

Configure Defaults for Service Target and Agreement • configure Agreement

Defaults • configure Service Target

Defaults Import and Export various application definitions and data • Import and Export

Asset Management functions (when Asset Management is installed

Note: The functions listed below are automatically granted, because Asset Management and SLM use the same contract sub-

White paper


Main Components

Description

system component, which is installed with the Foundation component):


• create and modify license certificates from the SAM console

• Manage License Jobs from the SAM console

Best practice: Grant these permissions to individuals performing the role of a Service Level Manager and Service Level Administrator.

Note: Users with the SLM Config permission do not need SLM Manager permissions. Also Users with SLM Config permissions do not need Contract Admin or Contract User permissions.

RKM The RKM component is installed with the BMC Remedy Knowledge Management application. The RKM component is used to author and publish Knowledge Articles that appear throughout the BMC Remedy ITSM applications. They are used by support staff and customers to help resolve issues. For more information, see the BMC Remedy Knowledge Management documentation that is available from the BMC Customer Support website. Knowledge Admin

Users with Knowledge Admin permission can create and modify all Knowledge Articles. Best practice: Grant these permissions to individuals who perform the role of a Knowledge Manager. Users in this role can create system news flashes and run reports.


Knowledge User

Users with Knowledge User permissions can create and modify knowledge articles. They can also

No application license is



Main Components

Description

update all draft articles; however they cannot publish or retire articles. Best practice: Grant these permissions to advanced technical users or subject matter experts. These users are typically involved in the content review and approval process.

required

Knowledge Submitter

Users with Knowledge Submitter permission can create and modify knowledge articles that have In Progress status. Best practice: Grant these permissions to standard technical users who require access to create knowledge articles from incidents or other requests.


Knowledge Viewer

Users with Knowledge Viewer permissions can view Knowledge Articles. Best practice: Grant these permissions to all users who need to view Knowledge Articles.


Knowledge Config

Users with Infrastructure Knowledge Config permission can configure RKM settings. Best practice: Grant these permissions to individuals who need to configure the component functions mentioned in the preceding list of RKM permissions. Typically, you grant these permissions to someone playing the role of an Application Administrator.


Sub Components Description Activity The Activity sub component is installed with all BMC Remedy

ITSM applications. However, it currently is used only by Release Management. The Activity sub component is used to manage a release and to track its progress from initiation to completion. For more information, see the BMC Remedy Change Management User Guide.

White paper


Main Components

Description

Activity User Users with Activity User permission can create and modify all activities Best practice: Grant these permissions to individuals working with the Release Management application who were not granted the Release Master or Release User permissions.

Note: Users with either the Release Master or Release User permissions do need the Activity User or Viewer permission. These permissions grant full access to Activities.


Activity Viewer

Users with Activity Viewer permission can view all activities Best practice: Grant these permissions to individuals working with the Release Management application who have not been granted the Release Viewer permissions. Note: Users with Release Viewer permissions do not need the Activity Viewer permission. These permissions grant view access to Activities.


Activity Config

Users with Activity Config permissions can perform the following functions that span the following two components: Activity component

• configure Activity rules • configure Activity

Templates Task Management System component

Assignment settings: • configure Task

Assignment mappings Integration settings: • configure applications that




Main Components

Description

integrate with Task Management System



Task Configuration settings: • configure Task Group

Templates • configure Task Templates • configure Variable

Templates Best practice: Grant these permissions to individuals requiring configuration access to the component functions in the preceding list. Typically, you grant these permissions to someone playing the role of an Application Administrator.

Note: The Release Config permission grants full configuration access to the Activity configuration settings, with some exception regarding the Task Management settings. If a user does not need full access to the Task Management settings, do not grant them Activity Config permission if they already have Release Config permissions.

Financial The Financial sub component is installed with all ITSM applications. You use the Financial sub component to track costs across the various BMC Remedy ITSM applications. For more information, see the BMC Remedy IT Service Management Administration Guide. Cost Manager Users with Cost Manager

permissions can perform the following functions:

An application license is

White paper


Main Components

Description

• configure cost categories • configure Cost Center

information • configure Cost Rate

templates • configure Financial rules • configure Chargeback

periods Best practice: Grant these permissions to individuals performing the role of a Financial Manager or IT Controller. Also grant them to Application Administrators. The following permissions automatically inherit the Cost Manager permissions rights:

• Asset Admin • Incident Master

• Problem Master

Users with any of the permissions in the preceding list do not need the Cost Manager permissions to access Cost functions.

required

Cost User This permission is used infrequently. This is because, users who have any of the “User” type permissions get automatic access to Cost User functions that let them create, modify, and delete all cost records. Best practice: The following permissions automatically inherit the Cost User permissions rights:

• Contact Organization Admin

• Task Manager • Task User • Asset User • Infrastructure Change

Master • Infrastructure Change User • Activity User, Release

Master




Main Components

Description

• Release User • Incident User

• Problem User

Users with any of the permissions in the preceding list do not need the Cost User permissions to access the Cost functions within the various applications. Give the Cost User permission to any who needs to access the create and update cost functions but who does not have any of the previously mentioned permissions.

Cost Viewer This permission is used infrequently. This is because users who have any of the “Viewer” permissions can view all cost records. Best practice: The following permissions automatically inherit the Cost Viewer permissions rights:

• Task Viewer • Asset Viewer • Infrastructure Change

Viewer • Release Viewer • Activity Viewer • Incident Viewer

• Problem Viewer

Users with any of the previously mentioned permissions do not need Cost Viewer permissions to access view costing information within the various applications. Give the Cost Viewer permission to any who needs to view Costs but who does not have any of the previously mentioned permissions.


Foundation The Foundation sub component is installed along BMC Remedy ITSM applications. BMC Remedy ITSM applications use the Foundation sub component to manage common data structures used

White paper


Main Components

Description

by all applications. These data structures include Company, Organization, Location, Support Groups, People, Categorization and Product Catalog information. Foundation is also used to configure the AR Approval, Assignment, and the BMC Remedy ITSM Notification engine. Best practice: Grant the following permissions to individuals needing configuration access to these data structures and processes. Typically, you give these permissions to a person playing the role of an Application Administrator. Among the permission listed below are four key permissions that give configuration access to the main data structures of the BMC Remedy ITSM applications. These permissions are needed when starting the configuration process and include:

• Config Categorization Admin (used to configure the main categorization data structures)

• Config Group Mapping Admin (used to configure assignment routing mappings)

• Contact Location Admin (used to configure the Company and Location data strictures)

• Contact Organization Admin (used to configure the Company, Organization and People data structures)

For more information, see the BMC Remedy IT Service Management Administration Guide.

Approval Admin

Users with Approval Admin permissions can access the BMC Remedy Approval Server administration console. The Approval Server comes with the BMC Action Request System platform and is installed independently of the BMC Remedy ITSM applications. Best practice: You must also be a registered and active Process Administrator with Full Admin authority or an AR System Administrator to access the BMC Remedy Approval Server administration console. Typically, these permissions are needed only if you are extending or customizing the out-of-the-box approval server configurations. These permissions are not needed to manage the BMC Remedy ITSM applications




Main Components

Description

Approval Mappings. ASE-

Administrator Users with ASE-Administrator permission have configuration access to the BMC Remedy Assignment Engine. The BMC Remedy Assignment Engine comes with the BMC Action Request System platform and is installed independently of the BMC Remedy ITSM applications. Best practice: Typically, these permissions are only needed if you are extending or customizing the out-of-the-box assignment engine configuration options. These permissions are not needed to manage the BMC Remedy ITSM applications Assignment Mappings.


Command Event Master

Users with Command Event Master permission can perform the following functions:

• register applications that use CA) - an advanced feature)

• Define commands, command parameters and command parameter mappings for the CAI - an advanced feature

Best practice: The Infrastructure Change Config and the SRM Administrator permissions also grant access to the same two functions in the preceding list. Users with these permissions do not need the Command Event Master permission. Typically, these permissions are needed only if you are extending or customizing the CAI plug-in.


Config Categorization Admin

Users with Config Categorization Admin permission can perform the following functions:

• configure catalog mappings


White paper


Main Components

Description

• configure generic catalog structures (for example, the Resolution Category and Root Cause categories)

• configure operational categories

• configure product categories

• access the product catalog console

Best practice: This is a key permissions groups for Application Administrators who are implementing and administering BMC Remedy ITSM applications.

Config Categorization User

This permission will be deprecated. Please use the Config Categorization Admin permission as it grants the same level of access.


Config Group Mapping Admin

Users with Config Group Mapping Admin permission can configure Assignment Mappings. Best practice: This is a key permissions groups for Application Administrators who are implementing and administering BMC Remedy ITSM applications


Contact Location Admin

Users with Contact Location Admin permission can perform the following functions:

• create and modify company data

• configure country currencies

• create and update country, state or province and city data

• create and update site data • access the product catalog

console Best practice: This is a key permissions groups for Application Administrators who are implementing and administering




Main Components

Description

BMC Remedy ITSM applications Contact

Organization Admin

Users with Contact Organization Admin permission can perform the following functions that span the following three components: Foundation component

Organization data: • create and modify

company data • create and modify support

group data People data: • create and modify all

people records (full access to people data including both support and non-support staff excluding access to HR specific attributes)

• access the people management console to perform bulk updates

• perform support company access configuration

• configure people templates • access the product catalog

console Change Management component (when Change component is installed)

• configure Approval Mappings

Release Management component (when Release component is installed)

• configure Approval Mappings

Best practice: This is a key permissions groups for Application Administrators who are implementing and administering BMC Remedy ITSM applications.

Note: Users with Contact


White paper


Main Components

Description

Organization Admin permissions do not need Contact Support Admin, Contact People Admin and Contact People User permissions.

Contact Support Admin

Users with Contact Support Admin permission can perform the following functions that span the following three components: Foundation component

• create and modify all people records (full access to people data including both support and non-support staff excluding access to HR specific attributes)


• configure people templates Change Management component (when Change component is installed)

• configure approval mappings

Release Management component (when Release component is installed)

• configure approval mappings

Best practice: People with Contact Support Admin permissions do not need the Contact People Admin and Contact People User permissions.


Contact People Admin

Users with Contact People Admin permission can perform the following functions:

• create and modify all non-support people records (these permissions does not allow a user to create




Main Components

Description

support staff people records, nor does it give access to HR specific attributes)


Best practice: People with Contact People Admin permissions do not need Contact People User permissions.

Contact People HR Admin

Users with Contact People HR Admin permissions can access the following information from the Attributes tab on the People form:

• HR attendance management

• HR time management • benefit information • travel profile

Best practice: Give these permissions with one of the following permissions to give access to the HR specific attributes mentioned in the preceding list:


• Contact Support Admin • Contact People Admin

• Contact People User


Contact People User

Users with Contact People User permission can create and modify all non-support People records. These permissions, however, do not allow a user to create Support Staff people records, nor do they give access to HR specific attributes. People records can be created only in the “Proposed” state and access to change Profile Status is not permitted with these permissions. Best practice: The Contact People


White paper


Main Components

Description

User permissions are superseded by the Contact Organization Admin, Contact Support Admin and Contact People Admin permissions.

DSL Master Users with DSL Master permissions can perform the following functions from the Product Catalog console:

• create products and suites • create patch files • create SLIs

Best practice: The following three foundation permissions groups grant the same access to the Product console so Users with any of these permissions do need DSL Master permissions:

• Contact Location Admin • Contact Organization

Admin Config Categorization Admin


DSL Viewer Users with DSL Master permissions have access to the following functions from the Product Catalog console:

• View products and suites • view patch files • view SLIs

Best practice: These permissions should be given to users who need to view Product information using the Product Catalog console.


Licensing Users with Licensing permissions can grant AR Fixed or Floating licences to a person from within the People form. Best practice: Give these permissions with one of the following permissions to give grant access for the Action Request System licenses as mentioned above:




Main Components

Description


• Contact Support Admin • Contact People Admin

• Contact People User.

Notification Admin

Users with Notification Admin permissions can perform the following functions:

• configure country code option for paging services

• configure prefix numbers that appear on numeric pager messages to identify which application sent the page

• configure pager service parameters

Best practice: Give the Notification Admin permission to an Application Administrator who configures the paging parameters used in the Notification Engine. There are additional configuration forms used by the Notification Engine that can be configured, however you need AR Administrative permissions to access these forms. For further information please see the ITSM Notification Engine Guide.


Security Users with Security permissions can reset other user’s passwords from the Password Rest form. Best practice: Grant the security permission to the Application Administrator who resets passwords. This permission can also be given to user’s performing the role of a Service Desk Agent.


Return on Investment (ROI)

The ROI sub component is installed with all BMC Remedy ITSM applications. Managers use the ROI sub component to compare the baseline costs of various IT service management operations before implementing BMC Remedy ITSM with the actual costs that were incurred after the implementation.

White paper


Main Components

Description

For more information, see the BMC Remedy Incident Management User Guide. ROI Admin Users with ROI Admin

permissions can perform the following functions:

• configure ROI metric thresholds used by the ROI console

• access the ROI console Best practice: Grant these permissions to individuals who play the role of an IT Manager who needs to determine how much money their operational areas save by using the BMC Remedy ITSM applications.


ROI Viewer Users with ROI Viewer permissions can access the ROI console. Best practice: Grant these permissions to individuals that need to know how much money their operational areas save by using the BMC Remedy ITSM applications.


Task The Task Management System is a sub component that is installed with the BMC Remedy Incident Management, BMC Remedy Problem Management, BMC Remedy Change Management, and BMC Service Request Management applications. The Task component is used with the other applications (for example, Incident, Change, and so on) to create a task that must be completed as a step in an overall process. For more information, see the BMC Remedy Task Management Administrator’s Guide. Task Administrator

Users with Task Administrator permissions can perform functions that span the following three settings areas.

Assignment settings • configure Task

Assignment mappings Integration settings • configure applications that

integrate with Task




Main Components

Description

Management System • configure phase

management functionality for those applications that integrate with Task Management System


Task Configuration settings • configure Task Group


Templates Best practice: Grant these permissions to Application Administrators. The following three permissions groups Infrastructure Change Config, Release Config and Work Order Config grant some level of administration privileges similar to the Task Administrator permission. Users with either of these three permissions may not need to be give the Task Administrator permission. The Activity Config permission grants the same level of administrative privileges as the there a user with this permissions does not need to be granted the Task Administrator permission.

Task Application Config

Users with Task Application Config permission can perform the following functions that span the following two components. Foundation component

• register applications that use CAI (advanced feature)

• Define commands, command parameters, and


White paper


Main Components

Description

command parameter mappings for the CAI (advanced feature)

Task Management component Integration settings:

• configure applications that integrate with Task Management System



Best practice: The Infrastructure Change Config, SRM Administrator, and the Command Event Master permissions also grant access to the CAI functions mentioned above. Users with those permissions do not need the Task Application Config permissions unless they also need access to the Task Management functions. The Release Config, Activity Config and the Task Administrator permissions also grant access to the Task Management functions mentioned above. Users with these permissions do not need the Task Application Config permission unless they also need access to the CAI. Typically, you only need the Task Application Config permission if you are extending or customizing the CAI plug-in, or if you are integration another applications to the Task Management system.

Task Manager Users with Task Manager No



Main Components

Description

permissions have access to updated records. Best practice: The following permissions automatically inherit the Task Manager permissions

• Task Administrator • Infrastructure Change

Master • Infrastructure Change User

Incident Master • Problem Master

Users with any of these permissions do not need Task Manager permissions to use tasks.

application license is required

Task Process Config

Users with Task Process Config permissions can perform these functions that span the following two components.

Foundation component

• register applications that will use CAI (advanced feature)


Task Management components

Assignment settings: • configure Task

Assignment mappings Task Configuration settings: • configure Task Group


Templates Best practice: The Task Process Config permissions have similar access to the Task Management System as the Task Administrator permissions. Grant the Task


White paper


Main Components

Description

Process Config permissions to Application Administrators. Typically, the Task Process Config permission is granted to users that need some of the functions given by Task Administrator permission.

Task User Users with Task User permissions have access to updated records. Best practice: The following permissions automatically inherit the Task User permission rights:

• Task Administrator • Infrastructure Change

Submit • Infrastructure Change User • Infrastructure Change

Master • Release Master, Release

User • Activity User • Incident User • Problem User

Users with any these permissions do not need the Task User permissions to access Tasks. Give the Task User permission to anyone who needs access to the Task System to update Tasks but who does not have any of the previously mentioned permissions.


Typical permissions combination setups

This section guides you through the process of assigning people application permissions for the following BMC Remedy applications:

• BMC Remedy Asset Management • BMC Remedy Change Management (includes Release Management) • BMC Remedy Incident Management • BMC Remedy Problem Management • BMC Service Level Management • BMC Remedy Knowledge Management



Typically, you assign permissions combinations to the users in your IT organization based on their roles and responsibilities. The combinations suggested in the following table are defined by ITIL as typical and are used by the BMC Service Management Process Model (SMPM). For more information about the roles and responsibilities of users within the SMPM, see the Service Management Process Model Role Mapping to IT Service Management white paper. The following table is organized by Application, Role, and the permissions combination recommended for the role. Application Role Permissions combination Asset Management Configuration

Administrator • Asset Admin • Contract Admin • Purchasing User

(needed only if you use the Purchasing module)

• Incident Viewer • Problem Viewer • Release Viewer • Infrastructure Change

Viewer • Knowledge Viewer

Optional permissions • Contact Organization

Admin This permission is needed only when the user must create Support Groups that manage CIs. Otherwise, grant them the functional role of ‘Support Group Admin’. • Contact Categorization

Admin This permission is needed only if the user must create and update the Product Categorization data structures for the CI data.

Purchasing Agent • Purchasing User (needed only if you use the Purchasing module)

• Receiving User (needed only if you use the Purchasing module)

• Incident Viewer • Problem Viewer • Infrastructure Change

Viewer

White paper


Application Role Permissions combination • Release Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer

Change Management Change Approver • Incident Viewer • Problem Viewer • Infrastructure Change

Viewer • Release Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer

Functional role required You must assign this functional role to the user in addition to the permissions. • Infrastructure Change

Approver

Note: You can give this functional role to anyone who approves changes. It applies to all roles.

Change Coordinator • Infrastructure Change User

• Incident User • Problem User • Release Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer


Coordinator

Change Manager • Infrastructure Change User

• Incident User • Problem User



Application Role Permissions combination • Release Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer


Manager

Customer Representative • Task User • Infrastructure Change

Viewer • Incident Viewer • Problem Viewer • Release Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer

Release Management Release Coordinator

• Release User • Incident User • Problem User • Infrastructure Change

Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer

Functional role required You must assign this functional role to the user in addition to the permissions. • Release Coordinator

Incident Management Service Desk Analyst • Incident Master

• Problem Viewer • Infrastructure Change

Viewer • Release Viewer • Contract Viewer

White paper


Application Role Permissions combination • Asset Viewer • Knowledge User

Specialist • Incident User

• Problem User • Infrastructure Change

Viewer • Release Viewer • Contract Viewer • Asset Viewer • Knowledge User

Group Coordinator

• Incident User Note: You can give a user Master permissions if full access to Incidents is required.

• Problem User

Note: Give this individual Master permissions if they need full access to Problems, Known Errors or Solutions.

• Infrastructure Change User

• Release Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer

Operator • Incident User



Operations Manager

• Incident User • Problem Viewer • Infrastructure Change

Viewer • Release Viewer • Contract Viewer • Asset Viewer



Application Role Permissions combination • Knowledge Viewer

On-Duty Manager

• Incident User • Problem Viewer • Infrastructure Change


Problem Management Problem Coordinator • Problem User

Note: Give this individual Master permissions if they need full access to Problems, Known Errors or Solutions.

• Incident Viewer • Infrastructure Change


Functional Role You must assign this functional role to the user in addition to the permissions. • Problem Coordinator

Service Level Management Service Level

Administrator • SLM Manager • Contact Location

Admin • Contact Organization

Admin • Asset Admin • Task User • Incident Viewer • Problem Viewer • Release Viewer • Contract Viewer • Infrastructure Change

Viewer • Knowledge Viewer

White paper


Application Role Permissions combination Service Level Manager • Incident User



Service Owner • Incident User

• Problem Viewer • Infrastructure Change • Viewer • Release Viewer • Contract Viewer • Asset Viewer • Knowledge Viewer

When you assign permissions, it is important to use only the minimum number of permissions that allow the person to perform their job. BMC strongly recommends that you have only one set of permissions combinations for any given role. As illustrated by the preceding examples, there is only a few key permissions that a general application user needs to perform their duties. These permissions are described in the following table. Application Key Application User Permissions Asset Management • Asset Admin or Asset User

• Contract Admin or Viewer • Purchasing User • Receiving User

Change Management • Infrastructure Change Master, User or

Viewer

Release Management • Release Master, User or Viewer

Incident Management • Incident Master, User, or Viewer

Problem Management • Problem Master, User or Viewer

Task Management • Task User (This is only required in certain permission combinations. For more information, see the Task User permissions section earlier in this white paper.)

Service Request Management • Business Manager



• Service Request User • Work Order Master

Service Level Management • SLM Manager

Knowledge Management • Knowledge Admin, User or Viewer

The remaining permissions control access to the application configuration functions and are typically assigned either to an Application Administrator or an Application Process Owner. These permissions are described in the following table. Application Application Administrator/Process Owner

Permissions Asset Management • Asset Config

• Contract Config

Change Management • Change Config

Release Management • Release Config

Incident Management • Incident Config

Problem Management • Problem Config

Request Management (without SRM) • Requester Console Config • Requester Console Master • Summary Definition Config

Service Request Management (SRM) • Business Analyst • Entitlement Administrator • Request Catalog Manager • SRM Administrator • Work Order Config

Service Level Management • SLM Config

Knowledge Management • Knowledge Config

Activity • Activity Config

Financial • Cost Manager

Foundation • Approval Admin

• ASE-Administrator • Command Event Master • Config Categorization Admin • Config Categorization User

White paper


Application Application Administrator/Process Owner Permissions • Config Group Mapping Admin • Contact Location Admin • Contact Organization Admin • Contact Support Admin • Contact People Admin • Contact People HR Admin • Contact People User • DSL Master • Licensing • Notification Admin • Security

ROI • ROI Admin

Task • Task Administrator • Task Application Config • Task Process Config

*12345* *169813*

Remedy Applicatin Permissions

Documents

Transcript of Remedy Applicatin Permissions