Académique Documents
Professionnel Documents
Culture Documents
04
Concepts Guide
January 2011
www.bmc.com
Telephone
Fax
Fax
If you have comments or suggestions about this documentation, contact Information Design and Development by email at
doc_feedback@bmc.com.
IT Infrastructure Library is a registered trademark of the Office of Government Commerce and is used here by BMC Software, Inc.,
under license from and with the permission of OGC.
ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the
U.S. Patent and Trademark Office, and is used here by BMC Software, Inc., under license from and with the permission of OGC.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
UNIX is the registered trademark of The Open Group in the US and other countries.
The information included in this documentation is the proprietary and confidential information of BMC Software, Inc., its affiliates, or
licensors. Your use of this information is subject to the terms and conditions of the applicable End User License agreement for the product
and to the proprietary and restricted rights notices included in the product documentation.
Customer Support
You can obtain technical support by using the Support page on the BMC Software website or by contacting Customer
Support by telephone or email. To expedite your inquiry, please see Before Contacting BMC Software.
Support website
You can obtain technical support from BMC Software 24 hours a day, 7 days a week at
http://www.bmc.com/support. From this website, you can:
Read overviews about support services and programs that BMC Software offers.
Find the most current information about BMC Software products.
Search a database for problems similar to yours and possible solutions.
Order or download product documentation.
Report a problem or ask a question.
Subscribe to receive email notices when new product versions are released.
Find worldwide BMC Software support center locations and contact information, including email addresses, fax
numbers, and telephone numbers.
Product information
Product name
Product version (release number)
License number and password (trial or permanent)
Machine type
Operating system type, version, and service pack
System hardware configuration
Serial numbers
Related software (database, application, and communication) including type, version, and service pack or
maintenance level
Messages received (and the time and date that you received them)
In the United States and Canada, call 800 537 1813. Outside the United States and Canada, contact your local support
center for assistance.
Contents
Preface
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
AR System documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 1
11
What is AR System?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Example of a service desk solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AR System adaptability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AR System architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AR System clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AR System mid tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AR System server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Database servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Heterogeneous environment provides flexibility. . . . . . . . . . . . . . . . . . . . . . . . . . .
Distributed environments provide scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Application components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preserving customizations with overlays and custom objects . . . . . . . . . . . . . . . .
How application components work together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administrator responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Developer responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Programmer responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
12
13
14
16
18
18
19
20
20
21
23
24
25
26
26
Chapter 2
27
28
29
30
31
32
33
33
34
35
36
Chapter 3
37
Workflow
Access control
49
Extending AR System
59
63
Concepts Guide
Glossary
75
95
Preface
This guide discusses core concepts of BMC Remedy Action Request System
(AR System). AR System is the foundation for a wide range of business solutions,
from service desk call tracking to inventory management to integrated systems
management.
Audience
This guide is primarily for new administrators who will use AR System to create
or modify applications. Other audiences, including business managers and
persons evaluating and prototyping applications based on AR System, might also
find this guide helpful. Procedures, performance, and other topics are documented
in the books listed in the following section.
AR System documents
The following table lists documentation available for AR System 7.6.04.
Unless otherwise noted, online documentation in Adobe Acrobat (PDF) format is
available on AR System product installation DVDs, on the Customer Support
website (http://www.bmc.com/support), or both.
You can access product help through each products Help menu or by clicking
Help links.
NOTE
The AR System product help has not been updated for version 7.6.04. The help
topics still apply to version 7.6.03. For the most recent content, refer to the PDF
documentation.
Title
Description
1
Audience
Concepts Guide
Installation Guide
Administrators
Preface
Title
Description
Audience
Introduction to Application
Development with BMC
Remedy Developer Studio
Developers2
Form and Application Objects Information about AR System applications and their user
Guide
interface components, including forms, fields, views,
menus, and images.
Developers
Configuration Guide
Administrators
BMC Remedy Mid Tier Guide Information about configuring the mid tier, setting up
applications for the mid tier, and using applications in
browsers.
Administrators
Integration Guide
Administrators/
Instructions for integrating AR System with external
systems by using web services, plug-ins, and other products, Developers/
including LDAP, OLE, and ARDBC.
Programmers3
Optimizing and
Troubleshooting Guide
Database Reference
Administrators/
Developers/
Programmers
Administrators
C API Reference
Programmers
Programmers
Java API
Programmers
Information about Oracle Java classes, methods, and
variables that integrate with AR System. For the location of
the JAR file containing this online documentation, see the
information about the Java API in the Integration Guide.
Administrators/
Developers/
Programmers
Master Index
Everyone
Concepts Guide
AR System documents
Title
Description
Audience
Administrators
Release Notes
Everyone
Everyone
Developers
Administrators
Everyone
Administrators
Everyone
BMC Remedy Migrator 7.6.04 Outlines procedures for installing BMC Remedy Migrator,
BMC Remedy Migrator Guide setting options, and performing migration tasks.
Administrators /
Developers
Administrators /
Developers
example, BMC Remedy Action Request System 7.6.04 Concepts Guide), except the
BMC Remedy Migrator Guide and BMC Remedy Encryption Security Guide.
2 Application developers who use BMC Remedy Developer Studio.
3 C and Java programmers who write plug-ins and clients for AR System.
Preface
10
Concepts Guide
Chapter
11
What is AR System?
Every company, whether it makes bicycles or provides worldwide
telecommunications services, has its own business needs and processes. BMC
Remedy Action Request System (AR System) enables you to automate many
business processes without learning a programming language or complex
development tools.
AR System is a professional development environment that
12
Concepts Guide
What is AR System?
AR System adaptability
AR System strikes a balance between hard-coded applications, which are typically
inflexible, and development toolkits, which often require extensive technical
knowledge and time to use. Instead, AR System provides a platform from which
even nonprogrammers can modify ready-to-use BMC applications or create
custom applications to fit their unique enterprise.
Figure 1-1: AR System adaptability
13
Thanks to the rapid growth of his business and the flexible, adaptable architecture
of AR System, Paul opens new stores in cities across the country. He links all the
stores into one system and uses real-time graphic flashboards to track his entire
operation. Paul can track incidents, inventory, employee information, order
processing, and customer satisfaction from his office, and he can easily extend or
modify his system whenever changes occur in his organization.
AR System architecture
AR System is based on a multitiered client/server architecture that includes the
client tier, the mid tier, the server tier, and the data tier.
14
Mid tierContains components and add-in services that run on a web server,
enabling users to view applications on the web.
Data tierContains database servers and other data sources that can be
accessed by the AR System server. The database server acts as the data storage
and retrieval engine.
Concepts Guide
AR System architecture
15
AR System clients
AR System clients can be broadly divided into user clients and developer clients.
User clients
The user clients use standard interfaces for their respective environments:
Table 1-1: User clients
User client
Platform
Description
Browsers
Provide a user
interface to
AR System
applications
through the
mid tier
Provides a
Windows-based
user interface to
AR System
applications
Windows
16
Concepts Guide
AR System architecture
Developer clients
The developer clients are used to create, modify, and extend AR System
applications:
Table 1-2: Developer clients
Developer client
Description
Integration clients
BMC and its partners also offer the following tools for expanding the capabilities
of core AR System. These tools act as clients of AR System.
17
AR System server
The AR System server processes all data entered through a client. As the workflow
engine between client and database, the server writes data to the database when a
request is created and retrieves data from the database when a client requests it.
The server verifies that a user has permission to perform each transaction, thereby
enforcing any access control defined in an application. The server also
continuously evaluates the data in the database and each transaction to determine
whether the server should perform workflow. The server might also perform
workflow on a timed basis. See Chapter 3, Workflow.
The AR System server communicates with the mid tier, AR System clients, and
external applications by means of a well-defined API. The server is available for
each of these operating systems:
IBM AIX
NOTE
For the most accurate information about supported platforms and software, always
see the BMC Remedy compatibility matrixes on the Customer Support website
(http://www.bmc.com/support).
Server groups
To provide scalability and increase reliability, you can connect a group of
AR System servers to the same database and manage them as a unit by configuring
a server group. Server groups act as a single server to support the applications that
they run. Servers in the server group can be configured to spread the load of shared
services, and they can provide backup to each other to ensure that those services
are always available.
18
Concepts Guide
AR System architecture
Database servers
AR System uses standard relational databases to store and retrieve data.
Architecturally, the database server processes are completely separate from the
AR System server processes. Physically, the database server processes can run on
the same computer as the AR System server or on a different computer.
Because the AR System server manages all workflow, applications are
independent of the database. Therefore, applications created on an AR System
server running one type of database can easily be moved to a server running a
different type of database. BMC provides a simple export/import utility for this
purpose.
AR System can use any of these database platforms:
IBM DB2
Oracle
Sybase ASE
NOTE
For the most accurate information about supported platforms and software, always
see the BMC Remedy compatibility matrixes on the Customer Support website
(http://www.bmc.com/support).
AR System workflow components can search for records (requests) in the
AR System database and act on the results of the search. Clients can use the
following types of searches:
Query-by-example (QBE)
Advanced search
Predefined
Recent
An administrator can create and store searches that are commonly performed by
users. A user can define personal searches for forms to which the user has access.
AR System can also work with data stored in external databases and other data
sources that are not managed by AR System. AR System accesses these data
sources through view forms. In addition, AR System can use AR System database
connectivity (ARDBC) to work with data not stored in databases as if the data were
locally owned.
19
Browsers can use a Windows-based mid tier to access forms on a UNIX server.
20
Concepts Guide
Application components
Application components
AR System provides extensive authoring capabilities for applications built for web
and Windows environments. Applications developed with BMC Remedy
Developer Studio are fully customizable and extensible. You can add your own
fields, objects, and templates to any application, whether it was created by you,
purchased from BMC, or acquired from a third party.
This section introduces the main components of an AR System application.
21
22
MenuMenus are lists that you create to guide the user in entering information
in fields on forms. A menu can contain all possible values for a field, or it can
contain some possible values, enabling users to enter text that is not on the
menu. You can design dynamic menus, which change their contents based on
the data already entered in the form. See Field menus on page 34.
Concepts Guide
Application components
23
For more information, see the Form and Application Objects Guide, Customizing
objects, page 119.
In addition, the Best Practice Conversion utility enables you to convert pre-7.6.04
customizations to overlays or custom objects. See the Installation Guide,
Preserving pre-7.6.04 customizations, page 116.
24
Concepts Guide
Administrator responsibilities
If the situation had been flagged as an emergency and no one was assigned to the
request within an hour, an escalation would have paged all required support
personnel, and a filter would have sent Ramona an email message informing her
of the status of her request.
Administrator responsibilities
Typically, AR System administrators are responsible for some or all of these tasks:
25
Developer responsibilities
Typically, AR System developers are responsible for some or all of these tasks:
Programmer responsibilities
Typically, AR System programmers are responsible for some or all of these tasks:
26
Writing plug-ins and custom clients that use the AR System C API, Java API, or
Java plug-in API
Concepts Guide
Chapter
This chapter describes forms and how forms are used in applications. It also
describes localization features for applications.
The following topics are provided:
Chapter 2
27
28
Concepts Guide
Types of forms
You can create the following types of forms, as illustrated in Figure 2-3 on page 30:
Table 2-1: Form types
Form type
Description
Regular
Information submitted through and displayed in regular forms is stored in database tables.
These forms are typically the main forms in applications. They are also called data forms.
Display-only
These forms contain display-only fields that enable users to accomplish specific tasks. These
forms are typically used to create control panels, which are launch points from which users
choose other tasks. Display-only forms can also be used to create dialog boxes, which prompt
users as they fill out a form. Display-only forms do not contain data, so no database tables
are associated with them.
Join
These forms are composed of fields from two or more existing forms. Join forms are useful
when you have information in multiple forms that you want to display in a single form. Join
forms do not contain data, so they have no database tables associated with them. The data is
contained in the underlying forms that make up the join form.
View
These forms enable users to connect to database tables created outside of AR System. These
forms enable you to bring data from other applications that is stored in a database into
AR System without replication or programming.
Vendor
These forms enable users to connect to external data sourcessuch as text files, spreadsheets,
or database tables residing on local or remote serversthrough an ARDBC plug-in. Some
programming is required to connect to the data source.
Chapter 2
29
Form views
A view is a visual representation of a form. To reuse a form for diverse groups
while accommodating each groups unique needs, you can create a different view
of the form for each group. This enables you to customize the interface of an
AR System application so that each group sees the system as its own.
30
Concepts Guide
You can create as many views of a form as you need. For example, you can provide
views customized according to the following criteria:
Tailor views to provide the best result in the target display environment, such
as browsers
Chapter 2
31
Types of fields
Fields enable you to control how information is captured and displayed in forms.
You can include the following types of fields in forms:
Table 2-2: Field types
Field type
Description
Data
Contains data values stored in database tables. You can set these characteristics of data
fields:
Whether users can access the field and, if so, whether they can only view the field or
also change its contents.
The type of data that the field can contain (such as characters, integers, dates, or times).
The amount of information that the field can contain (field length).
Whether the field is visible or hidden.
Whether the field is enabled or disabled.
Whether the field is required, optional, or display-only. (A display-only field is a
temporary field for which no space is allocated in the database.)
Where the field appears on the form.
How the field is displayed (for example, its label and physical appearance).
How information is entered into the field (for example, by typing or by selecting items
from a list or a menu).
The fields default value.
Whether fields are indexed for faster searches.
Table
Displays data from other requests in the context of the current request. Table field styles
are list view, tree view, cell-based, results list, and alert list.
Attachment
View
Provides a browser window in a form. The browser can display any URL, HTML
content, or file format (including contents of attachments) that is compatible with a
browser.
Data visualization
Application list
Displays a list of entry points. An entry point is a link that users click to open forms on the
correct server in the required mode (New or Search).
AR System automatically generates the contents of the application list. The entry points
that a user sees in the list are only those to which the user has access.
Any form that contains an application list field can be used as a home page. A home page
is a single point of access into AR System.
Horizontal and
vertical navigation
Enables users to navigate to the correct screen in an application quickly and easily.
Control
Triggers active links. Control fields include buttons, menu items, and toolbar buttons.
Panel
Organizes other fields on forms into smaller containers that can be hidden when not
needed. Panel fields can have various formats, such as tabbed, collapsible, splitter, and
accordion.
Trim
Adds boxes, lines, and text to enhance the visual appearance of forms.
32
Concepts Guide
Types of fields
You can add as many fields as you need to a form (within the limits of your
database) to capture and display the information required by your application.
You can use workflow to manipulate the attributes of fields. For example, you can
set permissions for a group of trim fields or active link control fields so that they
are inaccessible to certain groups of users, or you can add tabs in a panel field that
are visible to some users (such as managers or support staff) but not to others.
They can have context-sensitive help associated with them to help users learn
more about them.
AR System automatically records their history, including their owner (the user
who created them), the user who last modified them, and the date and time that
they were last modified.
Modified DateDate and time that the request was last modified.
Status HistoryTime the requests status was last changed and who changed
it. This field does not appear in forms. To view the information in this field,
users must display a request and choose View > Status History.
These fields provide basic capabilities that most application designers need. For
more information, see the Form and Application Objects Guide, Core fields,
page 472.
Chapter 2
33
AR System has templates for blank forms and forms with core fields. You cannot
delete core fields from a form created with them, but you can hide them from a
users view and change their labels, location, and appearance.
The following table shows the meaning of the field label styles:
Table 2-3: Field label styles
Style
Description
Bold
Italic
Plain
Field menus
Field menus help users enter data and ensure that the data is consistent. You can
attach a menu to any character field (character fields are data fields that hold
alphanumeric characters). Menus can be statically defined, dynamically built by
searching AR System databases and external databases, or read from text files
written by other applications.
Menus are separate objects stored independently of a form. This means that you
can create a single menu and use it for multiple forms and for multiple fields in one
form.
AR System defines these types of menus:
Table 2-4: Menu types (Sheet 1 of 2)
34
Menu type
Description
Character
File
Contains items that are created and maintained in a plain text file. The
file can be stored on the system where BMC Remedy User is running
or on the AR System server. File menus are convenient when you do
not want to store the data in the AR System database. To change a file
menu, simply update the file; the changes are applied when the menu
is refreshed. File menus can have submenus.
Search
Concepts Guide
Forms in applications
Description
SQL
Data dictionary
Forms in applications
An AR System application is a server object that contains references to one or more
forms. When an application references a form, AR System automatically includes
all the workflow and other components (such as menus) associated with the form
in the application.
Sometimes a single form can contain all of an applications functionality. For
example, a small application that tracks product defects can use a single defecttracking form to capture and display all required information.
Most applications, however, need several forms to capture, track, and organize
information. One or more forms make up the applications main forms (sometimes
called primary forms) that users interact with directly. Often, the main form is a
console that serves as a navigation and information center. The application can also
have other forms, called supporting forms, which supply information needed by the
main forms.
You can create the following types of applications:
Local applications use permissions based on groups defined on the local server.
Therefore, these applications are usually used on a single server.
For information about groups and roles, see Chapter 4, Access control.
Chapter 2
35
Localized applications
Localization is the process of customizing an application for use in various
languages, countries, and cultures. AR System provides an internationalized
environment for building, testing, and localizing applications.
A locale describes the language, country setting, and other characteristics of the
local systems user interface. You can create an AR System application to run in a
particular locale, or you can make your application simultaneously available in
multiple locales.
The development environment enables you to localize all aspects of the user
interface:
Language used for labels, messages, help text, reports, menus, and any other
words that are part of a forms user interface
You can store each localized version of a form as a view. Therefore, the same
application can provide separate user interfaces (views) for British English,
Australian English, Mexican Spanish, and Peruvian Spanish.
NOTE
Although the user interface is tailored to each users locale, the data and workflow are
the same for all users. Therefore, you need to agree on the language for the data
before the application is made available.
The localization features are automatic for the user and easy to implement for the
application builder. To localize an application for a given locale, an administrator
need create views only for that locale and add corresponding messages to the
message catalog. Utilities are available to assist with this work. See the Form and
Application Objects Guide, Localizing AR System applications, page 577.
36
Concepts Guide
Chapter
Workflow
For detailed information about workflow, see the Workflow Objects Guide.
Chapter 3 Workflow
37
38
Component
Triggered by
Active link
Events
Client
Filter
Events
Server
Escalation
Time
Server
Concepts Guide
NOTE
API calls to the server trigger filters but not active links. If a business rule must be
fired on any input (including user input and input from an integrated process
using an API), the business logic must be in both an active link and a filter.
Chapter 3 Workflow
39
You can refine execution options by specifying a qualification that must be met
before an action is taken. Qualifications are often required to ensure that workflow
actions apply only to certain requests. In addition, carefully designed
qualifications make workflow components more efficient and powerful.
You can specify a primary action and an alternative action. If an operation meets
the qualification, the primary (if) action is performed; if not, the alternative
(else) action is performed, as shown in Figure 3-2 on page 41.
40
Concepts Guide
Workflow actions
The following table lists some of the actions that active links, filters, and escalations
can perform. For a complete list, see the Workflow Objects Guide , Types of
workflow actions, page 75.
Table 3-2: Workflow actions (Sheet 1 of 3)
Action
Description
Change Field
Close Window
Escalation
Chapter 3 Workflow
41
Description
Message
Escalation
Open Window
Run Process
42
Concepts Guide
Description
Escalation
Service
Set Fields
Description
Button/Menu Field
Gain Focus
Display
Hover on Field
Lose Focus
Menu Choice
Hover on Data
Hover on Label
Chapter 3 Workflow
43
Table 3-3: Execution options for active links and filters (Sheet 2 of 2)
Execution option
Description
Modify
Service
Submit
Table Refresh
Window Open
+
+
44
An active link that runs on Window Open might check the users permission to
open a Modify All window and, if the user does not have permission, generate
an error message, preventing the window from opening.
Concepts Guide
More than one active link or filter can run on the same execution option. In this
case, you can specify the order that you want it to fire in relation to the other active
links or filters. One reason to do so is that the output of one active link can affect
another active link. By carefully ordering a group of active links, you can perform
very complex operations.
When active links and filters are bundled into guides, execution order within the
guides is ignored. Instead, workflow executes in positional order within a guide.
This enables a guide procedure to run without affecting the order of workflow
outside the guide.
Chapter 3 Workflow
45
An alternative (else) action for the example in Figure 3-3 might be to notify the
manager that all requests comply with the assignment rule. This action would run
only if no requests meet the escalation qualification.
Workflow qualifications
Qualifications in active links, filters, and escalations enable you to define the data
condition that causes the workflow component to take action.
You can use qualifications to check values in fields, the amount of time that has
passed since a specified event occurred, and many other factors. For example, a
qualification might check whether the priority of a request is High or Critical or
whether the day is a weekend day.
46
Concepts Guide
Workflow qualifications
Qualifications with active links and filters work differently from qualifications
with escalations:
Active link and filter qualifications control which actions, if any, are run for the
current request. For example, an active link can run actions whenever a specific
field is filled in (execution option), or it can run actions whenever the field is
filled in and the value in the field is invalid (qualification).
Escalations are run whenever the scheduled time arrives. The qualification is an
essential part of most escalations, not simply a refinement. It determines the
requests on which the primary (if) escalation actions are run. Without a
qualification, the primary actions are run on every request (record) in the form
to which the escalation is attached. For example, if an escalation simply sent a
notification every hour (execution option), the notification would be
meaningless. A meaningful escalation, however, might check every hour
(execution option) whether three or more hours have elapsed since a request
was submitted and the request is unassigned (qualification), and then send a
notification listing the unassigned requests to a manager. If no requests meet the
qualification, the escalation might specify alternative (else) actions that are
executed once, such as sending the manager a notice that all requests comply
with the assignment rule. For an illustration of how qualifications are used in
escalations, see Figure 3-3 on page 46.
For filters, the qualification can check the value of a field in the database, in the
current transaction, or both. This makes it possible to check whether the value of
the field is changing. For example, if you have a business rule that service desk
requests can be closed only if they have been fixed, a filter could check all
transactions that change the status of a request to Closed. If the database value of
the status is Fixed, the request can be modified; otherwise, the change is not
allowed.
Keywords in qualifications
A keyword is a variable whose value is defined by AR System. Keyword names are
uppercase and enclosed in dollar signs. For example, $USER$ represents the name
of the user who is currently logged in, $TIMESTAMP$ represents the current date
and time, and $OPERATION$ represents the operation currently in progress.
Keywords are used to build qualifications. Keywords can be used almost
anywhere a qualification can be defined or a value specified:
Defining qualifications for search menus and for workflow. For example,
workflow can check the value of the keyword $OS$ to ensure that the operating
system can run a process that you specify in workflow.
For a complete list of keywords, see the Workflow Objects Guide, Keywords,
page 221.
Chapter 3 Workflow
47
48
Concepts Guide
Chapter
Access control
Chapter 4
Access control
49
Server
This approach provides a wide range of control over data access, enabling you to
restrict access broadly at the highest levels (server and form) and narrowly at the
request and field levels. Because you can refine your data access criteria so
precisely, you can use a single form for many different purposes simply by setting
the appropriate permissions.
50
Concepts Guide
Users are assigned to groups according to their need to access information. For
example, you might create a group called Employee Services Staff whose members
are permitted to view and change only certain fields in an Employee Information
form. You might have another group called Employee Services Managers whose
members are permitted to view and change all fields in the Employee Information
form, including salary information. You can also configure a hierarchical
relationship between groups to allow the parent group to inherit the permissions
of the child group.
AR System has predefined groups that perform specific functions (see Types of
access control groups on page 52). In addition, you can create any number of
custom groups in AR System to enforce access control. You can also permit
unregistered users to access AR System as guests. Guests are members of the
predefined Public group.
Chapter 4
Access control
51
Description
Predefined groups1
Administrator
Sub Administrator
Customize
Custom groups2
Any regular and computed groups that
you create.
Regular groups are groups to which you
assign a specific list of users.
Computed groups are groups to which
users are assigned based on their
memberships in groups included in an
expression. For example, you can create
a computed group definition such as
(A AND B) OR C AND NOT D. This
computed group includes users who are
members of both groups A and B, or
members of group C, but not members
of group D.
Implicit
Public
Submitter
Assignee
Assignee Group
For more information, see the Form and Application Objects Guide, Defining access
control, page 21.
Additive permissions
Access control in AR System is additive. This means that each user in AR System
starts out with no access permissions. Administrators add users to access control
groups as needed. In this way, AR System implements strict access control:
administrators must make a conscious decision to add users to groups on a caseby-case basis.
52
Concepts Guide
Role-based access
Role-based access
In deployable applications, access permissions are based on roles. Like groups,
roles have permissions to access forms, fields, active links, and so on. Unlike
groups, however, roles are defined for an application and are then associated with
groups on the server where the application is deployed.
Roles make deployable applications easy to install on a variety of servers. You
assign users to groups and then associate the groups with roles. This enables you
to install an application on servers that have different groups without redefining
the applications object permissions for each server.
NOTE
For simplification, user access is usually described in terms of group permissions. In
deployable applications, which use role permissions, user access is ultimately
determined by which groups are mapped to which roles.
Chapter 4
Access control
53
54
Concepts Guide
Description
AR System server
Users must pass an initial checkpoint when they start an AR System client, such as a
browser or BMC Remedy User. At this point, users must enter a valid user name, a
password, and, as an option, an authentication string. AR System servers check the user
name, password, and authentication string each time a client requests a transaction,
such as when opening a form or changing a field.
Note: If your AR System server is configured to allow guest users, such users can log in
to the server without a valid user name or password. See the Configuration Guide,
Allowing guest users, page 64.
Form
As an administrator, you give groups access to forms according to each groups need to
view or change information in the form. Visible access enables users to access a form from
the Object List. Hidden access makes a form available only through workflow. Static
permissions inheritance and dynamic permissions inheritance properties control access to the
form for parent groups. If a group is not given access to a form, members of that group
cannot view the form or change the requests that it contains.
Field
You can control access to each field on a form, including nondata fields such as trim
fields, table fields, and active link control fields. You can make a field visible to users or
hide the field so that it is accessible only through workflow. For data fields, you also
specify whether a group can only view field information or also change it. If a group
cannot access a field, the field does not appear when members of the group open the
form.
Active link
In addition to controlling access to form and field data, you can control access to active
links, which trigger a variety of workflow actions. For example, you might allow
support staff to trigger several active links appropriate to their work but not allow other
users to trigger those active links.
Groups do not automatically have access to the field associated with an active link. You
must grant them access to the active link and to the field. For active links that fire when
users click a button or choose a menu item, the users must have access to both the button
or menu item and the active link to trigger the active link.
When you create an active link guide, you specify the groups that have access to it. To
access an active link guide, a user must have permission to each active link in the guide
and to the guide itself. If a user has access to all active links in a guide but not to the
guide, the guide does not appear.
Request
You can strictly control who can access requests associated with a form. For example,
you might want only managers to access requests with confidential employee
information. Or you might provide an outsourcing service in which you use AR System
as the central service desk for several companies, and you do not want one company to
see requests from another company.
Chapter 4
Access control
55
NOTE
AR System includes a setting that enables you to permit users who are not
recognized users to access to AR System applications as a member of the Public
Group. For more information, see User and group access on page 50.
Although licensing is not a component of access control, licensing can affect a
users ability to perform an operation that you grant her permission to perform.
For example, if a user is a member of a group that has Change permission to a field
but you did not give her the appropriate write license, she cannot change the field.
License types
You can assign the types of user licenses listed in this table:
Table 4-3: License types (Sheet 1 of 2)
License
Description
Read
Enables users to search for and display requests within their assigned permissions.
Administrators can configure the AR System server to enable users with Read licenses to
submit requests and to modify requests that they submit.
Restricted Read
Enables users to search for and display requests within their assigned permissions.
Administrators can configure the AR System server to enable users with Restricted Read
licenses to submit requests. But users with Restricted Read licenses cannot modify any
requests, including their own.
Restricted Read licenses do enable the same login account to access AR System from
multiple IP addresses simultaneously.
56
Concepts Guide
Description
Fixed
Includes all the capabilities of a Read license, and also enables users (based on the
permissions of the groups to which they belong) to modify and save requests that they did
not submit. AR System administrators and subadministrators must have a Fixed license.
Other AR System users who consistently need to modify requests must also have Fixed
licenses.
A fixed write license is associated with a user name and is always reserved for that user.
Users who have a fixed write license can access the AR System server at any time.
Floating
Includes all the capabilities of a Read license, and also enables users to modify and save
data for requests that they did not submit based on the groups to which they belong.
Multiple users can use the same Floating licenses, one user at a time: they are available on
a first-come, first-served basis. This type of license is designed for users who occasionally
need to modify and save requests.
When a user who is assigned a Floating license logs in to AR System, the user is given a
Read license. When the user attempts to perform a search, modify, or submit operation,
AR System checks for an available Floating license, and the following occurs:
If a Floating license is available, the user is granted write access to requests. The user
retains write access until the Floating license is released (for more information, see
Releasing floating licenses on page 53).
If no Floating licenses are available, the user is notified and continues to use the Read
license until a Floating license becomes available.
Generally, Floating licenses are shared by all AR System users. You can, however, define
license pools to reserve a set of Floating licenses for a group of users. This enables you to
prioritize the availability of Floating licenses. For example, you can allocate a number of
licenses to department managers to make sure that they can immediately approve
essential requests. Users who do not belong to this group cannot acquire any of the
reserved licenses.
An AR System server provides three fixed write licenses and unlimited read and
restricted read licenses. You can purchase additional fixed write licenses and
floating write licenses from BMC or from an authorized reseller.
For more information about licensing, see the Configuration Guide, Licensing
AR System, page 35.
Chapter 4
Access control
57
58
Concepts Guide
Chapter
Extending AR System
Chapter 5
Extending AR System
59
BMC Remedy Encryption Standard Security is built into the BMC Remedy
products.
NOTE
For limitations on using BMC Remedy Migrator with other BMC applications, see
the BMC Remedy Migrator Release Notes on the Customer Support website (http:/
/www.bmc.com/support).
60
Concepts Guide
AR Systembased solutions
The following BMC Remedy solutions for IT service and customer relationship
management are based on AR System:
Chapter 5
Extending AR System
61
Web services
Asset/inventory management
Groupware
Legacy management
Report writers
Remote access
Fax/pager/email
Knowledge bases
62
Concepts Guide
Chapter
63
This chapter focuses on the first application, managing and tracking animals.
Track the complete medical history of each animal, including preventive care
such as dental work, vaccinations, and parasite checks.
All these goals relate to tracking animals throughout their life at the park, as shown
in Figure 6-1 on page 65.
64
Concepts Guide
Considerations
Considerations
After defining the application goals, the staff begins more detailed planning. This
section discusses various questions that any organization needs to consider to
create a useful application, including data analysis, workflow analysis, identifying
the business rules to be enforced, mapping the business rules to workflow
components, and considering whether any integrations are required.
NOTE
The planning and design process is thoroughly covered in the BMC Remedy
AR System 7.x: Application Requirements Analysis, Design, and Development
course offered by BMC. See http://www.bmc.com/education.
65
Analyzing data
As the park staff members begin to plan their animal management application,
they analyze the data by answering these questions:
How is this data stored in their current system (for example, in a legacy database
or in paper forms)?
Should they include menus on the forms and, if so, which kinds are most
appropriate to help staff members fill in fields?
The staff determines that they need these forms (shown in Figure 6-2) to capture
information:
66
Concepts Guide
Considerations
Analyzing workflow
Next, the staff considers the parks current organizational processes:
To manage, access, and track the processes, what information do the groups
need?
Some of the AR System groups or roles that the park needs are:
67
68
An escalation to notify keepers when an animal has not been fed within one
hour of its scheduled feeding time.
Concepts Guide
Considering integrations
The staff considers what other software products or databases must initially be
integrated into the application and what future integrations are desirable:
The staff must be able to enter data while they are out in the park, perhaps using
handheld devices.
Eventually, the staff might want to integrate information about the botanical
gardens at the park, although this could be maintained separately.
69
After he transfers the tiger, Gary changes the Status field from Move Pending to
Permanent. When he saves his changes, workflow components create new
requests in related forms and notify the Veterinarian group and the Animal
Handlers group to begin the care and feeding of the new animal. These requests
and notifications illustrate one way of handling work orders in AR System.
Figure 6-3: Active link and filter in the animal tracking application
1
Dialog Box
Enclosure Form
Animal Form
Number
Name
Karuna
Type
Sumatran Tiger
Status
New
Active Link
lists all enclosures
and their capacity.
List
Enclosures
16
Assigned to
Enclosure
Status
Habitat
Full
Waterhole
Full
Steppe
16
Available
Jungle
20
Available
Steppe
Cancel
Continue
User submits
request.
Filter
Action 1.
Notify Animal Handlers group via email:
"New Sumatran tiger must be transferred
to Enclosure 16."
Action 2.
Notify Submitter: "Animal handlers have
been informed of tigers arrival."
TIP
This example is similar to moves, adds, and changes (MAC) in an employee services
application.
70
Concepts Guide
One morning when the keepers are making their daily rounds, they notice that the
tiger, Karuna, has been injured, so they notify the veterinarians. A veterinarian
looks at the Animal form and checks a table field that contains data from the
Medical History form, as illustrated in Figure 6-4 on page 71. She discovers that
Karuna has no history of serious injury or illness.
To be treated, Karuna must be tranquilized and moved to the veterinary hospital
for surgery. He has been tranquilized before without incident as indicated by the
Tranquilizer Notes field on the Animal form, so the veterinarian computes the
dosage and sets out with several animal handlers to bring in the tiger.
Figure 6-4: Table field in the animal tracking application
During the prototyping phase, staffers had to open the Medical History form
separately to learn about Karunas record with tranquilizers. The veterinary staff
pointed out that they wanted that important information readily available during
an emergency. So the Tranquilizer Notes field was added to the Animal form, and
a filter that executes on Submit was added to post a message to the veterinarians,
reminding them to update the Tranquilizer Notes if necessary.
TIP
This process is similar to handling a customer call in a technical support
application. The technical support representatives might decide that they need
important information about a customer on a main form rather than on a
supporting form.
71
After several years, the animal park determines that it should have a different male
tiger to maintain genetic diversity in its tiger population. By examining a database
maintained by zoos worldwide, the staff discovers a tiger that is available and has
no common ancestors with Karuna or with the parks female tigers. They decide to
trade Karuna, and a staffer changes Karunas status from Permanent to Trade
Pending, thereby triggering the same notification filter that was used when
Karuna arrived. This time, it notifies the animal handlers to move Karuna to a
temporary cage, as shown in Figure 6-5 on page 72.
Figure 6-5: Notifications in the animal tracking application
After Karuna leaves the park, his status is changed to Traded. When the changed
request is submitted, a filter uses a Push Fields action to move all of Karunas data
from the Animal form to the Former Resident form, as shown in Figure 6-6.
72
Concepts Guide
Figure 6-6: Push Fields action used in the animal tracking application
The Medical History form is not archived or changed because the staff might, at
any point, want information from the medical records. For example, they might
want information about all tiger surgeries performed at the park.
TIP
This process is similar to retiring an asset in an asset management application: you
need to track the problem history of an asset during its active use and after its
retirement.
73
74
Concepts Guide
Glossary
This glossary defines common terms used with
AR System.
access control
Ad Hoc process
Glossary
75
76
Concepts Guide
application
Glossary
77
78
Concepts Guide
Glossary
character menu
Glossary
79
computed group
80
Concepts Guide
Customize group
Glossary
Glossary
81
distributed pools
Concepts Guide
DSO actions
Glossary
email engine
See request.
entry point
export
83
filter guide
84
Concepts Guide
FTS
Glossary
global field
hold
Glossary
85
86
Concepts Guide
macro bar
Glossary
mid tier
operator
Glossary
87
override reject
Concepts Guide
parent group
Glossary
plug-in server
read license
Glossary
89
Request ID field
90
Concepts Guide
Roles form
See form.
search
Glossary
server group
SQL menu
Glossary
91
Submitter group
task
92
transfer
Concepts Guide
Glossary
vendor form
workflow
Glossary
93
94
Concepts Guide
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Index
A
access control
about 49
groups, about 50
groups, membership 53
groups, types 52
hierarchical 54
licensing and 56
multitiered 54
permissions, additive 52
role-based 53
users and 50
actions
about workflow 40, 41
Change Field 41
Close Window 41
if/else 40, 45, 47
Message 42
Notify 42
Open Window 42
Push Fields 42
Run Process 42
Service 43
Set Fields 43
active links
about 23
API calls and 39
execution options 43
execution order 44
guides 40
user-controlled execution options 44
adaptability, AR System 13
additive permissions 52
Administrator access control group 52
administrators, responsibilities 25
AIE 17
Alert List form 16
alert list tables 32
alerts 16
analytics 61
animal tracking example application 63
Apache Tomcat 18
API calls, workflow and 39
application list fields 32
application programming interfaces. See API
applications
about 21, 35
animal tracking example 63
components 21
deployable 35
entry points 32
forms and 35
local 35
localizing 36
AR System database connectivity (ARDBC)
database servers and 19
architecture, AR System 14
ARDBC. See AR System database connectivity
asset management products 61
Assigned To field 33
Assignee access control group 52
Assignee Group access control group 52
attachment fields 32
B
BMC Analytics for BSM 61
BMC Atrium applications 61
BMC Atrium CMDB 61
BMC Atrium Core 61
BMC Atrium Integration Engine 17, 61
BMC Atrium Orchestrator 62
BMC Dashboards for BSM 61
BMC Discovery Solution 61
BMC Performance Manager 62
BMC Product Catalog 61
BMC Remedy Alert 16
BMC Remedy Asset Management 61
BMC Remedy Change Management 61
BMC Remedy Data Import 17
BMC Remedy Developer Studio 17
BMC Remedy Distributed Server Option 20, 60
Index
95
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
BMC Remedy Encryption Performance 60
BMC Remedy Encryption Premium 60
BMC Remedy Encryption products 60
BMC Remedy Incident Management 61
BMC Remedy IT Service Management Suite 61
BMC Remedy Knowledge Management 17, 61
BMC Remedy Mid Tier. See mid tier
BMC Remedy Migrator 17, 60
BMC Remedy Problem Management 61
BMC Remedy Service Desk 61
BMC Remedy User 16
BMC Service Impact Manager 62
BMC Service Level Management 61
BMC Service Request Management 61
BMC Software, contacting 2
browsers, AR System user interface 16
BSM 12, 61, 62
Business Service Management 12, 61, 62
button fields 32
Button/Menu Field execution option 43
C
cell-based tables 32
Change Field action 41
change management products 61
character menus 34
client tier, AR System 14
client-based workflow 39
clients
AR System 16
architectural tier 14
BMC Atrium Integration Engine 17
BMC Remedy Alert 16
BMC Remedy Data Import 17
BMC Remedy Developer Studio 17
BMC Remedy Knowledge Management 17
BMC Remedy Migrator 17
BMC Remedy User 16
browser-based 16
developer 17
integration 17
user 16
Windows-based 16
Close Window action 41
CMDB 61
components
application 21
example of how they work 24
workflow 38
computed groups 52
configuration management database 61
96
Concepts Guide
D
dashboards 61
data
fields 28
importing 17
tier, AR System 14
working with external 19
data dictionary menus 35
data fields 32
data forms 29
data visualization fields 32
database servers 19
databases
forms in 29
platforms for AR System 19
deployable applications 35
developer clients 17
Developer Studio 17
developers, responsibilities of AR System 26
dialog boxes 29
discovery products 61
display-only fields 32
display-only forms 29
distributed computing environments 20
Distributed Server Option 20, 60
documentation, AR System 7
DSO. See Distributed Server Option
dynamic groups 52
E
else actions 40, 45, 47
encryption
performance 60
premium 60
standard 60
engines
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
engines (continued)
JavaServer Pages 18
JSP 18
servlet 18
entry points 32
environments, computing
distributed 20
heterogeneous 20
mixed 20
escalations
about 23
execution options 45
events, triggering workflow with 39
examples
animal tracking application 63
application components at work 24
AR System adaptability 13
service desk solution 12
execution options
about workflow 38, 40, 43
active link 43
Button/Menu Field 43
escalation 45
event-triggered 39
filter 43
Gain Focus 43
Hover 43
Lose Focus 43
Menu Choice 43
Modify 44
Service 44
Submit 44
Table Refresh 44
time-triggered 39
user-controlled 39, 44
Window Open 44
execution order
active link 44
filter 44
explicit access control groups 52
extending AR System 59
external data, working with 19
F
Federal Information Processing Standards (FIPS) 60
fields
about 28
application list 32
attachment 32
button 32
character 34
fields (continued)
common characteristics 33
control 32
core 33
data 28, 32
data visualization 32
database table columns and 29
display-only 32
label styles 34
menu items 32
navigation 32
panel 32
table 32
toolbar buttons 32
trim 32
types 32
view 32
file menus 34
filters
about 23
API calls and 39
execution options 43
execution order 44
guides 40
FIPS 60
Fixed licenses 57
Floating licenses 57
forms
about 21, 28
Alert List 16
applications and 35
consoles 35
data 29
database tables and 29
display-only 29
fields 28
home pages 32
join 29
main 35
menus 22
primary 35
regular 29
supporting 35
types 29
vendor 29
view 19, 29
views 21, 30
foundation products, AR System 60
FTS 60
Full Text Search 60
Index
97
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
G
Gain Focus execution option 43
groups
access control 50
computed 52
dynamic 52
explicit 52
implicit 52
local applications and 35
membership in access control 53
regular 52
server 18
guides
active link 40
filter 40
main forms 35
membership, access control group 53
Menu Choice execution option 43
menu item fields 32
menus
about 22, 34
character 34
data dictionary 35
file 34
search 34
SQL 35
Message action 42
mid tier
about 18
AR System architecture and 14
Migrator 17
mixed computing environments 20
Modified Date field 33
Modify execution option 44
multitiered access control 54
navigation fields 32
navigation, consoles and 35
Notify action 42
keywords 47
knowledge management products 17, 61
objects
See also custom objects, origin objects, overlaid
objects, overlays
Open Window action 42
OpenSSL Project 60
operating systems, AR System server 18
H
help desk products 61
heterogeneous computing environments 20
hierarchical access control 54
home pages 32
horizontal navigation fields 32
Hover execution options 43
L
label styles, field 34
98
Concepts Guide
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
origin objects
definition 23
overlay objects. See overlays
overlays
definition 23
overlays, about 23
P
panel fields 32
performance encryption 60
permissions. See access control
pools, license 57
predefined access control groups 52
premium encryption 60
primary forms 35
problem management products 61
Product Catalog 61
product support 3
Public access control group 52
Push Fields action 42
Q
qualifications 46
query-by-example (QBE) searches 19
R
Read licenses 56
records 21, 29
regular forms 29
regular groups 52
Request ID field 33
requests
about 21
creating 29
database table rows and 29
Restricted Read licenses 56
results list tables 32
roles
access control and 53
deployable applications and 35
Run Process action 42
S
search menus 34
searches
about 19
FTS 60
searches (continued)
query-by-example (QBE) 19
server tier 14
server-based workflow 39
servers
AR System 18
database 19
database platforms 19
groups 18
operating systems for AR System 18
Service action 43
service desks
example solution 12
products 61
Service execution option 44
service level management products 61
service request management products 61
servlet engines 18
Set Fields action 43
Short Description field 33
SLM 61
solutions 61
SQL menus 35
SRM 61
Standard BMC Remedy Encryption 60
Status field 33
Status History field 33
Sub Administrator access control group 52
Submit execution option 44
Submitter access control group 52
Submitter field 33
support, customer 3
supporting forms 35
T
table fields 32
Table Refresh execution option 44
tables, database 29
technical support 3
third-party products and AR System 62
tiers, AR System architecture 14
time, triggering workflow by 39
toolbar button fields 32
tree view tables 32
trim fields 32
U
user clients 16
user interfaces, AR System
browser 16
Index
99
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
user interfaces, AR System (continued)
Windows 16
users
controlling execution options 44
users, access control and 50
V
variables, keyword 47
vendor forms 29
vertical navigation fields 32
view fields 32
view forms 19, 29
views, form 21, 30
W
Window Open execution option 44
Windows, AR System user interface 16
workflow
See also actions, execution options
about 22, 37
actions 40, 41
AR System and 38
client-based 39
components compared 22, 38
event-triggered 39
execution options 38, 40, 43
guides 40
server-based 39
time-triggered 39
100
Concepts Guide
*183974*
*183974*
*183974*
*183974*
*183974*