Académique Documents
Professionnel Documents
Culture Documents
August 2010
www.bmc.com
If you have comments or suggestions about this documentation, contact Information Design and Development by
email at doc_feedback@bmc.com.
Support website
You can obtain technical support from BMC Software 24 hours a day, 7 days a week at http://www.bmc.com/support. From
this website, you can:
• Read overviews about support services and programs that BMC Software offers.
• Find the most current information about BMC Software products.
• Search a database for problems similar to yours and possible solutions.
• Order or download product documentation.
• Report a problem or ask a question.
• Subscribe to receive email notices when new product versions are released.
• Find worldwide BMC Software support center locations and contact information, including email addresses, fax numbers,
and telephone numbers.
This white paper discusses BMC recommended best practices for assigning BMC
Remedy application permissions (specifically for ITSM, SRM, RKM and SLM).
Note: The information in this white paper is based the permissions groups used in the
7.6.03 version of the BMC Remedy suite of applications.
Each of the BMC Remedy applications is made up of components and sub components.
The permissions groups are packaged or grouped together within these components. The
Permissions section of this paper describes the function of each of these components and
lists the permissions groups that are related to them.
For your reference, the following table lists the BMC Remedy applications with their
main components and sub components.
Applications
yd tn yd tn yd tn yd tn ec tn tn yd tn
e e e e e e e e iv e ) cei e e eg e
m m m m m tn m m m re m M
LS vr ts m m de m
eR eg eR eg eR eg eR eg eg eg eg
te an
eg
an ed an
m
el an S le an C
eS eu an ) eR l an )
C C na C ic C bo C C qe M C w
on M
M ss a M a M a M a M ve a M M a R a KR
B A M B hC M B nI M B rP M B L M B( B R M S( MB K M (
Main components
Asset
Inventory
X X X X X
Asset
Manage- X
ment
Change X
Release X
Incident X
Problem X
Request X X X X
BMC SLM X
RKM X
Sub-components
Activity X X X X
Financial X X X X
Foundation X X X X X* X X
ROI X X X X
Task X X X X X
* The Contract sub component is part of the Foundation sub component and is installed
with BMC Service Level Management (BMC SLM).
Note: In some cases, the functions from one permissions group are automatically granted
to another permissions group. For example, if you grant someone Incident User
permissions, you do not have to grant them Task User permissions. Incident User
permissions automatically inherit the functions of the Task User permissions. The
permissions list later in this white paper notes when this type of permission inheritance
occurs.
Functional Roles
The ITSM applications also support the concept of ‘Functional Roles.’ Functional roles
extend the access granted by the permissions groups and should not be confused with the
permissions groups themselves. You can assign functional roles only to support staff,
according to the support groups to which they belong.
For more information about functional roles, see Appendix A of the BMC Remedy IT
Service Management Administration Guide.
Permissions
Main Description
Components
Asset Inventory The Asset Inventory component is installed with most BMC
Remedy ITSM applications and lets you access CI information
within the CMDB.
Main Description
Components
It provides two key features:
• IT CI Lifecycle management, which allows users to manage
CIs through their lifecycle (that is, from requisition, to
deployment, to retirement).
• Inventory Management, which allows users to manage CIs
and bulk items in inventory.
When you are assigning permissions to users, the permissions
related to this component are found under the Asset Management
heading.
Main Description
Components
incidents requests, people
records, organizations and
support groups (they
cannot, however, create
relationships with other
CIs)
• read all CI data
Main Description
Components
• Task Manager
• Task User
• Purchasing User
• Contract Admin
• Contract User
• Contract Viewer
• Request Catalog Manager
Main Description
Components
Permissions Description App
Licence
Required
Asset Admin Users with Asset Admin
permissions can perform all of the
Asset Inventory functions as well
as the following Asset
Management functions:
• create, modify, and
administer contracts
• create and modify license
certificates from the
Service Activation
Management console
• create and modify CI
Unavailability records
(also referred to as Outage
records)
• manage configurations
• manage schedules
• manage costs
• perform bulk update
functions
• configure costing and An
charge back periods from application
the Application license is
Administration console required
This permission does not grant
access to purchasing or receiving
functions.
Main Description
Components
A person with Asset Admin
permissions does not need Asset
User and Asser Viewer
permissions.
Asset User Users with Asset User permissions
can perform all of the Asset
Inventory functions as well as the
following Asset Management
functions:
• create and modify
contracts
• create, modify, and delete
the following within a CI
record to which the user
has access (but they cannot
perform these functions
from the Asset
Management console):
- contracts
- configurations
- costs
- outages
- returns
- schedules
An
Asset Admin permission is application
required to access inventory license is
management and bulk update required
features.
Main Description
Components
SWLM, then they must also be
given Contract User permissions.
A person with Asser User
permissions does not need Asset
Viewer permissions.
Asset Viewer Users with Asset Viewer
permissions have access to all of
the Asset Inventory functions as
well as the following Asset
Management functions:
• read access to contracts
• read access to the
following areas within a CI
record:
- contracts
- configurations
- outages
- schedules
• Incident Master
• Problem User
• Problem Master
Main Description
Components
• Infrastructure Change User
• Infrastructure Change
Master
• Infrastructure Change
Config
• Release Config
• Release Master
• Release User
• Task Manager
• Task User
• Purchasing User
• Contract Admin
• Contract User
• Contract Viewer
• Request Catalog Manager
Main Description
Components
system (that is, to someone who
acts as an Application
Administrator).
Users with Asset Config
permission do not need Contract
Config permissions.
Purchasing Users with Purchasing User
User permissions can access the
following functions within the
BMC Remedy Asset Management
application:
• Create and modify
purchase requisitions that
are assigned to the user’s
support group (this
includes line items)
• Create and modify
purchase orders
This permission only grants access
to the purchasing functions
(excludes receiving) and does not An
provide any access to areas where application
an ‘Asset’ or ‘Contract’ type license is
permission are required. required
Best practice: Limit the use of
these permissions to individuals
who perform the following roles in
the Asset Management Purchasing
feature:
• Configuration
Administrator—these
individuals might must
submit purchase requests
issued through the Change
Management process
• Purchasing Agent
Main Description
Components
Management Purchasing feature,
for example, Purchasing Agents.
Contract Users with Contract Admin
Admin permissions can perform the
following functions:
• create and modify all
contracts from the Contract
console
• create and modify license
certificates from the SAM
console
• configure new Contract
Types from the
Application
Administration console
• manage license jobs from An
the SAM console application
license is
Best practice: Grant these required
permissions to people who need
full access to the Contract
Management features, but who
don’t need the
full Asset Management access
given by the Asset Admin
permissions group.
Main Description
Components
SAM console
Main Description
Components
permissions to individuals who
must only configure Software
Licence Management (SWLM)
features.
Typically, an Application
Administrator requires this set of
permissions.
Change The Change component is installed with the BMC Remedy Change
Management application. You use the Change component to plan,
schedule, implement, and track changes within your organization.
Management of the Change lifecycle is based on ITIL best practices
for Change Management.
Main Description
Components
playing a Change Manager role
and who require full access to all
Change requests.
Main Description
Components
Change Manager
Group, or both
• access to the Product
Catalog console
Main Description
Components
cannot submit or modify change
requests.
Change Management
Configuration functions:
• configure the Change
Calendar
• configure the Change
Prioritization values
• configure the Process Flow
next stage status transitions
• configure the Change rules
(general field enforcement
and notification rules) An
• configure the Change Risk application
factors license is
• configure the Change required
Templates
Foundation functions:
• configure the Approval
Process
• register applications that
will use Command
Automation Interface, or
CAI (advanced feature)
• Define commands,
command parameters and
command parameter
mappings for the CAI
(advanced feature)
• KPI – configure the
Main Description
Components
Flashboard parameters
• KPI – configure and
register the KPI titles
(advanced option)
Requestor console:
• Create and update the
Summary Definitions
Main Description
Components
• modify all release requests
independently of any
functional roles or support
group affiliations
• create and modify approval
mappings
• create and modify Release
templates (modification of
templates is restricted to
templates where user is a
member of the Authoring
Group)
• modify, in a restricted
An
way, release requests
application
based on functional roles
license is
and support group
required
affiliations
Main Description
Components
member of the Release
Coordinator Group.
Activity component: An
application
• configure Activity rules
license is
• configure Activity
required
Templates
Change Management component
• configure Change
Calendar
Main Description
Components
Foundation component
• KPI – configure
Flashboard parameters
• KPI – configure and
register KPI titles
(advanced option)
Release component
• configure milestone phases
and exit criteria
• configure Release
Prioritization values
• configure Release rules
• configure Approval
mappings
• configure Release
Templates
Main Description
Components
following functions: license is
• create incidents required
• modify all incidents
independently of any
functional roles or support
group affiliations
• view Incident templates
• configure Cost Category,
Cost Center information,
Cost Rate templates and
Financial rules as well as
Chargeback periods
Main Description
Components
functional roles and
support group affiliations
(that is you must be a
member or either the
Assigned or Owner Group
to have modify access to
the Incidents with this
permission)
• view Incident templates
Main Description
Components
‘User’ permissions are required if
the person needs modification
access).
Users with these permissions must
also belong to a Support Group to
open the Incident form.
Incident Users with Incident Viewer
Viewer permission can query all incidents.
They cannot submit or modify
incidents.
Main Description
Components
(can create and modify all
templates regardless of
Authoring group affiliation)
Foundation component
• KPI – configure
Flashboard parameters
• KPI – configure and
register KPI titles
(advanced option)
Requestor component
• Create and update
Summary Definitions
Main Description
Components
• access the Product Catalog
console
Main Description
Components
Problem Coordinator
Functional Role can
modify only Problem
Investigations and
Known Errors where
they belong to the
Problem Coordinator
Group
• modify solution database
records based on support
group affiliations
• access the Product Catalog
console
• Group Coordinator or a
Specialist within the
Incident and Problem
Management processes
• Change Coordinator
• Release Coordinator
• Availability Manager
• Capacity Manager
Main Description
Components
Best practice: Grant these
permissions to individuals who
must submit and view Problem
Investigations, Known Errors and
Solution Database records.
Typically, you give these
permissions to any of the roles
mentioned in the preceding list of
Problem User permissions (take
note that ‘User’ permissions are
required when the user needs
modification access).
Users with these permissions must
also belong to a Support Group to
open the Problem forms.
Problem Users with Problem Viewer
Viewer permissions can query all problem
investigation, known error and
solution database records.
They cannot submit or modify
problem investigation, known error
and solution database records.
Main Description
Components
Urgency values
• configure Problem Priority
weight ranges
• configure Problem
Prioritization
• configure Problem rules
(general field enforcement
and assignment rules)
Main Description
Components
processes. The previously mentioned interface is referred to as
the Requestor console. Users of the Requestor console do not
must be granted permissions. The permissions listed below are
for administrating the Requestor console.
Main Description
Components
Best practice: Grant these
permissions to individuals
requiring access to configure the
previously mentioned component
functions. Typically, you grant
these permissions to someone
playing the role of an Application
Administrator.
Request (with The Request component gets installed when the BMC Service
SRM) Request Management (SRM) application is installed.
Main Description
Components
replaced with the SRM version.
Main Description
Components
responsibilities include monitoring
the current number of open and
late requests, approving requests,
running request reports, and
examining request trends.
Entitlement Users with Entitlement
Administrator Administrator permission can
perform the following functions:
• configure Entitlement rules
for SRDs
• configure Entitlement
groups No
application
Best practice: Grant these license is
permissions to individuals required
requiring access to configure the
previously mentioned component
functions. Typically, you grant
these permissions to someone
playing the role of an Application
Administrator.
Request Users with Request Catalog
Catalog Manager permission can perform
Manager the following functions:
• create Service Requests
Definitions (SRD) using
the Service Request
Designer
• view and update SRDs
using the Service Request
Designer
• manage (create, update and
delete) SRDs and Process No
Definition Templates application
(PDTs) using the Service license is
Catalog Manager console required
Note: Users with these permissions
have access to the Service
Requests Definition and Process
Definition forms accessible
from the console.
Main Description
Components
permissions to individuals
performing the role of a Service
Catalog Manager responsible for
defining SRDs and PDTs (the
fulfillment process definitions
within the service catalog). Service
Catalog Managers work closely
with business relationship
managers (liaisons between the
business and IT) to build and
implement the requests from the
business.
Service Users with Service Request User
Request User permission can perform the
following functions:
• manage Service Requests
using the Service Request
Coordinator console
Main Description
Components
definition settings
• configure Service Request
HTML
• configure Surveys
Application Configuration:
• define Application fields
• define Application Object
Template
• defined Application Target
data
• define Questions Library
Approval settings:
• configure Approval Chains
• configure Approval
Mappings
Entitlement settings:
• configure Entitlement rules
for SRDs
• configure Entitlement
groups
• configure On Behalf of rules
Navigational Category settings:
• configure Navigation
categories
Request Entry Management
settings:
• configure Default console
preferences
• manage Service Request
Definition images
• configure Service Request
images
• configure Service Request
Search Exclusion word list
SRD Level setting:
• setup SRD levels
BMC SLM setting:
• Configure the defaults for
Service Target for SRDs.
Work Order settings:
• configure Work Order rules
• configure Work Order
templates
Foundation component
• setup Approval
Application Registration to
allow parallel processes
based on form name
• configure Approval
Process phases
Main Description
Components
• register applications that
will use CAI (advanced
feature)
• Define commands,
command parameters and
command parameter
mappings for the CAI
(advanced feature)
Main Description
Components
permissions to individuals
requiring access to configure the
previously mentioned component
functions. Typically, you grant
these permissions to someone
playing the role of an Application
Administrator.
Work Order Users with Work Order Master
Master permission can perform the
following functions:
• create, manage and fulfill
Work Orders using the
Work Order console
• access to the Product
Catalog console
No
Note: The Work Order Manager application
functional role is required to be license is
assigned as the Work Order required
Manager and the Work Order
Assignee functional role is
required to be assigned as the
Work Order Assignee
Main Description
Components
Asset Management component
(Asset Management must be
installed)
Main Description
Components
data regardless of any
Company restrictions).
This role does not include
rights to the Application
Administration console
• view SLM Dashboards
Main Description
Components
service targets from the
Service Level Manager
console
• view BMC SLM
Dashboards
SLM components
• create, modify, delete, and
view agreements, service
targets and contracts from
the Service Level Manager
console An
• view SLM Dashboards application
license is
SLM Configuration components required
Configure Application Settings
• configure Agreement
Owner lists to receive
notifications
• configure Contracts Menu
Items
• configure Data Source and
applications to work with
Service Target
Main Description
Components
• configure custom Goal
Types
• manual update of SLA
Compliance
• configure SLM
preferences
• configure retroactive
update of Measurement
data
• configure the Review
Periods for Compliance
Performance
• configure custom SLM
comments
• configure Service Target
Group assignment
• configure Templates
Configure Business Time
• configure Business Time
Entity and Segments
Configure collector module
properties
• configure Bulk
Performance Manager
Nodes
• configure Collection
Nodes
• configure Collection
Points
Configure Defaults for Service
Target and Agreement
• configure Agreement
Defaults
• configure Service Target
Defaults
Import and Export various
application definitions and data
• Import and Export
Main Description
Components
system component, which is
installed with the Foundation
component):
Main Description
Components
update all draft articles; however required
they cannot publish or retire
articles.
Main Description
Components
Activity User Users with Activity User
permission can create and modify
all activities
Activity component
• configure Activity rules
No
• configure Activity
application
Templates
license is
required
Task Management System
component
Assignment settings:
• configure Task
Assignment mappings
Integration settings:
• configure applications that
Main Description
Components
integrate with Task
Management System
• configure phase
management functionality
for those applications that
integrate with Task
Management System
• configure Task Status and
Status Reason values for
application return codes
Task Configuration settings:
• configure Task Group
Templates
• configure Task Templates
• configure Variable
Templates
Main Description
Components
• configure cost categories required
• configure Cost Center
information
• configure Cost Rate
templates
• configure Financial rules
• configure Chargeback
periods
Best practice: Grant these
permissions to individuals
performing the role of a Financial
Manager or IT Controller. Also
grant them to Application
Administrators.
The following permissions
automatically inherit the Cost
Manager permissions rights:
• Asset Admin
• Incident Master
• Problem Master
Main Description
Components
• Release User
• Incident User
• Problem User
Main Description
Components
by all applications. These data structures include Company,
Organization, Location, Support Groups, People, Categorization and
Product Catalog information. Foundation is also used to configure
the AR Approval, Assignment, and the BMC Remedy ITSM
Notification engine.
Among the permission listed below are four key permissions that
give configuration access to the main data structures of the BMC
Remedy ITSM applications. These permissions are needed when
starting the configuration process and include:
• Config Categorization Admin (used to configure the main
categorization data structures)
• Config Group Mapping Admin (used to configure
assignment routing mappings)
• Contact Location Admin (used to configure the Company
and Location data strictures)
• Contact Organization Admin (used to configure the
Company, Organization and People data structures)
For more information, see the BMC Remedy IT Service Management
Administration Guide.
Approval Users with Approval Admin
Admin permissions can access the BMC
Remedy Approval Server
administration console. The
Approval Server comes with the
BMC Action Request System
platform and is installed
independently of the BMC
Remedy ITSM applications.
No
Best practice: You must also be a
application
registered and active Process
license is
Administrator with Full Admin
required
authority or an AR System
Administrator to access the BMC
Remedy Approval Server
administration console. Typically,
these permissions are needed only
if you are extending or customizing
the out-of-the-box approval server
configurations. These permissions
are not needed to manage the BMC
Remedy ITSM applications
Main Description
Components
Approval Mappings.
ASE- Users with ASE-Administrator
Administrator permission have configuration
access to the BMC Remedy
Assignment Engine. The BMC
Remedy Assignment Engine comes
with the BMC Action Request
System platform and is installed
independently of the BMC
No
Remedy ITSM applications.
application
license is
Best practice: Typically, these
required
permissions are only needed if you
are extending or customizing the
out-of-the-box assignment engine
configuration options. These
permissions are not needed to
manage the BMC Remedy ITSM
applications Assignment
Mappings.
Command Users with Command Event
Event Master Master permission can perform the
following functions:
• register applications that
use CA) - an advanced
feature)
• Define commands,
command parameters and
command parameter
mappings for the CAI - an
No
advanced feature
application
license is
Best practice: The Infrastructure
required
Change Config and the SRM
Administrator permissions also
grant access to the same two
functions in the preceding list.
Users with these permissions do
not need the Command Event
Master permission. Typically,
these permissions are needed only
if you are extending or customizing
the CAI plug-in.
Config Users with Config Categorization
No
Categorization Admin permission can perform the
application
Admin following functions:
license is
• configure catalog
required
mappings
Main Description
Components
• configure generic catalog
structures (for example,
the Resolution Category
and Root Cause categories)
• configure operational
categories
• configure product
categories
• access the product catalog
console
Main Description
Components
BMC Remedy ITSM applications
Contact Users with Contact Organization
Organization Admin permission can perform the
Admin following functions that span the
following three components:
Foundation component
Organization data:
• create and modify
company data
• create and modify support
group data
People data:
• create and modify all
people records (full access
to people data including
both support and non-
support staff excluding
access to HR specific
attributes)
• access the people
management console to
perform bulk updates
• perform support company No
access configuration application
• configure people templates license is
• access the product catalog required
console
Main Description
Components
Organization Admin
permissions do not need Contact
Support Admin, Contact People
Admin and Contact People User
permissions.
Foundation component
• create and modify all
people records (full access
to people data including
both support and non-
support staff excluding
access to HR specific
attributes)
• access the people
management console to
perform bulk updates
No
• configure people templates
application
license is
Change Management component
required
(when Change component is
installed)
• configure approval
mappings
Main Description
Components
support staff people
records, nor does it give
access to HR specific
attributes)
• access the people
management console to
perform bulk updates
Main Description
Components
User permissions are superseded
by the Contact Organization
Admin, Contact Support Admin
and Contact People Admin
permissions.
DSL Master Users with DSL Master
permissions can perform the
following functions from the
Product Catalog console:
• create products and suites
• create patch files
• create SLIs
Main Description
Components
• Contact Organization
Admin
• Contact Support Admin
• Contact People Admin
• Contact People User.
Main Description
Components
For more information, see the BMC Remedy Incident Management
User Guide.
ROI Admin Users with ROI Admin
permissions can perform the
following functions:
• configure ROI metric
thresholds used by the ROI
console
No
• access the ROI console
application
license is
Best practice: Grant these
required
permissions to individuals who
play the role of an IT Manager who
needs to determine how much
money their operational areas save
by using the BMC Remedy ITSM
applications.
ROI Viewer Users with ROI Viewer
permissions can access the ROI
console.
No
Best practice: Grant these application
permissions to individuals that license is
need to know how much money required
their operational areas save by
using the BMC Remedy ITSM
applications.
Task The Task Management System is a sub component that is installed
with the BMC Remedy Incident Management, BMC Remedy
Problem Management, BMC Remedy Change Management, and
BMC Service Request Management applications. The Task
component is used with the other applications (for example,
Incident, Change, and so on) to create a task that must be completed
as a step in an overall process.
Main Description
Components
Management System
• configure phase
management functionality
for those applications that
integrate with Task
Management System
• configure Task Status and
Status Reason values for
application return codes
Task Configuration settings
• configure Task Group
Templates
• configure Task Templates
• configure Variable
Templates
Main Description
Components
command parameter
mappings for the CAI
(advanced feature)
Main Description
Components
permissions have access to updated application
records. license is
required
Best practice: The following
permissions automatically inherit
the Task Manager permissions
• Task Administrator
• Infrastructure Change
Master
• Infrastructure Change User
Incident Master
• Problem Master
Foundation component
• register applications that
will use CAI (advanced
feature)
• Define commands,
command parameters and
command parameter
mappings for the CAI
(advanced feature)
No
Task Management components application
Assignment settings: license is
• configure Task required
Assignment mappings
Task Configuration settings:
• configure Task Group
Templates
• configure Task Templates
• configure Variable
Templates
Main Description
Components
Process Config permissions to
Application Administrators.
Typically, the Task Process Config
permission is granted to users that
need some of the functions given
by Task Administrator permission.
Task User Users with Task User permissions
have access to updated records.
The following table is organized by Application, Role, and the permissions combination
recommended for the role.
Application Role Permissions combination
Asset Management Configuration • Asset Admin
Administrator • Contract Admin
• Purchasing User
(needed only if you use
the Purchasing module)
• Incident Viewer
• Problem Viewer
• Release Viewer
• Infrastructure Change
Viewer
• Knowledge Viewer
Optional permissions
• Contact Organization
Admin
This permission is needed
only when the user must
create Support Groups that
manage CIs. Otherwise,
grant them the functional
role of ‘Support Group
Admin’.
• Contact Categorization
Admin
This permission is needed
only if the user must create
and update the Product
Categorization data
structures for the CI data.
• Infrastructure Change
Coordinator
• Infrastructure Change
Manager
• Release Coordinator
• Infrastructure Change
User
• Release Viewer
• Contract Viewer
• Asset Viewer
• Knowledge Viewer
• Incident Viewer
• Infrastructure Change
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
• Knowledge User
Functional Role
You must assign this
functional role to the user in
addition to the permissions.
• Problem Coordinator
When you assign permissions, it is important to use only the minimum number of
permissions that allow the person to perform their job. BMC strongly recommends that
you have only one set of permissions combinations for any given role. As illustrated by
the preceding examples, there is only a few key permissions that a general application
user needs to perform their duties.
The remaining permissions control access to the application configuration functions and
are typically assigned either to an Application Administrator or an Application Process
Owner. These permissions are described in the following table.