Remedy Applicatin Permissions

White Paper
BMC Remedy Application

Permissions: Best Practices
August 2010
www.bmc.com
BMC Software, Inc., Confidential

Contacting BMC Software
You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain
information about the company, its products, corporate offices, special events, and career opportunities.
United States and Canada
Address BMC SOFTWARE INC Telephone 713 918 8800 Fax 713 918 8000
2101 CITYWEST BLVD or 800 841 2031
HOUSTON TX 77042-2827 USA
Outside United States and Canada
Telephone (01) 713 918 8800 Fax (01) 713 918 8000
If you have comments or suggestions about this documentation, contact Information Design and Development by
email at doc_feedback@bmc.com.
© Copyright 2009 BMC Software, Inc.

BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S.
Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service
marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered
trademarks are the property of their respective owners.
ITIL® is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in
the U.S. Patent and Trademark Office, and is used here by BMC Software, Inc., under license from and with the permission of
OGC.
IT Infrastructure Library® is a registered trademark of the Office of Government Commerce and is used here by BMC Software,
Inc., under license from and with the permission of OGC.
The information included in this documentation is the proprietary and confidential information of BMC Software, Inc., its affiliates,
or licensors. Your use of this information is subject to the terms and conditions of the applicable End User License agreement for
the product and to the proprietary and restricted rights notices included in the product documentation.
Restricted Rights Legend
U.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT
LAWS OF THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is
subject to restrictions, as applicable, set forth in FAR Section 52.227-14, DFARS 252.227-7013, DFARS 252.227-7014, DFARS
252.227-7015, and DFARS 252.227-7025, as amended from time to time. Contractor/Manufacturer is BMC Software, Inc., 2101
CityWest Blvd., Houston, TX 77042-2827, USA. Any contract notices should be sent to this address.

Customer Support
You can obtain technical support by using the Support page on the BMC Software website or by contacting Customer Support by
telephone or email. To expedite your inquiry, please see “Before Contacting BMC Software.”
Support website
You can obtain technical support from BMC Software 24 hours a day, 7 days a week at http://www.bmc.com/support. From
this website, you can:
• Read overviews about support services and programs that BMC Software offers.
• Find the most current information about BMC Software products.
• Search a database for problems similar to yours and possible solutions.
• Order or download product documentation.
• Report a problem or ask a question.
• Subscribe to receive email notices when new product versions are released.
• Find worldwide BMC Software support center locations and contact information, including email addresses, fax numbers,
and telephone numbers.
Support by telephone or email

In the United States and Canada, if you need technical support and do not have access to the Web, call 800 537 1813 or send an
email message to customer_support@bmc.com. (In the Subject line, enter SupID:<yourSupportContractID>, such
as SupID:12345.) Outside the United States and Canada, contact your local support center for assistance.
Before contacting BMC Software

Have the following information available so that Customer Support can begin working on your issue immediately:
• Product information
o Product name
o Product version (release number)
o License number and password (trial or permanent)
• Operating system and environment information
o Machine type
o Operating system type, version, and service pack
o System hardware configuration
o Serial numbers
o Related software (database, application, and communication) including type, version, and service pack or
maintenance level
• Sequence of events leading to the problem
• Commands and options that you used
• Messages received (and the time and date that you received them)
o Product error messages
o Messages from the operating system, such as file system full
o Messages from related software

License key and password information
If you have a question about your license key or password, contact Customer Support through one of the following methods:
• E-mail customer_support@bmc.com. (In the Subject line, enter SupID:<yourSupportContractID>, such as
SupID:12345.)
• In the United States and Canada, call 800 537 1813. Outside the United States and Canada, contact your local support
center for assistance.
• Submit a new issue at http://www.bmc.com/support.

Contents
BMC Remedy application permissions groups ......................................................... 7
Permissions group hierarchy ................................................................................. 8
Functional Roles .................................................................................................... 9
Permissions ............................................................................................................ 9
Typical permissions combination setups ................................................................. 66

White paper
BMC Remedy Application Permissions: Best Practices
This white paper discusses BMC recommended best practices for assigning BMC
Remedy application permissions (specifically for ITSM, SRM, RKM and SLM).
The discussion covers the following subjects:

• permissions groups
• permission model hierarchy
• functional roles
• best practices— mapping permissions to the BMC Service Management
Process Model (SMPM)—where applicable
• best practices—permissions group definitions
Note: The information in this white paper is based the permissions groups used in the
7.6.03 version of the BMC Remedy suite of applications.
BMC Remedy application permissions groups

BMC Remedy applications use the concept of permissions groups to control access to
their various forms, consoles, and functions. By using a limited number of role-based
permissions groups, you can simplify the creation of mid tier pre-cache files and ease the
permission model administration.
Each of the BMC Remedy applications is made up of components and sub components.
The permissions groups are packaged or grouped together within these components. The
Permissions section of this paper describes the function of each of these components and
lists the permissions groups that are related to them.
BMC Remedy Application Permissions: Best Practices 7

White paper
For your reference, the following table lists the BMC Remedy applications with their
main components and sub components.
Applications
yd tn yd tn yd tn yd tn ec tn tn yd tn
e e e e e e e e iv e ) cei e e eg e
m m m m m tn m m m re m M
LS vr ts m m de m
eR eg eR eg eR eg eR eg eg eg eg
te an
eg
an ed an
m
el an S le an C
eS eu an ) eR l an )
C C na C ic C bo C C qe M C w
on M
M ss a M a M a M a M ve a M M a R a KR
B A M B hC M B nI M B rP M B L M B( B R M S( MB K M (
Main components
Asset
Inventory
X X X X X
Asset
Manage- X
ment
Change X
Release X
Incident X
Problem X
Request X X X X
BMC SLM X
RKM X
Sub-components
Activity X X X X
Financial X X X X
Foundation X X X X X* X X
ROI X X X X
Task X X X X X
* The Contract sub component is part of the Foundation sub component and is installed
with BMC Service Level Management (BMC SLM).
Permissions group hierarchy

There is a hierarchical relationship among the BMC Remedy application permissions
groups. The following table lists the permissions groups from greatest to least access.
Permissions group Access level
Admin The Admin and the Master permissions
or groups are at the top of the hierarchy. They
Master grant users the highest level of access
within a given application component.
This permissions group typically includes
the ability to create and modify all records
within the component.
Admin or Master permissions group access
supersedes the User permissions group.
User Grants users the standard level of access
within a given application component.
This permissions group typically includes
the ability to create and modify records.
8 BMC Remedy Application Permissions: Best Practices

Permissions group Access level

There are, however, some limitations
imposed when modifying records. These
limitations are described in more detail in
the Permissions section, later in this white
paper.
User permissions group access supersedes
the Submitter permissions group.
Submitter Grants users permission to create records
but not to modify them. This permission
does not require an application license.
Submitter permissions groups access
supersedes the Viewer permissions group.
Viewer Grants users read access within a given
application component. This permission
does not require an application license.
Each higher-level permissions group grants all of the access rights of the permissions
groups below it in the hierarchy. For example, if you assign someone to the Change
Admin permissions group, you do not have to assign them to the Change User
permissions group. As a member of the Admin permissions group, they automatically
have User permissions, and so on.
If you do assign a user to more than one permissions group for the same application
component, you create a variance in the recommended permission combinations. These
permission combinations are discussed later in this white paper.
Note: In some cases, the functions from one permissions group are automatically granted
to another permissions group. For example, if you grant someone Incident User
permissions, you do not have to grant them Task User permissions. Incident User
permissions automatically inherit the functions of the Task User permissions. The
permissions list later in this white paper notes when this type of permission inheritance
occurs.
Functional Roles
The ITSM applications also support the concept of ‘Functional Roles.’ Functional roles
extend the access granted by the permissions groups and should not be confused with the
permissions groups themselves. You can assign functional roles only to support staff,
according to the support groups to which they belong.
For more information about functional roles, see Appendix A of the BMC Remedy IT
Service Management Administration Guide.
Permissions
Main Description
Components
Asset Inventory The Asset Inventory component is installed with most BMC
Remedy ITSM applications and lets you access CI information
within the CMDB.

White paper
Main Description
Components
It provides two key features:
• IT CI Lifecycle management, which allows users to manage
CIs through their lifecycle (that is, from requisition, to
deployment, to retirement).
• Inventory Management, which allows users to manage CIs
and bulk items in inventory.
When you are assigning permissions to users, the permissions
related to this component are found under the Asset Management
heading.
For more information, see the BMC Remedy Asset Management

User Guide.
Note: The information about the four Asset Inventory component

permissions also applies to the BMC Remedy Asset Management
application. This means that when BMC Remedy Asset
Management is installed, users with these permissions also
inherit access to the features described in the Asset Management
section below.
Permissions Description Application

Licence
Required?
Asset Admin Users with Asset Admin
permission can perform following
functions:
• create and modify all CI
data
• create CI relationships (to
other CIs and well as
People, Organizations and
Support Groups) No
• manage CI’s in Inventory application
license is
Best practice: Limit the use of required
these permissions to individuals
with a Configuration Administrator
role. Asset Admin supersedes the
Asset User and Asser Viewer
permissions group. Users with
Asset Admin permissions do not
need Asset User or Asset Viewer
permissions.
Asset User Users with Asset User permissions No
can: application
• modify CI data license is
• create CI relationships required
with other records such as

Main Description
Components
incidents requests, people
records, organizations and
support groups (they
cannot, however, create
relationships with other
CIs)
• read all CI data
Note: The permission allows users

to modify only the data of CIs for
which they have been granted
update access. Update access is
granted by relating a CI to one or
more of the user`s Support Groups.
For more information about
granting access to CI data, see the
BMC Remedy IT Service
Management Administration
Guide.
Best practice: Limit the use of

who are directly supporting
specific CIs and who must update
CI attributes and relationships.
Users with Asset User permissions
do not need Asset Viewer
permissions.
Asset Viewer Users with Asset Viewer No
permission can view all CI data. application
license is
The Asset Viewer permission is required
automatically granted when any of
the following permissions are
granted:
• Incident Master
• Problem User
• Problem Master
• Infrastructure Change User
• Infrastructure Change
Master
Config
• Release Config
• Release Master
• Release User

White paper
Main Description
Components
• Task Manager
• Task User
• Purchasing User
• Contract Admin
• Contract User
• Contract Viewer
• Request Catalog Manager
Best practice: Grant these

permissions to all Support
personnel. Having access to CI
information is vital for most IT
Infrastructure Library (ITIL)
processes.
Asset Config Users with Asset Config No
permissions can configure the application
follow areas within the Asset license is
Inventory component: required
• Asset Management
settings
• Bulk CI Reorder Level and
Lead Time Specifications
They can also perform CI deletion
functions.

permissions only to individuals
who must configure the Asset
Inventory component functions.
Typically, these people fill the role
of an Application Administrator.
Asset The Asset Management component is installed with the BMC
Management Remedy Asset Management application. This component enables
the following Asset management functions:
• CI Configurations
• CI Scheduling (specifically, maintenance and audit
schedules)
• CI Costing
• CI Unavailability or Outages
This component also enables the performance of specific Bulk
Update functions against CIs.
The following modules are also installed:
• Purchasing
• Contract Management
• Software Licence Management
For more information, see the BMC Remedy Asset Management
User Guide.

Main Description
Components
Permissions Description App
Licence
Required
Asset Admin Users with Asset Admin
permissions can perform all of the
Asset Inventory functions as well
as the following Asset
Management functions:
• create, modify, and
administer contracts
• create and modify license
certificates from the
Service Activation
Management console
• create and modify CI
Unavailability records
(also referred to as Outage
records)
• manage configurations
• manage schedules
• manage costs
• perform bulk update
functions
• configure costing and An
charge back periods from application
the Application license is
Administration console required
This permission does not grant
access to purchasing or receiving
functions.

playing a Configuration
Administrator role.
Users with Asset Admin
permission have full access to
contracts and SWLM features,
which means they do not need any
other Contract permissions unless
they must create new Contract
Types (this ability is given with
Contract Admin permissions) or
configure certain aspects of
SWLM (this ability is given with
Contract Config permissions).

White paper
Main Description
Components
A person with Asset Admin
permissions does not need Asset
User and Asser Viewer
permissions.
Asset User Users with Asset User permissions
can perform all of the Asset
Inventory functions as well as the
following Asset Management
functions:
• create and modify
contracts
• create, modify, and delete
the following within a CI
record to which the user
has access (but they cannot
perform these functions
from the Asset
Management console):
- contracts
- configurations
- costs
- outages
- returns
- schedules
An
Asset Admin permission is application
required to access inventory license is
management and bulk update required
features.

access to the following functions:
• inventory management
• bulk update
• purchasing
• receiving

permissions to individuals who are
directly supporting specific CIs
and who must update CI attributes
and relationships.
The Asset User permissions do not
have equivalent permissions to the
Contract User permissions group.
If a user requires the ability to
either modify license certificates or
manage License jobs as part of

Main Description
Components
SWLM, then they must also be
given Contract User permissions.
A person with Asser User
permissions does not need Asset
Viewer permissions.
Asset Viewer Users with Asset Viewer
permissions have access to all of
the Asset Inventory functions as
well as the following Asset
• read access to contracts
• read access to the
following areas within a CI
record:
- contracts
- configurations
- outages
- schedules

access to:
• inventory management
• bulk update
• cost management
• purchasing No
• receiving functions application
• the Software Asset license is
required
Management console

permissions to all Support
personnel (that is, users who do not
already have the Asset Admin or
Asset User permissions). Having
access to CI information is vital for
most ITIL processes.
Note: Asset Viewer permissions

are automatically granted when
assigning any of the following
permissions:
Incident User
• Incident Master
• Problem User
• Problem Master

White paper
Main Description
Components
Master
Config
• Release Config
• Release Master
• Release User
• Task Manager
• Task User
• Purchasing User
• Contract Admin
• Contract User
• Contract Viewer
Asset Config Users with Asset Config

permission have access to all of the
Asset Inventory functions as well
as the following Asset
• configuring CI
depreciation criteria
• configuring CI
notifications
• configuring CI
Unavailability status
• configuring License Types
• configure Inbox
An
preferences for SWLM
application
• configuring License license is
Engine for SWLM required
• configuring Asset
Management rules
• configuring CI
Unavailability priority
• setting up server info for
AR System License Type
for Software License
Management (SWLM)

who administer the Asset
Inventory and Asset Management

Main Description
Components
system (that is, to someone who
acts as an Application
Administrator).
Users with Asset Config
permission do not need Contract
Config permissions.
Purchasing Users with Purchasing User
User permissions can access the
following functions within the
BMC Remedy Asset Management
application:
• Create and modify
purchase requisitions that
are assigned to the user’s
support group (this
includes line items)
• Create and modify
purchase orders
This permission only grants access
to the purchasing functions
(excludes receiving) and does not An
provide any access to areas where application
an ‘Asset’ or ‘Contract’ type license is
permission are required. required
who perform the following roles in
the Asset Management Purchasing
feature:
• Configuration
Administrator—these
individuals might must
submit purchase requests
issued through the Change
Management process
• Purchasing Agent
Receiving User Users with Receiving User

permissions can access the
Receiving console to receive CIs
No
from the Purchasing system.
application
license is
Best practice: These permissions
required
grant access only to the receiving
functions. Therefore, grant them
only to people who use the Asset

White paper
Main Description
Components
Management Purchasing feature,
for example, Purchasing Agents.
Contract Users with Contract Admin
Admin permissions can perform the
following functions:
• create and modify all
contracts from the Contract
console
certificates from the SAM
console
• configure new Contract
Types from the
Application
Administration console
• manage license jobs from An
the SAM console application
license is
Best practice: Grant these required
permissions to people who need
full access to the Contract
Management features, but who
don’t need the
full Asset Management access
given by the Asset Admin
permissions group.
Note: a user with the Asset Admin

permission can do everything
that a user with Contract Admin
permission with the exception of
creating new Contract Types.
Contract User Users with Contract User

permissions can perform the
• modify public contracts
from the Contract console
• modify internal contracts
An
from the Contract console
application
(if the user belongs to the
license is
Support Group that
required
manages the contract)
certificates for contracts
they have access to from
the SAM console
• Manage license jobs from

Main Description
Components
SAM console

permissions to individuals who
need controlled access to create
and modify contracts, but who do
not require access to modify CI
information. If a user is also needs
to modify CI information, you
should also give them Asset User
permissions.
Contract Users with Contract Viewer No
Viewer permission can view all contracts application
from the Contract console. license is
required
access to the SAM console.

require view access to contracts.
Note: The Asset Viewer

permission grants the same type
of access to contracts and CI
information as the Contract
Viewer permission.
Users with Asset Viewer

permissions do not also need
Contract Viewer permissions.
Contract Users with Contract Config An
Config permission can perform the application
following functions: license is
• configure License Types required
• configure Inbox
preferences for SWLM
• configure the License
Engine for SWLM
• configure Asset
Management rules
• set up a server information
for the AR System License
Type for SWLM
access to the SAM console.

White paper
Main Description
Components
must only configure Software
Licence Management (SWLM)
features.
Note: If a user has Asset Config

permission they do not need
Contract Config permissions.
This is because, the Asset
Config permissions group can
configure the same SWLM
features that the Contract Config
permissions can configure.
Typically, an Application
Administrator requires this set of
permissions.
Change The Change component is installed with the BMC Remedy Change
Management application. You use the Change component to plan,
schedule, implement, and track changes within your organization.
Management of the Change lifecycle is based on ITIL best practices
for Change Management.
For more information, see the BMC Remedy Change Management

User Guide.
Permissions Description App

Licence
Required
Infrastructure Users with Infrastructure Change
Change Master Master permission can perform the
• create change request
• modify all change requests
and tasks independently of
any functional roles or
support group affiliations
• create and modify approval An
mappings application
• create and modify Change license is
templates (modification of
required
templates is restricted to
those templates where the
user is a member of the
Authoring Group)
• access the Product Catalog
console


Main Description
Components
playing a Change Manager role
and who require full access to all
Change requests.
Note: The Master permissions

groups should be granted in a
limited fashion and only to key
personnel who own a process or
who have full control over
schedules, in the case of Change
Management.

Change User User permission can perform the
• create change request
• modify, with restrictions,
change requests and tasks
based on functional roles
and support group
affiliations:
- A user with these
permissions and no
Change Management
Functional roles can
only modify Changes
where they are the
Requestor or they
belong to the Change
An
Implementer Group
application
- A user with these license is
permissions and the required
Change Coordinator
Functional role can
only modify Changes
where they are the
Requestor or they
belong to the Change
Implementer or Change
Coordinator Group, or
both
- A user with these
permissions and the
Change Manager
functional role can only
modify Changes where
they are the Requestor
or they belong to the
Change Implementer or

White paper
Main Description
Components
Change Manager
Group, or both
• access to the Product
Catalog console

permissions to individuals
performing the role of a Change
Manager, Change Coordinator or
Change Implementer within the
Change Management process.
Also grant these permissions to
users who play the role of a Group
Coordinator within the Incident or
Problem Management processes,
or both. These people might need
to create and modify Changes that
result from Incidents, Problems or
Known Errors.
Additionally, these permissions
should be grated to users who play
the role of a Continuity Manager.
Change Submit Submit permission can perform the
• create and query all change
requests
console
Users with these permissions No
cannot modify change requests. application
license is
Best practice: Grant these required
must submit and view change
requests. Typically, these
permissions are given to Problem
Coordinators and IT Specialists,
who often must create Change
requests.
Change Viewer Viewer permission can perform the
following functions: No
• query all change requests application
• access to the Product license is
Catalog console required
Users with these permissions

Main Description
Components
cannot submit or modify change
requests.

need only read access to view
change requests. Typically, these
permissions should be given to
most ITSM applications users (that
is, users who do not already have
the ‘Master’, ‘User’ or ‘Submitter’
permissions) for them to access
information about changes being
made to your infrastructure.
Change Config Config permission can perform
functions that include the
following four components:
Change Management
Configuration functions:
• configure the Change
Calendar
• configure the Change
Prioritization values
• configure the Process Flow
next stage status transitions
• configure the Change rules
(general field enforcement
and notification rules) An
• configure the Change Risk application
factors license is
• configure the Change required
Templates
Foundation functions:
• configure the Approval
Process
• register applications that
will use Command
Automation Interface, or
CAI (advanced feature)
• Define commands,
command parameters and
command parameter
mappings for the CAI
(advanced feature)
• KPI – configure the

White paper
Main Description
Components
Flashboard parameters
• KPI – configure and
register the KPI titles
(advanced option)
Requestor console:
• Create and update the
Summary Definitions
Task Management System:

• configure the Task
Assignment mappings
• configure the Task Group
Templates
• configure the Task
Templates
• configure the Variable
Templates

requiring access to configure the
component functions mentioned in
the preceding lists. Typically, you
grant these permissions to a person
playing the role of Application
Administrator.
CM Dashboard Users with CM Dashboard User
User permission can view the BMC
Remedy Change Management
No
Dashboard form.
application
license is
required
permissions to users performing
the role of a Change Manager or
Change process owner.
Release The Release component is installed with the BMC Remedy Change
Management application. You use the Release component to plan,
schedule, and control the movement of releases into test and live
environments. Management of the Release lifecycle is based on
ITIL beast practice Release Management methodologies.
For more information, refer the BMC Remedy Change Management

User Guide.
Release Master Users with Release Master An
permission can perform the application
• create release requests required

Main Description
Components
• modify all release requests
independently of any
functional roles or support
group affiliations
• create and modify approval
mappings
• create and modify Release
templates (modification of
templates is restricted to
templates where user is a
member of the Authoring
Group)
Note: Asset Viewer and

Infrastructure Change Viewer
permissions are also granted
automatically from the
application UI whenever these
permissions are granted.

playing a Release Coordinator role
that requires full access to all
Release requests.
Note: Use of the Master

permissions groups should be
limited to key personnel who
either own a process, or have
full control over Release
Management schedules.
Release User Users with Release User

• create release request
• modify, in a restricted
An
way, release requests
application
based on functional roles
license is
and support group
required
affiliations
Note: A user must have the Release

Coordinator Functional Role to
be able to modify Release
request and they must be a

White paper
Main Description
Components
member of the Release
Coordinator Group.
Note: Asset Viewer and

Infrastructure Change Viewer
permissions are also granted
automatically from the
application UI when these
permissions are granted.
Best practice: Limit use of these

permissions permission to
individuals playing a Release
Coordinator role.
Release Users with Release Viewer
Viewer permissions can query all release
requests. They cannot submit or
modify release requests.
Note: Infrastructure Change

Viewer permissions are also
granted automatically from the
application UI when these
permissions are granted. No
application
Best practice: Grant these license is
permissions to individuals who required
need only read access to view
release requests. Typically, these
permissions are given to most
ITSM applications users (that is,
users who do not already have the
‘Master’, or ‘User’ permission) for
them to access information
regarding release planning
activities.
Release Config Users with Release Config
permissions can perform functions
that span the following five
components:
Activity component: An
application
• configure Activity rules
license is
• configure Activity
required
Templates
Change Management component
• configure Change
Calendar

Main Description
Components
Foundation component
• KPI – configure
register KPI titles
(advanced option)
Release component
• configure milestone phases
and exit criteria
• configure Release
Prioritization values
• configure Release rules
• configure Approval
mappings
• configure Release
Templates
Task Management System

component
• configure applications that
integrate with Task
Management System
• configure phase
management functionality
for those applications that
integrate with Task
Management System
• configure Task Status and
Status Reason values for
application return codes

functions in the preceding list.
People with this set of permissions
typically are Application
Administrators.
Incident The Incident component is installed with BMC Remedy Incident
Management application. You use the Incident component to
restore normal service operations quickly by managing all aspects of
an incident, from their creation to their resolution and closure.
For more information, see the BMC Remedy Incident Management

User Guide.
Incident Users with Incident Master An
Master permissions can perform the application

White paper
Main Description
Components
• create incidents required
• modify all incidents
independently of any
functional roles or support
group affiliations
• view Incident templates
• configure Cost Category,
Cost Center information,
Cost Rate templates and
Financial rules as well as
Chargeback periods
Note: To create and modify

templates, you need the Support
Group Admin Functional role.
With this role, the modification
of templates is restricted to
those for which the user is a
member of the Authoring Group
Note: Chargeback is a function of

the costing sub-system and is
given automatically with the
other costing features, for
example, access to the Product
Catalog console.

playing a Service Desk Analyst
role who require full access to all
Incidents.

permissions groups should
either own a process or require
full control of all Incidents.
Users with these permissions must

also belong to a Support Group
before they can open the Incident
form.
Incident User Users with Incident User
permission can perform the An
following functions: application
license is
• create incidents
required
• modify incidents based on

Main Description
Components
functional roles and
(that is you must be a
member or either the
Assigned or Owner Group
to have modify access to
the Incidents with this
permission)
• view Incident templates
Note: You must grant the Support

Group Admin functional role to
create and modify templates.
With this role, template
modification is restricted to
templates for which the user is a
member of the authoring group.

playing one of the following
Service Desk roles:
• Group Coordinator
• On-Duty Manager
• Operations Manager
• Operator and Specialist
• Problem Coordinator,
• Change and Release
Coordinator
• Service Level Manager
• Service Owner

also belong to a Support Group to
open the Incident form.
Incident Users with Incident Submitter
Submitter permission can create and query all
incidents. They cannot modify
incidents.
No
Best practice: Grant these application
permissions to individuals who license is
need to submit and view incidents. required
Typically, these permissions are
given to any who fulfills one of the
roles mentioned under the Incident
User permissions (take note that,

White paper
Main Description
Components
‘User’ permissions are required if
the person needs modification
access).
Incident Users with Incident Viewer
Viewer permission can query all incidents.
They cannot submit or modify
incidents.

need only read access to incidents. No
Typically, these permissions are application
given to most ITSM applications license is
users (that is, users who do not required
already have the ‘Master’, ‘User’
or ‘Submitter’ permission) for
them to access incident
information.
Incident Users with Incident Config
Config permission can perform functions
that span the following three
components:
Incident Management component

• configure Incident
Management application
settings
• configure Incident Impact
values
• configure Incident Urgency An
values application
• configure Incident Priority license is
weight ranges required
• configure Incident
Prioritization
• configure Incident rules
and assignment rules)
• configure Work Info Inbound
and Outbound
communications counters
• configure Decision Trees
• configure Scripts
• configure Incident Templates

Main Description
Components
(can create and modify all
templates regardless of
Authoring group affiliation)
register KPI titles
(advanced option)
Requestor component
• Create and update
Summary Definitions

configure the component functions
in the preceding list. Typically,
people who fulfill this role are
Application Administrators.
Problem The Problem component is installed with the BMC Remedy
Problem Management application. You use the Problem component
to manage problem investigations, known errors, and solution
database entries. Problem management focuses on reducing the
number of incidents; either reactively, by preventing them from
recurring, or proactively by preventing them from occurring.
For more information, see the BMC Remedy Problem Management

User Guide.
Problem Users with Problem Master
Master permission can perform the
• create problem
investigation, known error
and solution database
records
• modify all problem An
investigation, known error
application
and solution database license is
records independently of required
any functional roles or
• configure Cost Category
information, Cost Center
information, Cost Rate
templates, and Financial
rules as well as
Chargeback periods

White paper
Main Description
Components
console
Note: Chargeback is a function of

the costing sub-system and is
given automatically with the
other costing features.

who play the role of Problem
Coordinator and who require full
access to all Problem Investigation,
Known Error and Solution
Database records.

permissions group should be
either own a process or require
full control of all Problem
Management records.

open the Problem forms.
Problem User Users with Problem User
permission can perform the
• create problem
investigations, known error
records, and solution
database records
• modify problem
investigation and known
error records based on
An
functional roles and
application
support group affiliations:
license is
- A user with these required
permissions and no
Problem Management
Functional Roles can
modify only Problem
Investigations and
Known Errors where
they belong to the
Assigned Group
- A user with these
permissions and

Main Description
Components
Problem Coordinator
Functional Role can
modify only Problem
Investigations and
Known Errors where
they belong to the
Problem Coordinator
Group
• modify solution database
records based on support
group affiliations
console

performing the role of a Problem
Coordinator within the Problem
Management process.
You should also grant these
permissions to users that play any
of the following roles:
• Group Coordinator or a
Specialist within the
Incident and Problem
Management processes
• Change Coordinator
• Release Coordinator
• Availability Manager
• Capacity Manager
These permissions give them the

ability to create and modify
Problems and Known Errors.
Problem Users with Problem Submitter
Submitter permissions can create and query
all problem investigation, known No
error and solution database records. application
They cannot modify problem license is
investigations, known errors, and required
solution database records.

White paper
Main Description
Components
must submit and view Problem
Investigations, Known Errors and
Solution Database records.
Typically, you give these
permissions to any of the roles
mentioned in the preceding list of
Problem User permissions (take
note that ‘User’ permissions are
required when the user needs
modification access).
Problem Users with Problem Viewer
Viewer permissions can query all problem
investigation, known error and
solution database records.
They cannot submit or modify
problem investigation, known error
and solution database records.

need only read access to view No
Problem Investigations, Known application
Error and Solution Database license is
records. Typically, these required
permissions are given to most
ITSM applications users (that is,
users who do not already have the
‘Master’, ‘User’ or ‘Submitter’
permission) so they can access
information in the Problem
Management records.
Problem Users with Problem Config
Config permissions can perform functions
An
components:
application
Problem Management component license is
required
• configure Problem Impact
values
• configure Problem

Main Description
Components
Urgency values
• configure Problem Priority
weight ranges
• configure Problem
Prioritization
• configure Problem rules
and assignment rules)
Foundation functions component

register KPI titles
(advanced option)
Incident Management component

(Incident component must be
installed):
• configure decision trees
(this configuration option
is available to a Problem
applications administrator,
because you can create
decision trees to relate
Incidents directly to
Known Error and Solution
Database records)

configure the component functions
in the preceding list. You typically
give these permissions to someone
fulfilling the role of an Application
Administrator.
Request (without The Request component gets installed when either the BMC
SRM) Remedy Incident Management, BMC Remedy Problem
Management, or BMC Remedy Change Management applications
are installed.
Note: The Request component is also installed when the BMC

Service Request Management (SRM) application gets installed
however this version of the Request component is different
compared to the version installed when SRM is not installed.
This Request component is used to provide an interface for
employees of your organization to submit requests that can be
fulfilled from either the Incident or Change management

White paper
Main Description
Components
processes. The previously mentioned interface is referred to as
the Requestor console. Users of the Requestor console do not
must be granted permissions. The permissions listed below are
for administrating the Requestor console.
For more information, see the BMC Service Request Management

documentation that is available from the BMC Customer Support
website.
Requester Users with Requester Console
Console Config permission can perform the
Config following functions:
• configure Application
Settings specific to the
Requester console
functions
• create and update
Summary Definitions that
are used within the No
Requester console application
• configure Survey questions license is
• configure Request rules required

previously mentioned component
functions. Typically, you grant
these permissions to someone
playing the role of an Application
Administrator.
Requester Users with Requester Console
Console Master permission can perform the
Master following functions:
• configure Application
Settings specific to the
Requester console
functions
No
• create and update
application
Summary Definitions that
license is
are used within the
required
Requester console
• configure Survey questions
• configure Request rules
• view and limited update
access to the Service
Request form

Main Description
Components
Administrator.
Note: The Requester Console

Master permissions supersede
the Requester Console Config
permission. Therefore Users
with these permissions do not
need to be granted the Requester
Console Config permission.
Summary Users with Summary Definition

Definition Config permission can create and
Config update Summary Definitions that
are used within the Requester
console

No
these permissions to someone application
license is
Administrator.
required
Note: The Requester Console
Config and Requester Console
Master permissions supersede
the Summary Definition Config
with either of these permission
does not need to be granted the
Summary Definition Config
permission.
Request (with The Request component gets installed when the BMC Service
SRM) Request Management (SRM) application is installed.
Note: If you were installing the BMC Service Request Management

application on top of an installation that previously had an ITSM
application installed (that is, Asset, Incident, Problem or
Change/Release Management) the Request component will be

White paper
Main Description
Components
replaced with the SRM version.
This Request component is the entry point from which IT customers

can interact with the IT organization. Users select IT or other
business services from a Service Catalog, which the Business
Service Manager sets up. Service requests can be fulfilled using the
BMC Remedy Change Management or BMC Remedy Incident
Management process. In addition SRM supports any generic work-
order process.
IT Customers that use the Request Entry form to submit requests do
not must be granted permissions. The permissions listed below are
for administrating the SRM application and working with Requests
and Work Orders.
For more information, see the BMC Service Request Management

website.
Business Users with Business Analyst
Analyst permission can perform the
• create Service Requests
Definitions (SRD) using
the Service Request
Designer
• view and update SRDs No
created by this user (Take application
note that the user cannot license is
view SRDs with a status of required
Cancelled or Expired)

performing the role of a Business
Analyst (that is, a liaison between
the IT customers and IT support)
Business Users with Business Manager
Manager permission can manage service
requests using the Business
Manager Console (that is, view
requests, add additional
information to a request, cancel No
requests, review the approval cycle application
of requests and run reports) license is
required
performing the role of a Business
Manager responsible for managing
user requests. Their activities and

Main Description
Components
responsibilities include monitoring
the current number of open and
late requests, approving requests,
running request reports, and
examining request trends.
Entitlement Users with Entitlement
Administrator Administrator permission can
perform the following functions:
• configure Entitlement rules
for SRDs
• configure Entitlement
groups No
application
permissions to individuals required
Administrator.
Request Users with Request Catalog
Catalog Manager permission can perform
Manager the following functions:
• create Service Requests
Definitions (SRD) using
the Service Request
Designer
• view and update SRDs
using the Service Request
Designer
• manage (create, update and
delete) SRDs and Process No
Definition Templates application
(PDTs) using the Service license is
Catalog Manager console required
Note: Users with these permissions
have access to the Service
Requests Definition and Process
Definition forms accessible
from the console.
• import and export SRDs

and PDTs using the Import
Export console

White paper
Main Description
Components
performing the role of a Service
Catalog Manager responsible for
defining SRDs and PDTs (the
fulfillment process definitions
within the service catalog). Service
Catalog Managers work closely
with business relationship
managers (liaisons between the
business and IT) to build and
implement the requests from the
business.
Service Users with Service Request User
Request User permission can perform the
• manage Service Requests
using the Service Request
Coordinator console
• view requests , create

requests on behalf of
others, update work info
No
on request, reviewing
application
suggestions and
license is
troubleshooting requests.
required
Request Coordinator (or service
request agent) responsible for
planning and tracking the service
request, as well as monitoring the
current number of open and late
service requests.
SRM Users with SRM Administrator
Administrator permission can perform functions
that span the following two
components:
SRM Configuration component No

Advanced settings: application
• configure general Application license is
settings required
• configure Advanced Interface
data
• configure Service Request
preferences

Main Description
Components
definition settings
HTML
• configure Surveys
Application Configuration:
• define Application fields
• define Application Object
Template
• defined Application Target
data
• define Questions Library
Approval settings:
• configure Approval Chains
Mappings
Entitlement settings:
• configure Entitlement rules
for SRDs
• configure Entitlement
groups
• configure On Behalf of rules
Navigational Category settings:
• configure Navigation
categories
Request Entry Management
settings:
• configure Default console
preferences
• manage Service Request
Definition images
images
Search Exclusion word list
SRD Level setting:
• setup SRD levels
BMC SLM setting:
• Configure the defaults for
Service Target for SRDs.
Work Order settings:
• configure Work Order rules
• configure Work Order
templates
• setup Approval
Application Registration to
allow parallel processes
based on form name
Process phases

White paper
Main Description
Components
will use CAI (advanced
feature)
command parameter
(advanced feature)

Administrator.
Note: The SRM Administrator

permissions supersede the
Entitlement Administrator
with these permissions do not
need to be granted the
Entitlement Administrator
permission.
Work Order Users with Work Order Config

Config permission can perform functions
components:
SRM Configuration functions:

Work Order settings:
• configure Work Order rules
• configure Work Order
templates No
application
Task Management System functions: license is
Assignment settings: required
• configure Assignment
mappings
Task Configuration settings:
• configure Task Group
templates
• configure Task templates
• configure Variable templates

Main Description
Components
Administrator.
Work Order Users with Work Order Master
Master permission can perform the
• create, manage and fulfill
Work Orders using the
Work Order console
• access to the Product
Catalog console
No
Note: The Work Order Manager application
functional role is required to be license is
assigned as the Work Order required
Manager and the Work Order
Assignee functional role is
required to be assigned as the
Work Order Assignee

who manage and work with the
Work Order fulfillment process.
BMC SLM The BMC SLM component gets installed when BMC SLM is
installed. The BMC SLM component is used define SLAs, OLAs
and Underpinning contacts that can be used measure the level of
service you are providing for your service offerings.
For more information, see the BMC Service Level Management

website.
SLM Manager Users with SLM Manager
permission can perform the
following functions that span the
following two components:
An
BMC SLM component application
• create, modify, delete, and license is
view agreements, service required
targets and contracts from
the Service Level Manager
console
• view SLM Dashboards

White paper
Main Description
Components
Asset Management component
(Asset Management must be
installed)
Note: The functions below are

automatically granted, because
Asset Management and BMC
SLM use the same contract sub-
system component, which is
installed with the Foundation
component):

contracts from Contract
console
certificates from SAM
console
• Manage License Jobs from
the SAM console

Level Administrator, Service Level
Manager or a Business
Relationship Manager, or both.
Note: Users with the SLM

Manager permissions do need
Contract Admin or Contract
User permissions.
SLM Users with SLM Unrestricted

Unrestricted Manager permissions can perform
Manager functions that span the following
two components:
BMC SLM component

• create, modify, delete, and An
view agreements, service application
targets and contracts from license is
the Service Level Manager required
console.
In addition, this role has
complete MSP (multi-
tenancy) data access and
can access data for all
contracts (has access to

Main Description
Components
data regardless of any
Company restrictions).
This role does not include
rights to the Application
Administration console
• view SLM Dashboards
Asset Management component

(Asset Management component
must be installed)
Note: The following functions are

automatically granted, because
Asset Management and BMC SLM
use the same contract sub-system
component. This component is
component.
console
certificates from SAM
console
SAM console

Level Administrator, Service Level
Manager or a Business
Relationship Manager, or both,
who requires access to all data
regardless of any Company
restrictions (that is, they can see all
data regardless of Company row-
level access restrictions).
Note: Users with the SLM

Manager permissions do need
the Contract Admin or Contract
User permissions.
SLM Console Users with SLM console and

An
and Dashboards User permissions can
application
Dashboards perform the following functions:
license is
User
required
• view agreements and

White paper
Main Description
Components
service targets from the
Service Level Manager
console
• view BMC SLM
Dashboards
Note: Users with these permissions

cannot add comments to
agreements.

permissions to Specialists or
technicians who are responsible for
providing support to services that
require information about their
service commitments.
SLM Customer Users with SLM Customer
permission can view the BMC
SLM Customer Dashboards.
An
application
license is
permissions to either internal or
required
external customers who need
information about their service
level agreements.
SLM Config Users with SLM Config
permission can perform functions
components:
SLM components
• create, modify, delete, and
view agreements, service
targets and contracts from
the Service Level Manager
console An
• view SLM Dashboards application
license is
SLM Configuration components required
Configure Application Settings
• configure Agreement
Owner lists to receive
notifications
• configure Contracts Menu
Items
• configure Data Source and
applications to work with
Service Target

Main Description
Components
• configure custom Goal
Types
• manual update of SLA
Compliance
• configure SLM
preferences
• configure retroactive
update of Measurement
data
• configure the Review
Periods for Compliance
Performance
• configure custom SLM
comments
• configure Service Target
Group assignment
• configure Templates
Configure Business Time
• configure Business Time
Entity and Segments
Configure collector module
properties
• configure Bulk
Performance Manager
Nodes
• configure Collection
Nodes
• configure Collection
Points
Configure Defaults for Service
Target and Agreement
• configure Agreement
Defaults
• configure Service Target
Defaults
Import and Export various
application definitions and data
• Import and Export
Asset Management functions

(when Asset Management is
installed
Note: The functions listed below

are automatically granted,
because Asset Management and
SLM use the same contract sub-

White paper
Main Description
Components
system component, which is
component):

console
certificates from the SAM
console
the SAM console

Level Manager and Service Level
Administrator.
Note: Users with the SLM Config

permission do not need SLM
Manager permissions. Also
Users with SLM Config
permissions do not need
Contract Admin or Contract
User permissions.
RKM The RKM component is installed with the BMC Remedy

Knowledge Management application. The RKM component is used
to author and publish Knowledge Articles that appear throughout
the BMC Remedy ITSM applications. They are used by support
staff and customers to help resolve issues.
For more information, see the BMC Remedy Knowledge

Management documentation that is available from the BMC
Customer Support website.
Knowledge Users with Knowledge Admin
Admin permission can create and modify
all Knowledge Articles.
No
permissions to individuals who license is
perform the role of a Knowledge required
Manager. Users in this role can
create system news flashes and run
reports.
Knowledge Users with Knowledge User No
User permissions can create and modify application
knowledge articles. They can also license is

Main Description
Components
update all draft articles; however required
they cannot publish or retire
articles.

permissions to advanced technical
users or subject matter experts.
These users are typically involved
in the content review and approval
process.
Knowledge Users with Knowledge Submitter
Submitter permission can create and modify
knowledge articles that have In
Progress status. No
application
permissions to standard technical required
users who require access to create
knowledge articles from incidents
or other requests.
Knowledge Users with Knowledge Viewer
Viewer permissions can view Knowledge
No
Articles.
application
license is
required
permissions to all users who need
to view Knowledge Articles.
Knowledge Users with Infrastructure
Config Knowledge Config permission can
configure RKM settings.

No
application
need to configure the component
license is
functions mentioned in the
required
preceding list of RKM
permissions. Typically, you grant
Administrator.
Sub Components Description
Activity The Activity sub component is installed with all BMC Remedy
ITSM applications. However, it currently is used only by Release
Management. The Activity sub component is used to manage a
release and to track its progress from initiation to completion.
For more information, see the BMC Remedy Change Management

User Guide.

White paper
Main Description
Components
Activity User Users with Activity User
permission can create and modify
all activities

permissions to individuals working
with the Release Management
application who were not granted No
the Release Master or Release User application
permissions. license is
required
Note: Users with either the Release
Master or Release User
permissions do need the
Activity User or Viewer
permission. These permissions
grant full access to Activities.
Activity Users with Activity Viewer

Viewer permission can view all activities

permissions to individuals working
with the Release Management No
application who have not been application
granted the Release Viewer license is
permissions. required
Note: Users with Release Viewer
permissions do not need the
Activity Viewer permission. These
permissions grant view access to
Activities.
Activity Users with Activity Config
Config permissions can perform the
following two components:
Activity component
• configure Activity rules
No
• configure Activity
application
Templates
license is
required
Task Management System
component
Assignment settings:
• configure Task
Assignment mappings
Integration settings:

Main Description
Components
integrate with Task
Management System
• configure phase
integrate with Task
Management System
Templates
• configure Task Templates
• configure Variable
Templates

requiring configuration access to
the component functions in the
preceding list. Typically, you
grant these permissions to someone
Administrator.
Note: The Release Config

permission grants full
configuration access to the
Activity configuration settings,
with some exception regarding
the Task Management settings.
If a user does not need full
access to the Task Management
settings, do not grant them
Activity Config permission if
they already have Release
Config permissions.
Financial The Financial sub component is installed with all ITSM

applications. You use the Financial sub component to track costs
across the various BMC Remedy ITSM applications.
For more information, see the BMC Remedy IT Service Management

Administration Guide.
Cost Manager Users with Cost Manager An
permissions can perform the application

White paper
Main Description
Components
• configure cost categories required
• configure Cost Center
information
• configure Cost Rate
templates
• configure Financial rules
• configure Chargeback
periods
performing the role of a Financial
Manager or IT Controller. Also
grant them to Application
Administrators.
The following permissions
automatically inherit the Cost
Manager permissions rights:
• Asset Admin
• Incident Master
• Problem Master
Users with any of the permissions

in the preceding list do not need
the Cost Manager permissions to
access Cost functions.
Cost User This permission is used
infrequently. This is because, users
who have any of the “User” type
permissions get automatic access
to Cost User functions that let them
create, modify, and delete all cost
records.
Best practice: The following

permissions automatically inherit
An
the Cost User permissions rights:
application
• Contact Organization license is
Admin required
• Task Manager
• Task User
• Asset User
Master
• Activity User, Release
Master

Main Description
Components
• Release User
• Incident User
• Problem User
Users with any of the permissions

in the preceding list do not need
the Cost User permissions to
access the Cost functions within
the various applications.
Give the Cost User permission to

any who needs to access the create
and update cost functions but who
does not have any of the previously
mentioned permissions.
Cost Viewer This permission is used
infrequently. This is because users
who have any of the “Viewer”
permissions can view all cost
records.

the Cost Viewer permissions
rights:
• Task Viewer
• Asset Viewer
Viewer No
application
• Release Viewer license is
• Activity Viewer required
• Incident Viewer
• Problem Viewer
Users with any of the previously

mentioned permissions do not need
Cost Viewer permissions to access
view costing information within
the various applications.
Give the Cost Viewer permission

to any who needs to view Costs but
who does not have any of the
previously mentioned permissions.
Foundation The Foundation sub component is installed along BMC Remedy
ITSM applications. BMC Remedy ITSM applications use the
Foundation sub component to manage common data structures used

White paper
Main Description
Components
by all applications. These data structures include Company,
Organization, Location, Support Groups, People, Categorization and
Product Catalog information. Foundation is also used to configure
the AR Approval, Assignment, and the BMC Remedy ITSM
Notification engine.
Best practice: Grant the following permissions to individuals

needing configuration access to these data structures and processes.
Typically, you give these permissions to a person playing the role of
an Application Administrator.
Among the permission listed below are four key permissions that
give configuration access to the main data structures of the BMC
Remedy ITSM applications. These permissions are needed when
starting the configuration process and include:
• Config Categorization Admin (used to configure the main
categorization data structures)
• Config Group Mapping Admin (used to configure
assignment routing mappings)
• Contact Location Admin (used to configure the Company
and Location data strictures)
• Contact Organization Admin (used to configure the
Company, Organization and People data structures)
For more information, see the BMC Remedy IT Service Management
Administration Guide.
Approval Users with Approval Admin
Admin permissions can access the BMC
Remedy Approval Server
administration console. The
Approval Server comes with the
BMC Action Request System
platform and is installed
independently of the BMC
Remedy ITSM applications.
No
Best practice: You must also be a
application
registered and active Process
license is
Administrator with Full Admin
required
authority or an AR System
Administrator to access the BMC
Remedy Approval Server
administration console. Typically,
these permissions are needed only
if you are extending or customizing
the out-of-the-box approval server
configurations. These permissions
are not needed to manage the BMC
Remedy ITSM applications

Main Description
Components
Approval Mappings.
ASE- Users with ASE-Administrator
Administrator permission have configuration
access to the BMC Remedy
Assignment Engine. The BMC
Remedy Assignment Engine comes
with the BMC Action Request
System platform and is installed
independently of the BMC
No
Remedy ITSM applications.
application
license is
Best practice: Typically, these
required
permissions are only needed if you
are extending or customizing the
out-of-the-box assignment engine
configuration options. These
permissions are not needed to
manage the BMC Remedy ITSM
applications Assignment
Mappings.
Command Users with Command Event
Event Master Master permission can perform the
use CA) - an advanced
feature)
command parameter
mappings for the CAI - an
No
advanced feature
application
license is
Best practice: The Infrastructure
required
Change Config and the SRM
Administrator permissions also
grant access to the same two
functions in the preceding list.
Users with these permissions do
not need the Command Event
Master permission. Typically,
these permissions are needed only
if you are extending or customizing
the CAI plug-in.
Config Users with Config Categorization
No
Categorization Admin permission can perform the
application
Admin following functions:
license is
• configure catalog
required
mappings

White paper
Main Description
Components
• configure generic catalog
structures (for example,
the Resolution Category
and Root Cause categories)
• configure operational
categories
• configure product
categories
• access the product catalog
console
Best practice: This is a key

permissions groups for Application
Administrators who are
implementing and administering
BMC Remedy ITSM applications.
Config This permission will be deprecated.
No
Categorization Please use the Config
application
User Categorization Admin permission
license is
as it grants the same level of
required
access.
Config Group Users with Config Group Mapping
Mapping Admin permission can configure
Admin Assignment Mappings.
No
application
license is
required
BMC Remedy ITSM applications
Contact Users with Contact Location
Location Admin permission can perform the
Admin following functions:
company data
• configure country
currencies
• create and update country, No
state or province and city application
data license is
• create and update site data required
• access the product catalog
console


Main Description
Components
BMC Remedy ITSM applications
Contact Users with Contact Organization
Organization Admin permission can perform the
Admin following functions that span the
following three components:
Organization data:
company data
• create and modify support
group data
People data:
people records (full access
to people data including
both support and non-
support staff excluding
access to HR specific
attributes)
• access the people
management console to
perform bulk updates
• perform support company No
access configuration application
• configure people templates license is
• access the product catalog required
console

(when Change component is
installed)
Mappings
Release Management component

(when Release component is
installed)
Mappings

BMC Remedy ITSM applications.
Note: Users with Contact

White paper
Main Description
Components
Organization Admin
permissions do not need Contact
Support Admin, Contact People
Admin and Contact People User
permissions.
Contact Users with Contact Support Admin

Support Admin permission can perform the
following three components:
people records (full access
to people data including
both support and non-
support staff excluding
attributes)
No
• configure people templates
application
license is
required
(when Change component is
installed)
• configure approval
mappings
Release Management component

(when Release component is
installed)
• configure approval
mappings
Best practice: People with

Contact Support Admin
permissions do not need the
Contact People Admin and Contact
People User permissions.
Contact People Users with Contact People Admin
Admin permission can perform the
No
application
• create and modify all non-
license is
support people records
required
(these permissions does
not allow a user to create

Main Description
Components
support staff people
records, nor does it give
attributes)
Best practice: People with

Contact People Admin permissions
do not need Contact People User
permissions.
Contact People Users with Contact People HR
HR Admin Admin permissions can access the
following information from the
Attributes tab on the People form:
• HR attendance
management
• HR time management
• benefit information
• travel profile
No
Best practice: Give these application
permissions with one of the license is
following permissions to give required
access to the HR specific attributes
mentioned in the preceding list:
• Contact Organization
Admin
• Contact Support Admin
• Contact People Admin
• Contact People User
Contact People Users with Contact People User

User permission can create and modify
all non-support People records.
These permissions, however, do
not allow a user to create Support
Staff people records, nor do they No
give access to HR specific application
attributes. People records can be license is
created only in the “Proposed” required
state and access to change Profile
Status is not permitted with these
permissions.
Best practice: The Contact People

White paper
Main Description
Components
User permissions are superseded
by the Contact Organization
Admin, Contact Support Admin
and Contact People Admin
permissions.
DSL Master Users with DSL Master
following functions from the
Product Catalog console:
• create products and suites
• create patch files
• create SLIs
Best practice: The following three No

foundation permissions groups application
grant the same access to the license is
Product console so Users with any required
of these permissions do need DSL
Master permissions:
• Contact Location Admin
Admin Config
Categorization Admin
DSL Viewer Users with DSL Master

permissions have access to the
following functions from the
Product Catalog console:
• View products and suites No
• view patch files application
• view SLIs license is
required
Best practice: These permissions
should be given to users who need
to view Product information using
the Product Catalog console.
Licensing Users with Licensing permissions
can grant AR Fixed or Floating
licences to a person from within
the People form.
No
application
Best practice: Give these
license is
permissions with one of the
required
following permissions
to give grant access for the Action
Request System licenses as
mentioned above:

Main Description
Components
Admin
• Contact People User.
Notification Users with Notification Admin

Admin permissions can perform the
• configure country code
option for paging services
• configure prefix numbers
that appear on numeric
pager messages to identify
which application sent the
page
• configure pager service
parameters No
application
Best practice: Give the license is
Notification Admin permission to required
an Application Administrator who
configures the paging parameters
used in the Notification Engine.
There are additional configuration
forms used by the Notification
Engine that can be configured,
however you need AR
Administrative permissions to
access these forms. For further
information please see the ITSM
Notification Engine Guide.
Security Users with Security permissions
can reset other user’s passwords
from the Password Rest form.
No
Best practice: Grant the security application
permission to the Application license is
Administrator who resets required
passwords. This permission can
also be given to user’s performing
the role of a Service Desk Agent.
Return on The ROI sub component is installed with all BMC Remedy ITSM
Investment (ROI) applications. Managers use the ROI sub component to compare the
baseline costs of various IT service management operations before
implementing BMC Remedy ITSM with the actual costs that were
incurred after the implementation.

White paper
Main Description
Components
For more information, see the BMC Remedy Incident Management
User Guide.
ROI Admin Users with ROI Admin
• configure ROI metric
thresholds used by the ROI
console
No
• access the ROI console
application
license is
required
play the role of an IT Manager who
needs to determine how much
money their operational areas save
by using the BMC Remedy ITSM
applications.
ROI Viewer Users with ROI Viewer
permissions can access the ROI
console.
No
permissions to individuals that license is
need to know how much money required
their operational areas save by
using the BMC Remedy ITSM
applications.
Task The Task Management System is a sub component that is installed
with the BMC Remedy Incident Management, BMC Remedy
Problem Management, BMC Remedy Change Management, and
BMC Service Request Management applications. The Task
component is used with the other applications (for example,
Incident, Change, and so on) to create a task that must be completed
as a step in an overall process.
For more information, see the BMC Remedy Task Management

Administrator’s Guide.
Task Users with Task Administrator
Administrator permissions can perform functions
settings areas.
No
Assignment settings application
license is
• configure Task
required
Assignment mappings
Integration settings
integrate with Task

Main Description
Components
Management System
• configure phase
integrate with Task
Management System
Task Configuration settings
Templates
Templates

permissions to Application
Administrators.
The following three permissions

groups Infrastructure Change
Config, Release Config and Work
Order Config grant some level of
administration privileges similar to
the Task Administrator permission.
Users with either of these three
permissions may not need to be
give the Task Administrator
permission.
The Activity Config permission
grants the same level of
administrative privileges as the
there a user with this permissions
does not need to be granted the
Task Administrator permission.
Task Users with Task Application
Application Config permission can perform the
Config following functions that span the
following two components.
No
Foundation component application
• register applications that license is
use CAI (advanced required
feature)
command parameters, and

White paper
Main Description
Components
command parameter
(advanced feature)
Task Management component

Integration settings:
integrate with Task
Management System
• configure phase
integrate with Task
Management System
Best practice: The Infrastructure

Change Config, SRM
Administrator, and the Command
Event Master permissions also
grant access to the CAI functions
mentioned above. Users with those
permissions do not need the Task
Application Config permissions
unless they also need access to the
Task Management functions.
The Release Config, Activity

Config and the Task Administrator
permissions also grant access to the
Task Management functions
mentioned above. Users with these
permissions do not need the Task
Application Config permission
unless they also need access to the
CAI.
Typically, you only need the Task

Application Config permission if
you are extending or customizing
the CAI plug-in, or if you are
integration another applications to
the Task Management system.
Task Manager Users with Task Manager No

Main Description
Components
permissions have access to updated application
records. license is
required
the Task Manager permissions
• Task Administrator
Master
Incident Master
• Problem Master
Users with any of these

permissions do not need Task
Manager permissions to use tasks.
Task Process Users with Task Process Config
Config permissions can perform these
functions that span the following
two components.
will use CAI (advanced
feature)
command parameter
(advanced feature)
No
Task Management components application
Assignment settings: license is
• configure Task required
Assignment mappings
Templates
Templates
Best practice: The Task Process

Config permissions have similar
access to the Task Management
System as the Task Administrator
permissions. Grant the Task

White paper
Main Description
Components
Process Config permissions to
Application Administrators.
Typically, the Task Process Config
permission is granted to users that
need some of the functions given
by Task Administrator permission.
Task User Users with Task User permissions
have access to updated records.

the Task User permission rights:
• Task Administrator
Submit
Master No
• Release Master, Release application
User license is
required
• Activity User
• Incident User
• Problem User
Users with any these permissions

do not need the Task User
permissions to access Tasks.
Give the Task User permission to
anyone who needs access to the
Task System to update Tasks but
who does not have any of the
previously mentioned permissions.
Typical permissions combination setups

This section guides you through the process of assigning people application permissions
for the following BMC Remedy applications:
• BMC Remedy Asset Management
• BMC Remedy Change Management (includes Release Management)
• BMC Remedy Incident Management
• BMC Remedy Problem Management
• BMC Service Level Management
• BMC Remedy Knowledge Management

Typically, you assign permissions combinations to the users in your IT organization

based on their roles and responsibilities. The combinations suggested in the following
table are defined by ITIL as typical and are used by the BMC Service Management
Process Model (SMPM). For more information about the roles and responsibilities of
users within the SMPM, see the Service Management Process Model Role Mapping to IT
Service Management white paper.
The following table is organized by Application, Role, and the permissions combination
recommended for the role.
Application Role Permissions combination
Asset Management Configuration • Asset Admin
Administrator • Contract Admin
• Purchasing User
(needed only if you use
the Purchasing module)
• Incident Viewer
• Problem Viewer
• Release Viewer
Viewer
• Knowledge Viewer
Optional permissions
Admin
This permission is needed
only when the user must
create Support Groups that
manage CIs. Otherwise,
grant them the functional
role of ‘Support Group
Admin’.
• Contact Categorization
Admin
This permission is needed
only if the user must create
and update the Product
Categorization data
structures for the CI data.
Purchasing Agent • Purchasing User

(needed only if you use
the Purchasing module)
• Receiving User (needed
only if you use the
Purchasing module)
• Incident Viewer
• Problem Viewer
Viewer

White paper

• Release Viewer
• Contract Viewer
• Asset Viewer
Change Management Change Approver • Incident Viewer

• Problem Viewer
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
Functional role required

You must assign this
functional role to the user in
addition to the permissions.
Approver
Note: You can give this

functional role to anyone
who approves changes. It
applies to all roles.
Change Coordinator • Infrastructure Change

User
• Incident User
• Problem User
• Release Viewer
• Contract Viewer
• Asset Viewer

Coordinator
Change Manager • Infrastructure Change

User
• Incident User
• Problem User


• Release Viewer
• Contract Viewer
• Asset Viewer

Manager
Customer Representative • Task User

Viewer
• Incident Viewer
• Problem Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
Release Management Release • Release User

Coordinator • Incident User
• Problem User
Viewer
• Contract Viewer
• Asset Viewer

• Release Coordinator
Incident Management Service Desk Analyst • Incident Master

• Problem Viewer
Viewer
• Release Viewer
• Contract Viewer

White paper

• Asset Viewer
• Knowledge User
Specialist • Incident User

• Problem User
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
• Knowledge User
Group • Incident User

Coordinator Note: You can give a
user Master permissions
if full access to
Incidents is required.
• Problem User
Note: Give this individual

Master permissions if they
need full access to
Problems, Known Errors
or Solutions.
User
• Release Viewer
• Contract Viewer
• Asset Viewer
Operator • Incident User

• Problem Viewer
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
Operations • Incident User

Manager • Problem Viewer
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer


On-Duty • Incident User

Manager • Problem Viewer
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
• Knowledge User
Problem Management Problem Coordinator • Problem User
Note: Give this individual

Master permissions if they
need full access to
Problems, Known Errors
or Solutions.
• Incident Viewer
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
• Knowledge User
Functional Role
• Problem Coordinator
Service Level Management Service Level • SLM Manager

Administrator • Contact Location
Admin
Admin
• Asset Admin
• Task User
• Incident Viewer
• Problem Viewer
• Release Viewer
• Contract Viewer
Viewer

White paper

Service Level Manager • Incident User
• Problem Viewer
Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
Service Owner • Incident User

• Problem Viewer
• Viewer
• Release Viewer
• Contract Viewer
• Asset Viewer
When you assign permissions, it is important to use only the minimum number of
permissions that allow the person to perform their job. BMC strongly recommends that
you have only one set of permissions combinations for any given role. As illustrated by
the preceding examples, there is only a few key permissions that a general application
user needs to perform their duties.
These permissions are described in the following table.

Application Key Application User Permissions
Asset Management • Asset Admin or Asset User
• Contract Admin or Viewer
• Purchasing User
• Receiving User
Change Management • Infrastructure Change Master, User or

Viewer
Release Management • Release Master, User or Viewer
Incident Management • Incident Master, User, or Viewer
Problem Management • Problem Master, User or Viewer
Task Management • Task User (This is only required in

certain permission combinations. For
more information, see the Task User
permissions section earlier in this white
paper.)
Service Request Management • Business Manager

• Service Request User

• Work Order Master
Service Level Management • SLM Manager
Knowledge Management • Knowledge Admin, User or Viewer
The remaining permissions control access to the application configuration functions and
are typically assigned either to an Application Administrator or an Application Process
Owner. These permissions are described in the following table.
Application Application Administrator/Process Owner

Permissions
Asset Management • Asset Config
• Contract Config
Change Management • Change Config
Release Management • Release Config
Incident Management • Incident Config
Problem Management • Problem Config
Request Management (without SRM) • Requester Console Config

• Requester Console Master
• Summary Definition Config
Service Request Management (SRM) • Business Analyst

• Entitlement Administrator
• SRM Administrator
• Work Order Config
Service Level Management • SLM Config
Knowledge Management • Knowledge Config
Activity • Activity Config
Financial • Cost Manager
Foundation • Approval Admin

• ASE-Administrator
• Command Event Master
• Config Categorization Admin
• Config Categorization User

White paper
Application Application Administrator/Process Owner

Permissions
• Config Group Mapping Admin
• Contact Location Admin
• Contact Organization Admin
• Contact People HR Admin
• Contact People User
• DSL Master
• Licensing
• Notification Admin
• Security
ROI • ROI Admin
Task • Task Administrator

• Task Application Config
• Task Process Config

*12345*
*169813*

Remedy Applicatin Permissions

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Remedy Applicatin Permissions

Transféré par

Droits d'auteur :

Formats disponibles

White Paper

BMC Remedy Application

BMC Software, Inc., Confidential

© Copyright 2009 BMC Software, Inc.

BMC Software, Inc., Confidential

Support by telephone or email

Before contacting BMC Software

BMC Software, Inc., Confidential

BMC Software, Inc., Confidential

BMC Software, Inc., Confidential

The discussion covers the following subjects:

BMC Remedy application permissions groups

BMC Remedy Application Permissions: Best Practices 7

Permissions group hierarchy

8 BMC Remedy Application Permissions: Best Practices

Permissions group Access level

BMC Remedy Application Permissions: Best Practices 9

For more information, see the BMC Remedy Asset Management

Note: The information about the four Asset Inventory component

Permissions Description Application

10 BMC Remedy Application Permissions: Best Practices

Note: The permission allows users

Best practice: Limit the use of

BMC Remedy Application Permissions: Best Practices 11

Best practice: Grant these

Best practice: Grant these

12 BMC Remedy Application Permissions: Best Practices

Best practice: Grant these

BMC Remedy Application Permissions: Best Practices 13

This permission does not grant

Best practice: Grant these

14 BMC Remedy Application Permissions: Best Practices

This permission does not grant

Best practice: Grant these

Note: Asset Viewer permissions

BMC Remedy Application Permissions: Best Practices 15

Asset Config Users with Asset Config

Best practice: Grant these

16 BMC Remedy Application Permissions: Best Practices

Receiving User Users with Receiving User

BMC Remedy Application Permissions: Best Practices 17

Note: a user with the Asset Admin

Contract User Users with Contract User

18 BMC Remedy Application Permissions: Best Practices

Best practice: Grant these

Best practice: Grant these

Note: The Asset Viewer

Users with Asset Viewer

Best practice: Grant these

BMC Remedy Application Permissions: Best Practices 19

Note: If a user has Asset Config

For more information, see the BMC Remedy Change Management

Permissions Description App

Best practice: Limit the use of

20 BMC Remedy Application Permissions: Best Practices

Note: The Master permissions

Infrastructure Users with Infrastructure Change

BMC Remedy Application Permissions: Best Practices 21

Best practice: Grant these

Users with these permissions

22 BMC Remedy Application Permissions: Best Practices

Best practice: Grant these

BMC Remedy Application Permissions: Best Practices 23