As we all know the data access model prior to Remedy ITSM version 9.1 was based on the Company and there was no way to control the data access with in the same company. This data access was managed using the company fields on the application form allowing access to all members within a company.
As we all know the data access model prior to Remedy ITSM version 9.1 was based on the Company and there was no way to control the data access with in the same company. This data access was managed using the company fields on the application form allowing access to all members within a company.
The data access model of BMC Remedy ITSM is modified to enhance data security. From Remedy ITSM version 9.1 onwards the configuration data (Operational, Product Catalog, etc) is still managed at the company level but ticket data access has changed.
Please note that these changes are applicable for BMC Remedy ITSM applications (Incident, Problem, Knowledge, Change and Asset) and BMC Service Request Management. There is no change to BMC Service Level Management.
BMC Remedy ITSM 9.1.02 onwards provides data access model features that protect your data from unauthorized access.
Support group centric ticket data access
The ticket data access is managed based on Individuals (eg: Submitter, On behalf of and Assignee) and Support Groups (Assigned Group, Owner Group, etc) associated with a ticket. This restricts access to only those users who are directly connected to a ticket or to a support group associated with a ticket. With this enhancement, users who are not connected to a ticket cannot access it.
Support group and company centric ticket data access
Along with Support Group centric ticket data access this aspect of the data access model extends ticket access to company level along with the users who are directly connected to a ticket or to a support group associated with a ticket.
Below table will list the access control to BMC Remedy ITSM ticket data. The underlining concept remains the Row-Level Security (RLS) to field 112. The table lists when a user will get access to the ticket data based on the Individual logins or Support Group membership.
|
ITSM Application |
Permission Model: Support Group |
Permission Model: Support Group and Company |
|
Incident Tickets |
· Customer Login ID · Contact Login ID · Assigned Support Group ID · Owner Support Group ID |
· Customer Login ID · Direct Contact Login ID · Assigned Support Group ID · Owner Support Group ID · Owner Support Company Group ID · Assigned Support Company Group ID · Contact Company Group ID · Location Company Group ID · Vendor Company Group ID |
|
Problem Tickets |
· Assigned Support Group ID · Problem Coordinator Support Group ID |
· Assigned Support Group ID · Problem Coordinator Support Group ID · Assigned Support Company Group ID · Support Company Problem Manager Group ID · Vendor Company Group ID |
|
Problem Known Error Tickets |
· Company ID |
· Company ID |
|
Problem Solution Database Tickets |
· Company ID |
· Company ID |
|
Change Tickets |
· Requested For Login ID · Requested By Login ID · Coordinator Support Group ID · Manager Support Group ID · Implementer Support Group ID |
· Requested For Login ID · Requested By Login ID · Coordinator Support Group ID · Manager Support Group ID · Implementer Support Group ID · Vendor Group ID · Customer Company Group ID · Assignee Support Company (ASCPY) Group ID · Manager Support Company(Company3) Group ID · Implementer Support Company(ChgImpCpy) Group ID · Location Company Group ID · Vendor Company Group ID |
|
Release Tickets |
· Assigned Support Group ID |
· Assigned Support Group ID · Manager Support Company(Company3) Group ID · Location Company Group ID |
|
Asset PurchaseRequisition |
· Company ID |
· Company ID |
|
Asset Contracts |
· Company ID |
· Company ID |
|
Asset CI Unavailability |
· Company ID |
· Company ID |
|
Tasks |
· Based on parent ticket (Eg:- an Incident Management or Change Management ticket) and the Assigned Support Group ID |
· Parent and Assigned Support Group ID · Location Company Group ID · Assigned Support Company Group ID |
|
Work Orders |
· Customer Login ID · Contact Login ID · Manager Support Group ID · Assignee Support Group ID |
· Customer Login ID · Contact Login ID · Manager Support Group ID · Assignee Support Group ID · Customer Company Group ID · Assignee Support Company (ASCPY) Group ID · Manager Support Company(Company3) Group ID · Location Company Group ID |
|
Service Requests |
· Requested For Login ID · Requested By Login ID · Assigned Support Group ID |
· Requested For Login ID · Requested By Login ID · Assigned Support Group ID · Customer Company Group ID · Location Company Group ID · Manager Support Company(Company3) Group ID · Assignee Support Company (ASCPY) Group ID |
Hierarchical groups
This feature is based on the hierarchical group feature in BMC Remedy AR System and allows you to create groups that are parents of other groups. A parent group can access its own ticket data and the ticket data of its child groups. You can extend the ticket data access to higher groups using hierarchical groups.
In a hierarchical structure, the following members have access to ticket data:
· Child groups can access their own tickets.
· Parent groups can access their own tickets and tickets of their respective child groups.
· All permissions assigned to a child group are passed on to its parent group.