BSM Security Permissions
To prevent unauthorized access to BSM and its files, it is necessary to set permissions for each BSM user.
BSM Security Permissions
| Permission | Description |
|---|---|
| BSM | Ability to access BSM. |
| BSM/EAM/GetUrl4WorkOrder | Ability to retrieve EAM Work Order from URL. |
| BSM/History/View | Ability to view History data. |
| BSM/Integrity/Check/RunCleanup | Ability to run data cleanup operations. |
| BSM/Point/Amenities/Edit | Ability to edit point amenity data. |
| BSM/Point/Amenities//View | Ability to view point amenity data. |
| BSM/Point/Attachments/Edit | Ability to edit files attached to point records. |
| BSM/Point/Attachments/View | Ability to view files attached to point records. |
| BSM/Point/GetDatasetToLoadInClient | Ability to load datasets from the Data/Map folder. |
| BSM/Point/Location/Edit | Ability to edit Location data. |
| BSM/Point/Location/View | Ability to view Location data. |
| BSM/Point/Point/Edit | Ability to edit Point records. |
| BSM/Point/Point/View | Ability to view Point records. |
| BSM/Points/Add | Ability to add Point records. |
| BSM/Points/Delete | Ability to delete Point records. |
| BSM/Points/Edit | Ability to edit Point records. |
| BSM/Points/RunCustomQuery | Ability to run custom queries in Points screen. |
| BSM/Points/View | Ability to view Point records. |
| BSM/Setup/Add | Ability to create setup data. |
| BSM/Setup/Delete | Ability to delete setup data. |
| BSM/Setup/Edit | Ability to edit setup data. |
| BSM/Setup/View | Ability to view setup data. |
| BSM/Sync/GetSynchronizeStatus | Ability to return current status of synchronization process. |
| BSM/SyncSource/Full | Ability to perform synchronization with source databasee. |
| BSM/Sync/Source/ImportAllPoints | Ability to import Points data to BSM. |
| BSM/SyncSource/UpdateAllPoints | Ability to update existing data with BSM data. |
| BSM/SyncSource/View | Ability to view the Synchronization screen. |
| BSM/SyncTabletCheckSessionValidity | Ability to check if the user session in Tablet mode is in consistent state with the database in Master mode. |
| BSM/SyncTablet/CheckStateValidity | Ability to check if there is a mismatch between the Signout state of a point in the Tablet and Master modes. |
| BSM/SyncTablet/Full | Ability to perform synchronization. |
| BSM/SyncTablet/GetDependentDataNeedSignIn | Ability to determine if the work orders in Tablet mode reference only the points in the tablet (that have been signed out). |
| BSM/SyncTablet/GetISAncillaryDataStale | Ability to determine if changes were made to the ancillary data and synchronization is needed. |
| BSM/SyncTablet/GetPointAbbreviationConflictOnSignIn | Ability to determine if a local point's abbreviation exists in the Master database. |
| BSM/SyncTablet/GetSignOutInStatus | Ability to determine the Sign Out/Sign In status of a Point record. |
| BSM/SyncTablet/GetSynchronizeStatus | Ability to determine the current status of the synchronization process. |
| BSM/SyncTablet/GetWorkOrderSignOutInStatus | Ability to determine the SignOut/SignIn status of a work order. |
| BSM/WorkOrders/Actions/Add | Ability to add actions to work orders. |
| BSM/WorkOrders/Actions/Delete | Ability to delete actions from work orders. |
| BSM/WorkOrders/Actions/Edit | Ability to edit actions of work orders. |
| BSM/WorkOrders/Actions/View | Ability to view actions of work orders. |
| BSM/WorkOrders/Add | Ability to add work orders to Point records. |
| BSM/WorkOrders/Attachments/Add | Ability to attach files to work orders. |
| BSM/WorkOrders/Attachments/Delete | Ability to delete attached files from work orders. |
| BSM/WorkOrders/Delete | Ability to delete work orders from Point records. |
| BSM/WorkOrders/Edit | Ability to edit work orders of Point records. |
| BSM/WorkOrders/History/View | Ability to view the history of work orders. |
| BSM/WorkOrders/Labour/Add | Ability to edit the Labor data in work orders. |
| BSM/WorkOrders/Labour/Delete | Ability to delete Labor data in work orders. |
| BSM/WorkOrders/Labour/Edit | Ability to edit Labor data in work orders. |
| BSM/WorkOrders/Labour/View | Ability to view Labor data in work orders. |
| BSM/WorkOrders/Points/Add | Ability to add work orders to Point records. |
| BSM/WorkOrders/Points/Delete | Ability to delete work orders from Point records. |
| BSM/WorkOrders/Reports/View | Ability to view work orders of Point records. |
| BSM/WorkOrders/View | Ability to view work orders. |
| BSM/WorkOrders/Workflow | Ability to change the state of work orders. |
Cmn Security Permissions for BSM
| Permission | Description |
|---|---|
| Cmn/Contracts/Create | Ability to create or clone contracts. |
| Cmn/Contracts/Delete | Ability to delete contracts. |
| Cmn/Contracts/Edit | Ability to edit contracts. |
| Cmn/Employees/Attachments/Add | Ability to attach files to Employee records. |
| Cmn/Employees/Attachments/Delete | Ability to delete attached files from Employee records. |
| Cmn/Employees/Attachments/Open | Ability to open attached files of Employee records. |
| Cmn/Employees/Attachments/View | Ability to view attached files of Employee records. |
| Cmn/Employees/ConfigureDuplicates | Ability to configure duplicate field settings. |
| Cmn/Employees/Create | Ability to create or clone Employee records. |
| Cmn/Employees/Delete | Ability to delete Employee records. |
| Cmn/Employees/Edit | Ability to edit Employee records. |
| Cmn/Employees/SearchbyAddress | Ability to search for Employee records by address. |
| Cmn/Employees/Status/Create | Ability to create or clone Employee status. |
| Cmn/Employees/Status/Delete | Ability to delete Employee status. |
| Cmn/Employees/Status/Edit | Ability to edit Employee status. |
| Cmn/Garages/Create | Ability to create or clone Garage records. |
| Cmn/Garages/Delete | Ability to delete Garage records. |
| Cmn/Garages/Edit | Ability to edit Garage records. |
| Cmn/LocationTypes/GetImage | Ability to get images of Location types. |
| Cmn/Locations/Create | Ability to create Location records. |
| Cmn/Locations/Delete | Ability to delete Location records. |
| Cmn/Locations/Edit | Ability to edit Location records. |
| Cmn/OrgUnit/Attachments/Add | Ability to attach files to Organization records. |
| Cmn/OrgUnit/Attachments/Delete | Ability to delete attached files from Organization records. |
| Cmn/OrgUnit/Attachments/Open | Ability to open attached files of Organization records. |
| Cmn/OrgUnit/Attachments/View | Ability to view attached files of Organization records. |
| Cmn/OrgUnit/Status/Create | Ability to create or clone the Status of organizations. |
| Cmn/OrgUnit/Status/Delete | Ability to delete the Status of organizations. |
| Cmn/OrgUnit/Status/Edit | Ability to edit the Status of organizations. |
| Cmn/OrgUnits/Create | Ability to create Organization records. |
| Cmn/OrgUnits/Delete | Ability to delete Organization records. |
| Cmn/OrgUnits/Edit | Ability to edit Organization records. |
| Cmn/OrgUnits/SetOwner | Ability to set ownership on managed objects. |
| Cmn/Points/Add | Ability to add Point records.. |
| Cmn/Points/Attachments/Add | Ability to attach files to Point records. |
| Cmn/Points/Attachments/Delete | Ability to delete attached files from Point records. |
| Cmn/Points/Attachments/Edit | Ability to edit attached files of Point records. |
| Cmn/Points/Attachments/View | Ability to view attached files of Point records. |
| Cmn/Points/Edit | Ability to edit Point records. |
| Cmn/Points/Position/Edit | Ability to edit the position data of Point records. |
| Cmn/Points/Position/View | Ability to view the position data of Point records. |
| Cmn/Points/View | Ability to view Point records. |
| Cmn/Vehicles/Attachments/Add | Ability to attach files to Vehicle records. |
| Cmn/Vehicles/Attachments/Delete | Ability to delete attached files from Vehicle records. |
| Cmn/Vehicles/Attachments/Open | Ability to open attached files of Vehicle records. |
| Cmn/Vehicles/Attachments/View | Ability to view attached files of Vehicle records. |
| Cmn/Vehicles/ConfigureDuplicates | Ability to configure the duplicate field settings of Vehicle records. |
| Cmn/Vehicles/Create | Ability to create Vehicle records. |
| Cmn/Vehicles/Delete | Ability to delete Vehicle records. |
| Cmn/Vehicles/Edit | Ability to edit Vehicle records. |
| Cmn/Vehicles/Status/Create | Ability to create or clone the status of vehicles. |
| Cmn/Vehicles/Status/Delete | Ability to delete the status of vehicles. |
| Cmn/Vehicles/Status/Edit | Ability to edit the status of vehicles. |
| Cmn/Volunteers/Attachments/Add | Ability to attach files to Volunteer records. |
| Cmn/Volunteers/Attachments/ Delete | Ability to delete attached files from Volunteer records. |
| Cmn/Volunteers/Attachments/Open | Ability to open attached files of Volunteer records. |
| Cmn/Volunteers/Attachments/View | Ability to view attached files of Volunteer records. |
| Cmn/Volunteers/Create | Ability to create or clone Volunteer records. |
| Cmn/Volunteers/Delete | Ability to delete Volunteer records. |
| Cmn/Volunteers/Edit | Ability to edit Volunteer records. |
| Cmn/Work/Schedule/Delete | Ability to delete published work schedules. |
| Cmn/Work/Schedule/GTFS Import | Ability to import GTFS files in Work Explorer. |
Cms Permission Keys
| Permission | Description |
|---|---|
| Cms/User/Create | Ability to create a Cms user record. |
| Cms/User/Delete | Ability to delete a Cms user record. |
| Cms/User/Edit | Ability to edit a Cms user record. |
Core Permission Keys
| Permission | Description |
|---|---|
| Core/Admin/Extensions | Ability to access the Extensions option in the Tools menu in the Client Shell. |
| Core/Admin/Maintenance | Ability to perform maintenance tasks. |
| Core/Admin/Runtime Control | Ability to set the server runtime control. |
| Core/Admin/View Info | Ability to view the server runtime control and access the Admin HTML interface. |
| Core/App/Drilldown Customize All | Ability to access all drilldown targets and choose to apply security filter. |
| Core/App/Run | Ability to access the application through browsers, phones, voice gateway |
| Core/App/System | Ability to set the monitoring and control of the process. |
| Core/Component Layout/Allow Multi User Edit | Ability of multiple users to customize the same screen at the same time. Users are prompted when the layout is being edited/saved by another user. |
| Core/Component/Customize | Ability to customize the screens that use the component layout framework. |
| Core/Context/Default | Ability to execute HTML service. |
| Core/Context/Read | Ability to read the context properties and their definitions. |
| Core/Context/Write | Ability to add context properties. |
| Core/CoreLock/Read | Ability to read field. |
| Core/CoreLock/Write | Ability to modify field. |
| Core/CoreLog/Event | Ability to write events to the CoreLogActivity table through the LogEvent method of the CoreLog service. |
| Core/CoreLog/Modify | Ability to delete and import performance logs through the CoreLog service |
| Core/CoreLog/Trace | Ability to send trace messages to the Server log trace listeners through the Trace methods of the CoreLog service. |
| Core/CoreLog/View | Ability to view and export performance logs through the CoreLog service. |
| Core/CoreShell/Monitor Processes | Ability to monitor process information through the CoreShell service. |
| Core/CoreShell/Start Processes | Ability to start processes through the CoreShell service. |
| Core/CoreShell/Terminate Processes | Ability to end processes through the CoreShell service. |
| Core/Database/Select/Primary | Ability to select the primary database. |
| Core/DatabaseDescription/Read | Ability to read descriptions in the database. |
| Core/Event/Info | Ability to access the GetInfo method of the Event service. The method reports on all polling queues currently operating within the service. |
| Core/Event/Poll | Ability to access the Poll method of the Event service to set up an event queue and receive TCF events. |
| Core/Event/Post | Ability to access the Post method of the Event service to send TCF events to other listeners in the application. |
| Core/Event/Read | Ability to view and edit field information. This could be needed by app users who interact/edit with the fields and layout. |
| Core/Field/Write | Ability to edit or delete field data. |
| Core/File | Ability to download files from the server. |
| Core/File/Browse | Ability to browse virtual directories and download files from the server. |
| Core/File/Write | Ability to add file. |
| Core/JobAgent/Create | Ability to create or clone a new job. |
| Core/JobAgent/Delete | Ability to delete jobs. |
| Core/JobAgent/Edit | Ability to edit jobs. |
| Core/JobAgent/Export | Ability to export jobs. |
| Core/JobAgent/Import | Ability to import jobs. |
| Core/JobAgent/Menu Customize | Ability to customize job links. |
| Core/JobAgent/Start | Ability to start existing jobs. |
| Core/JobAgent/Stop | Ability to stop jobs that have been started. |
| Core/Locale/Read | Ability to view Locale data. |
| Core/Locale/Write | Ability to modify or delete Locale data. |
| Core/Message Queue/Administer | Ability to create, modify or delete message queues through the CoreMQ service. |
| Core/Message Queue/Pop | Ability to pop messages from the message queues through the CoreMQ service. |
| Core/Message Queue/Push | Ability to push messages to message queues through the CoreMQ service. |
| Core/Message Queue/View | Ability to retrieve information about message queues including viewing the message content through the CoreMQ service. |
| Core/Report/Access All Private | Ability to view private reports for all users. |
| Core/Report/Access All Published | Ability to view/edit all published (non-private) reports. |
| Core/Report/Allow NonReadOnly Execution | Ability to set and edit or clone Trapeze SQL reports that can execute non read-only statements. |
| Core/Report/Customize | Ability to customize list of available reports to be shown to various user groups. |
| Core/Report/Edit Adhoc Report | Ability to create, edit, and delete Adhoc reports. |
| Core/Report/Edit Crystal Report | Ability to create, edit, and delete Crystal reports. |
| Core/Report/Edit Parameter Groups | Ability to edit parameter groups. |
| Core/Report/Edit SQL Report | Ability to create, edit, and delete SQL reports. |
| Core/Report/Edit Text Report | Ability to create, edit, and delete text reports. |
| Core/Report/View All Archived | Ability to view all archived reports that were run by other users. |
| Core/Report/View All Running | Ability to view all running reports even those run by other users. |
| Core/Security/Allow Password Change | Ability to change own password. |
| Core/Security/Edit Users and Groups | Ability to create, edit, and delete user and user group records. |
| Core/Security/Set Permissions | Ability to set security permissions. |
| Core/Security/View Permissions | Ability to view security permissions. |
| Core/Security/View Users and Groups | Ability to view user and user group records. |
| Core/Server/Discovery | Ability to control access to service discovery. |
| Core/Server/Echo | Ability to call the Echo method, which all services in the Service Shell support. It provides a way determine if a service is active. |
| Core/Session/Read | Ability to view any session data including those of other users. |
| Core/Session/Write | Ability to modify or delete any session data including those of other users. |
| Core/SqlDirect/Browser | Ability to access the html page through the Show Query method of the SqlDirect
service. It allows the execution of adhoc queries and stored procedures through a
web browser. Note: Only database administrators should be granted permission to
access the ShowQuery method because it allows full access to the database
including the ability to Insert, Update, and Delete data. |
| Core/SqlDirect/DataSources | Ability to view the list of ODBC datasources on the server through the SqlDirect service. |
| Core/SqlDirect/Select | Ability to execute Sql Select queries through the Select methods of the SqlDirect service. |
| Core/SqlDirect/ShowQuery | Ability to display query. |
| Core/Styles/ManageColorSets | Ability to manage all color set configurations. |
| Core/TableEdit/Edit | Ability to edit database tables. |
| Core/TableEdit/View | Ability to view database tables. |
| Core/WSDL/View | Ability to allow WSDL (Web Service Definition Language) description of service to be returned to caller when requested in the URL (when "?wsdl" is appended to the URL |
| Core/Workspace/Customize | Ability to customize the workspace. |
| Core/Workspace/View Options Button | Ability to view the Options button. |
| Core/WorkspaceManager/Delete | Ability to delete shared workspaces. |
| Core/WorkspaceManager/Load Active | Ability to load active workspaces. |
| Core/WorkspaceManager/Load Cli Active | Ability to load active Client. |
| Core/WorkspaceManager/Load Default | Ability to load the default workspace. |
| Core/WorkspaceManager/Load Shared | Ability to load shared workspaces. |
| Core/WorkspaceManager/Rename | Ability to rename shared workspaces. |
| Core/WorkspaceManager/Save Active | Ability to save active workspaces into the database. |
| Core/WorkspaceManager/Save Cli Active | Ability to save active Client. |
| Core/WorkspaceManager/Save Shared | Ability to save shared workspaces into the database. |
Map Permission Keys
| Permission | Description |
|---|---|
| Map/MapAddress/PublicMethods | Ability to use MapAddress service methods. Public method keys allow access to public methods, which are deemed safe for all users including Anonymous users. |
| Map/View Image | Ability to view image of map on BSM screen. |