Business Services
Business Services allow you to organize Configuration Items into groups within a Domain and restrict which Configuration Items a User can manage.
Business Services work together with Role permissions:
- Roles define the access and action permissions that a User has (Read, Create, Update, Delete, Enable/Disable, Start/Stop, Reveal).
- Business Services restrict which specific Configuration Items those permissions apply to.
This is useful when multiple teams operate within the same Domain but should not all manage the same Configuration Items. Business Services do not restrict visibility, but they do limit action permissions to Users with the same Business Service.
Business Services do not affect file transfer execution or UDMG runtime behavior. They apply only to action permissions in the UDMG Admin UI and UDMG REST API.
Before You Begin
How It Works
The following sequence describes how Business Services are created, assigned, and applied:
- A System Administrator or Domain Administrator creates a Business Service and assigns it to themselves (so they can assign it to other Users and Configuration Items).
- The System Administrator or Domain Administrator assigns the Business Service to one or more Users.
- Only System Administrators, Domain Administrators, and Users with the Pipeline Management Role can assign a Business Service to Configuration Items (and only for Business Services assigned to them).
- Once a Business Service is assigned to a Configuration Item, only Users with the same Business Service can manage it (update, delete, or perform actions on it), if their Role permits the operation.
Permission Matrix
| Role | Read Business Services | Create Business Services | Delete Business Services | Assign Business Services to Users | Assign Business Services to Configuration Items |
|---|---|---|---|---|---|
| System Administrator | (must first assign it to themselves) | (only assigned Business Services) | |||
| Domain Administrator | (must first assign it to themselves) | (only assigned Business Services) | |||
| Pipeline Management | (only assigned Business Services) | ||||
| Operator | |||||
| Read-only |
Assignment and Permissions
Business Services are created within a Domain and are first assigned to Users. Users can then assign only their assigned Business Services to Configuration Items:
Users can be assigned multiple Business Services. Configuration Items can be assigned at most one Business Service.
When assigning a Business Service to a Configuration Item, the selection list includes only the Business Services assigned to the current User.
When a Configuration Item has a Business Service assigned, only Users with the same Business Service can manage (Update, Delete, Enable/Disable, Start/Stop, Test, or Reveal) that Configuration Item, if their Role permits the operation.
A User with no Business Services assigned can manage only Configuration Items that also have no Business Service assigned.
Business Services do not affect read-only access. All Users can view Configuration Items and access Record Tables and individual Records. Business Service rules are evaluated only when a User attempts to:
- Update a Configuration Item
- Delete a Configuration Item
- Perform an action on a Configuration Item (for example, Enable/Disable, Test, Start/Stop)
- Reveal a Credential value (via the UDMG REST API)
Example Scenarios
| Scenario | Result |
|---|---|
| Configuration Item has no Business Service | Permissions are defined by Role |
| User and Configuration Item share the same Business Service | Allowed (if Role permits) |
| User has no Business Services and Configuration Item has none | Allowed (if Role permits) |
| User has no Business Services and Configuration Item has one | Denied |
| User does not have the Business Service assigned to the Configuration Item | Denied |
Domains and Business Services
Domains and Business Services are used together to manage administration within UDMG.
Use Domains to separate configuration into semi-independent administrative boundaries. This separation can be based on organizational structure, geographical regions, specific responsibilities, or configuration requirements.
Then, within each Domain, use Business Services to define which Users can manage which Configuration Items.
For example, an organization might use:
- Separate Domains for high-level separation (for example, Marketing and Sales).
- Business Services within each Domain to segment ownership by region (for example, Marketing Europe, Marketing Asia, Sales Europe, and Sales Asia).
In this model, the Domain defines the administrative boundary and contains its own Users and Configuration Items, while Business Services restrict which Configuration Items a User can manage within that Domain (if Role permits).
Adding a Business Service
To add a Business Service, follow these steps:
- From the Sidebar, click General > Business Services.
- Click the Add Business Service button above the Business Services table.
- Fill out the fields for the new Business Service using the Field Descriptions table as a guide.
- Click Add.
Only System Administrators and Domain Administrators can add a Business Service.
Field Descriptions
The following table describes the fields that are configured for the Business Service:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | The name of the Business Service. |
| Yes |
| Description | The description of the Business Service. | No |
Editing a Business Service
To edit a Business Service, follow these steps:
- From the Sidebar, select General > Business Services.
- Click the Name of the Business Service you want to edit.
- Click the Edit button above the Business Service details.
- Edit details for the Business Service using the Field Descriptions table as a guide.
- Click Save.
Only System Administrators and Domain Administrators can edit a Business Service.
Managing a Business Service
Business Service management includes viewing metadata and verifying associated Users and entities.
Viewing Business Service Details
To view the details of a Business Service, follow these steps:
- From the Sidebar, click General > Business Services.
- Click the Name of the Business Service you want to view.
- Review the Business Service details.
Business Service Metadata
Business Service details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Business Service. |
| Version | Version number of the configuration. Every change increases the number. |
| Created | Date and time this Business Service was created. |
| Updated | Date and time this Business Service was last updated. |
Verifying Business Service Associations
To verify which Users and entities are associated with a Business Service, follow these steps:
- From the Sidebar, click General > Business Services.
- Click the Name of the Business Service you want to view.
- Click the Users (#) or Entities (#) tab.
- Review the list of associated Users or entities.
Deleting a Business Service
Deleting a Business Service automatically removes its assignment from all associated Users and Configuration Items. The Users and Configuration Items themselves are not deleted.
To delete a Business Service, follow these steps:
- From the Sidebar, click General > Business Services.
- Click the Name of the Business Service you want to delete.
- Click the Delete button above the Business Service details.
- A warning dialog displays how many associated Users and Configuration Items will be affected by the deletion.
- You will be asked to confirm the deletion. Click Delete.
Only System Administrators and Domain Administrators can delete a Business Service.