Use the Rights tab in the Security Group Manager to define the
access to
CSM functionality for a Security Group.
Good to know:
- Functionality security rights control access to
CSM functionality (example: Allowing a user/customer in a Security Group
access to global Dashboards).
- To make items easy to find, functionality is organized by
category/subcategory (example: Dashboards/Global Dashboards).
- For a detailed description of each security right, see
Security Rights Reference.
To define functionality security rights:
- Open the Security Group Manager.
- From the
Group drop-down list, select the
Security Group that you want to define rights
for (example: Admin).
- Select the
Rights tab.
- Select the
CSM functionality
Category that you want to set rights for
(example: Dashboards, Calendars). Notable categories include:
Default right |
Sets default rights for all functionality in a Security
Group. This default is also used for any new functionality that is added in
future versions of
CSM.
Note: The defaults only affect untouched functionality; if you
have already set specific functionality rights, those rights override the
default. You can override the default at any time by manually setting
functionality rights.
|
Application rights |
Houses basic
CSM functionality rights, such as Table Management, Grid/Toolbar/Task
Pane, and personalization.
|
Access Service Monitor |
Grants access to the Service Monitor. |
E-mail Accounts
|
Defaults all new accounts to allow for all groups. You can
deny permissions on a per account basis. |
Security features |
Houses security
feature rights, such as system settings, role/team management, and SAML
settings. |
Sites |
Houses Portal Site
rights. |
A list of associated subcategories displays below the
category.
- Subcategory: Select the functionality that
you want to set permissions for. The available rights show as check boxes below
the subcategory. Rights vary by functionality but include a combination of the
following:
View |
Item can be viewed |
Add |
New item can be added |
Edit |
Existing item can be
modified |
Delete |
Item can be
deleted |
Allow |
Action/access is
allowed |
Run |
Item can be run |
Open |
Item can be opened |
View rights expression |
Item has conditional rights based on an Expression |
Use default
|
Item uses default rights |
Note: Many rights are scope-related (user, role, team, global),
meaning they allow/deny access to an item based on an intended audience.
- Select the
rights check box to allow this Security Group
permission to perform the action. Clear the check box to deny permission.
- Select
Save.
Example: To deny the Service Desk Security Group access to the
Cherwell Administrator module:
- Open the
Security Group Manager.
- Select the
Rights tab.
- Select the
Security features category.
- Select the
Run the administrator tool? security right.
- Clear the
Allow check box.