Define Business Object Rights (Access to Data)
Use the Business Objects tab in the Security Group Manager to define access to CSM data for a Security Group. Business Object security rights control access to:
- General data: Security Group can access (view, add, edit, delete) data in a Business Object. Business Object rights can be set at the Business Object or field level.
- File Attachments: Security Group can access (view, add, edit, and delete) Business Object record Attachments.
Different record ownership rights (both user and customer) can be set to extend/deny access to managers, departments, teams/workgroups, and team/workgroup managers.
To define Business Object security rights:
- Open the Security Group Manager.
- In the Group drop-down list, select the Security Group for which you want to define rights (example: Admin).
- Select the Business Objects tab.
- In the
Business Object drop-down list, select the
Business Object for which you want to set
rights. You can also select individual fields within the Business Object.
Tip: To set default rights for all Business Objects/fields in a Security Group, use the New Business Objects and New Field Rights options. These defaults are also used for any new Business Object/field created in a Blueprint. The defaults only affect untouched Business Objects/fields; if you have already set specific rights for a Business Object/field, those rights override the defaults. To override the defaults at any time, manually set rights for a Business Object/field. To restore a Business Object so that it uses default rights, use the Reset Rights options on the Options menu.
The available Business Object rights show as check boxes to the right of Business Object/fields.
- Define
General rights:
- Select a check box to give a user permission to perform the
operation. Clear the check box to deny permission. Rights include any
combination of the following:
- View: Data/record can be viewed.
Important: General View rights must be given to the Approval Business Object to allow approvals to be displayed.
- Add: Data/record can be added.
- Edit: Data/record can be modified.
- Delete: Data/record can be deleted.
- Can edit Closed:
Data/record can be edited when it is in a Closed
state of a lifecycle that was created using the
About Business Object Lifecycles.
Note: If your Business Object has a legacy lifecycle attached, this check box is named Can edit final state. Either of these options are only available if the Business Object has a final state, such as Closed.
- Can change Closed to Reopened:
Data/record can be changed from Closed to Reopened
for a lifecycle that was created using the
About Business Object Lifecycles.
Note: If your Business Object has a legacy lifecycle attached, this check box is named Can change the final state to the recall state. The data/record can be changed from its final defined state to a different lifecycle state. This option is only available if the Business Object has a final state (example: Closed) and a recall state (example: Reopened). The main reason to force users to change from a final state to a specific recall state is to ensure that changes are logged, and to trigger any special Automation Processes that need to be run when a record is recalled. Field rights are limited to View and Edit; Business Object rights vary depending on the lifecycle support.Tip: It is a very common mistake to set view/edit rights for a Business Object but forget to set view/edit rights for fields, so the user still cannot edit any fields. The most straightforward way is to edit the New Field option for a Business Object, because that applies to any fields for which rights have not been set.
- Limit records based on criteria: Data is limited based on a defined criteria. Even though you can define complex queries, it is recommended that you limit the queries to ones using only fields from the Business Object being limited, or fields in 1-1 Related Objects (example: Members of the network Security Group might be limited to seeing Incidents with the category of Networking. If a criteria is applied, then only records that meet that criteria are seen by the user. Not only are searches limited, but Dashboard Widgets show only included records, as do reports, and all other features of the system).
- View: Data/record can be viewed.
- Select a check box to give a user permission to perform the
operation. Clear the check box to deny permission. Rights include any
combination of the following:
- Define
Encrypted Fields rights:
- View: Encrypted fields can be viewed (can run the decrypt command on encrypted fields).
- Edit: Data can be entered into encrypted fields in new records.
- Define
File Attachment rights:
- Select a check box to give a user permission to perform the
operation. Clear the check box to deny permission. Rights include any
combination of the following:
- View: Attachments can be viewed.
- Add: Attachments can be added.
- Edit: Attachments can be modified.
- Delete: Attachments can be deleted.
- Select a check box to give a user permission to perform the
operation. Clear the check box to deny permission. Rights include any
combination of the following:
- (Optional) Different rights based on ownership:
Select this check box to set different rights based on
ownership.
Note: Record ownership is an important concept in CSM because it affects security and licensing, and it differs depending on whether the owner is a user or a customer. Be sure to understand the complexities of ownership.
- Select
Save
.