Define Functionality Security Rights (Access to Functionality)

Use the Rights tab in the Security Group Manager to define the access to CSM functionality for a Security Group.

Good to know:

  • Functionality security rights control access to CSM functionality (example: Allowing a user/customer in a Security Group access to global dashboards).
  • To make items easy to find, functionality is organized by category/subcategory (example: dashboards/global dashboards).
  • For a detailed description of each security right, see Security Rights Reference.

To define functionality security rights:

  1. Open the Security Group Manager.
  2. From the Group drop-down list, select the Security Group that you want to define rights for (example: Admin).
  3. Select the Rights tab.
  4. Select the CSM functionality Category that you want to set rights for (example: Dashboards, Calendars). Notable categories include:
    Default rightSets default rights for all functionality in a Security Group. This default is also used for any new functionality that is added in future versions of CSM.

    The defaults only affect untouched functionality; if you have already set specific functionality rights, those rights override the default. You can override the default at any time by manually setting functionality rights.

    Application rightsHouses basic CSM functionality rights, such as Table Management, Grid/Toolbar/Task Pane, and personalization.
    E-mail Accounts Defaults all new accounts to allow for all groups. You can deny permissions on a per account basis.
    Security featuresHouses security feature rights, such as system settings, role/team management, and SAML settings.
    SitesHouses Portal Site rights.

    A list of associated subcategories displays below the category.
  5. Subcategory: Select the functionality that you want to set permissions for. The available rights show as check boxes below the subcategory. Rights vary by functionality but include a combination of the following:
    View Item can be viewed
    AddNew item can be added
    EditExisting item can be modified
    DeleteItem can be deleted
    AllowAction/access is allowed
    Run Item can be run
    Open Item can be opened
    View rights expressionItem has conditional rights based on an Expression
    Use default Item uses default rights

    Many rights are scope-related (user, role, team, global), meaning they allow/deny access to an item based on an intended audience.

  6. Select the rights check box to allow this Security Group permission to perform the action. Clear the check box to deny permission.
  7. Select Save.

Example: To deny the Service Desk Security Group access to the Cherwell Administrator module:

  1. Open the Security Group Manager.
  2. Select the Rights tab.
  3. Select the Security features category.
  4. Select the Run the administrator tool? security right.
  5. Clear the Allow check box.