When designing a security strategy, consider security rights, licenses, users and customers, record ownership, and scope.
Like everything in CSM, access to Security functionality is controlled through security rights (that is, you need security rights to manage security rights). If you cannot View, Add, Edit, or Delete Security functionality, check your security functionality rights in CSM Administrator (Security > Edit Security Groups > security group > Rights > security group.
License consumption varies depending on the product, who logs in (user or customer), and which tasks each person performs. Consider your licensing needs when setting up security (especially when considering record ownership rights and reserving licenses).
Users (service desk professionals working in CSM) and customers (end users using the CSM Portal to conduct self-service activities) perform different functions in CSM and, therefore, require different security. Users require access to functionality and data based on their Role as workers in the CSM system. Customers require access to functionality and data based on their Role as initiators of a Service or Product. To facilitate this, CSM provides User and Customer Security Groups.
Different record ownership rights can be set to extend/deny access to users and customers, managers, departments, Teams/Workgroups, and Team/Workgroup managers. Be sure to consider the implications of Relationships and setting different rights based on ownership.
Scope is the intended audience for a CSM item (example: the Dashboard is intended for everyone on a specific Team). CSM scopes include User, Role, Team, Global, System, Blueprint, and Site. When creating CSM Items and defining default settings, be sure to consider how scope affects access.