Using Enhanced Object Permissions

Neurons for ITSM enables full access rights to the business objects associated with a role when you create it. You have to manually modify the permissions for each role. The enhanced object permissions feature allows you to apply permissions for a role based on the Top Level Tabs and metadata configuration.

If you disable the EnableEnhancedObjectPermission Global Constant after applying enhanced object permissions, you cannot remove or apply enhanced permissions to a role. Because the Apply Enhanced Permissions and Remove Enhanced Permission buttons will not be available when you disable the Global constant. Then you must manually modify the permissions.

Tips for Using Enhanced Object Permissions Feature

When you configure a role without including the Employee business object as the top level tab, the View and/or Edit permissions will be granted to Employee business object due to its dependency on other business objects. Because of this dependency, you can configure the segregation rules to the Employee business object by clicking Edit in the Access column of the Object Permissions workspace.

Below example restricts the self service user from updating all records. However, the user can update his/her own Employee data.

You can configure the fields permissions based on your business requirement.

When configuring the Social Board top level tab, you must provide Edit permission to the additional fields. Because the additional fields rely on the Employee business object to update your profile information in the Social Board workspace.

For example, see below:

Analytic Metrics is independent of enhanced object permissions and the metrics functionalities will continue to work even if the associated permissions are revoked.