Using Enhanced Object Permissions

Neurons for ITSM enables full access rights to the business objects associated with a role when you create it. You have to manually modify the permissions for each role. The enhanced object permissions feature allows you to apply permissions for a role based on the Top Level Tabs and metadata configuration.

Enhanced object permissions do not include Create (For Self) permissions such as Actions, Search and Dashboard in the System Permissions tab. These permissions are user specific, and you must manually apply required permissions to the role. In addition, the Admin role has all permissions granted by default, so the Apply Enhanced Permissions and Remove Enhanced Permissions buttons are not available.

You must select Apply Enhanced Permissions to update the additional permissions when making changes such as publishing dashboards/saved search/Quick Actions, enabling disabled business rules, or changing metadata such as adding fields.

This feature requires you to set the EnableEnhancedObjectPermission global constant to True. After applying enhanced object permissions, you cannot remove or apply enhanced permissions to a role because the Apply Enhanced Permissions and Remove Enhanced Permission buttons are unavailable when you disable the global constant.

Tips for Using Enhanced Object Permissions Feature

  • When you configure a role without including the Employee business object as the top level tab, the View and/or Edit permissions will be granted to the Employee business object due to its dependency on other business objects. Because of this dependency, you can configure the segregation rules to the Employee business object by selecting Edit in the Access column of the Object Permissions workspace.

    The below example restricts the self service user from viewing all records. However, users can update their own Employee data.

  • Configure the fields' permissions based on your business requirement.

  • When configuring the Social Board top level tab, you must provide an Edit permission for the additional fields; the additional fields rely on the Employee business object to update your profile information in the Social Board workspace.

  • Analytic Metrics is independent of enhanced object permissions, and the metrics functionalities will continue to work even if the associated permissions are revoked.