Privileges
Privileges define the parts of Service Desk or Asset Manager that a group or role can access, and which business objects and functions are available to the particular group or role. Users gain privileges when they are added to a group or are given a role.
When you assign privileges to a group or role, you can:
- Enable/disable access to individual business objects and their corresponding toolbar buttons or Tree options. Disabled items are hidden. In addition to business objects, you can also set privileges at the attribute level. This is especially useful if you want to restrict access to certain data, such as payroll information, from certain people.
This means that you can restrict the menu options available to a group, while you can give complete privileges to someone with a supervisor role. - Set read-only, create, update and delete access to the business objects that you have enabled.
Read-only means that the group or role can view an instance of the business object, but they cannot modify it. Create, update and delete enable the group or role to create a new instance of that business object, modify, or remove it respectively. For example, you can set up a group with complete access to incidents, but with read-only access to changes. - Enable/disable access to functions within the business objects.
For example, you may give a group or role with access to the Change business object the ability to Assign the change but not to Close it. - Enable/disable access to the system Configuration components.
Depending on the structure of your organization, it might be useful to prevent most groups or roles from accessing the Configuration components, which should be a supervisory privilege.
You can configure your system so that different groups have access to a different range of commands. Besides group privileges, you may want to assign various users different roles that enable them to perform additional functions in relation to their responsibilities.
When a user belongs to groups or roles that have different sets of privileges, then the user will have the sum of all the available privileges.
For example, if the Incidents group enables users to log and resolve incidents, but not to close them, and the Supervisor role enables users to close incidents, then a user who is assigned to the Incidents group and given a Supervisor role can log, resolve and close incidents.
If you create attributes that contain sensitive information, for example, Payroll information, you can prevent assign privileges to those attributes. You define whether an attribute is privileged using the Object Designer component. You refine them using the Administration component. You do this in the same way as setting standard privileges.