Introducing Roles – Build Your Own Profiles and Permissions
We are delighted to introduce Roles, our latest feature that allows you to better control who in your company can access your data by creating your own roles and permissions.
With Roles, you can now extend access to departmental and organizational users and control what data they are allowed to view and modify. Your IT administrator from the London office can only view asset inventory and service requests relating to her site, and the purchasing officer from Chicago can only modify contracts belonging to the Chicago office. Roles gives you the flexibility to determine a security model that meets your organization needs and provides complete control over your SAManage account. With Roles you can:
- Create roles with view-only or update permissions relating to any object
- Scope users’ access to sites and departments they are part of
- Control who can access the account’s setup and administration sections
To help you get started we created a few default roles in your SAManage account:
- Administrator – can access all modules, view and modify all data and account’s settings
- User – can access all modules, view and modify all data
- Portal User – can access the self-service portal – these are typically your company’s employees
- Read Only – can view all objects
- HR User – restricted to the HR service desk
- Facilities User – restricted to the facilities service desk
- User’s site – can only access her own site / department
How it works
When you create a new role, you define the Permissions and Restrictions associated with that role. Order is important as the entries on top have a higher priority. Each permission or restriction will have a number of properties:
- Actions controls the level of access – manage means complete control, read, create, update or delete are also available.
- Subject defines the object which the permission or restriction relates to, for example incidents, assets, computers, all objects etc.
- Scope restrict the role to a site or department – select a specific site or use the user’s site from the profile record.
A typical role in SAManage will have a Permission to access a certain object and then one or more restrictions:
For example, the default “user” role in the system will have permission to manage all and a restriction from accessing the setup section:
Use Cases and Examples
[hs_action id=”10349″]Introducing Roles – Build Your Own Profiles and Permissions Click To Tweet