You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 38 Next »

Roles control access to features and capabilities of the system: not all users can create, read, update, and delete records and tables (admin and security_admin roles have access to all capabilities).

In SimpleOne, roles can be divided into three abstract layers based on their daily duties and powers (roles are sorted in ascending order):

  1. End-users
  2. ITSM Agents
  3. Administrators

You can use standard system roles, or create a new one, depending on the business tasks and demands. To configure role powers and responsibilities, Create an ACL Rule for it.

A user can get a role in many ways. See the Role Inheritance article to learn more.

End-users 


Generally, end-users have no specific role in the system. They are able to raise tickets via Self-Service Portal, track them, add comments, read published articles and external Known Error records. However, end-users cannot use the agent interface and perform any actions. These actions require having specific roles.

Users without a role, such as end-users, are not authorized to access any interfaces except for the Self-Service Portal. If such a user tries to follow the link that leads to the agent interface (for example), they will be redirected to the Service Portal main page.

A user granted with the user role is able to login to the agent interface, but they cannot handle the tasks. This operation is available to employees with common ITSM or admin or special administrative roles.

See the Users article to learn how to grant roles.

ITSM Agents 


ITSM Agents are the employees handling daily tasks in the system, for example, processing Incidents, or Change Requests, or configuring CMDB. For performing these duties, one or more roles should be assigned to the agent based on the tasks and responsibilities.

In SimpleOne, the following ITSM roles are provided:

RoleDescription

ITSM_agent

ITSM Agent can manage tasks (incidents, changes, problems, and requests) and read published KB articles.

ITSM Agent can access articles related to the Knowledge Base.

change_manager

Change Manager can create and update change requests, update the Approval records related to change requests if the approval is not closed (in the Requested state).

This role contains the ITSM_agent role.

problem_manager

Problem Manager can update the Problem and Problem Task records in any state except Closed.

This role contains the ITSM_agent role.

incident_manager

Incident manager can update the Incident and Incident Task records in any state except Closed.

This role contains the ITSM_agent role.

request_manager

Request Manager can update the Service Request and Request Task records in any state except Closed.

This role contains the ITSM_agent role.

cmdb_manager

CMDB manager can create, update, and delete records in the Configuration Management Database.

service_catalogue_manager

Service Catalogue Manager can update the Article records related to services.

service_level_manager

Service Level Manager can update SLM-related records.

service_owner

Service Owner can change the state of any Article related the service they own.


Administrators 


Administrative roles can be divided into two groups:

  1. Administrative roles
  2. Special administrative roles

Specialists with the administrative roles have access to all system features and data and can pass all security checks.

In SimpleOne, there are two administrative roles:

RoleDescription

admin

The System Administrator role.

Admin users have extended privileges and can use nearly all system functions (except for Roles assignment, working with Access Control List (ACL) and User Criteria).

Admin users have access to all data unavailable to regular users.

security_admin

Security Administrator can modify the ACL and access highly secured objects and operations. Session in the security_admin role lasts 1 hour. After that you need to elevate the role once again.

When debugging scripts exception thrown, or any other system error occurs, only users with admin role can see the error message (like shown below):


Special administrative roles are assigned with specific administrative rights without the full privileges of the administrative role. For example, a notification admin can create a notification rule but not the assignment rule.

In SimpleOne, there are several special administrative roles:

RoleDescription

announcement_manager

Announcement Manager can create, update, delete, and publish Announcements.

approval_admin

Approval Administrator can update approval records.

change_manager

Change Manager can update the approval records when these conditions are met:

  • if the item to be approved is a change request OR if the approver is the change manager
  • if the approval state is Requested

import_admin

Import Admin can manage all aspects of imports.

impersonator

Impersonator can impersonate users.

The role does not allow impersonation of admin users. Only admins can impersonate admins.

knowledge_admin

Knowledge Admin can create and update records related to Knowledge Base.

The user cannot update Article records in the Published state – only reading is available.

This role contains the knowledge_agent role.

knowledge_agent

Knowledge Agent can update records related to Knowledge Base in the following cases: 

  • the user is the responsible person
  • the user belongs to the responsible group
  • the user is responsible in the defined parent category

notification_admin

Notification admin can create and update notification rules.

request_manager

Request Manager can update approval records when these conditions are met:

  • if the item to be approved is a request OR if the user is the approver
  • if the approval state is Requested

user_manager

User Manager can create new users and Employees, can add users into groups.

wf_admin

Workflow Admin can create and update workflows in Workflow Editor.

  • No labels