You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

Roles control access to features and capabilities of the system (admin and security_admin roles have access to all capabilities).

In SimpleOne, roles can be separated into three abstract layers based on their daily duties and powers (roles are sorted in the ascending order):

  1. End-users;
  2. ITSM Agents;
  3. Administrators.

You can use standard system roles, or create a new one, depending on the business tasks and demands. To configure role powers and responsibilities, Create an ACL Rule for it.

The role can be designated to a user in many ways (they were described in the Role Inheritance article).

End-users


Generally, end-users have no specific role in the system. They are able to raise tickets via Self-Service Portal, track their progress, add comments, but they can neither use the administrative interface nor perform any actions in it due to a lack of specific roles.

A user granted with the user role is able to login to the administrative interface but he cannot handle any tasks available to employees with common ITSM or admin or special administrative roles. To make him more authorized for this tasks, you need to grant him a role from the list below, depending on business needs.


Users without a role, such as end-users, are not authorized to access any interfaces except for the Self-Service Portal. If such a user tries to follow the link that leads to the agent interface (for example), he will be redirected to the Service Portal start page.

ITSM Agents


ITSM Agents are the employees handling daily tasks in the system, for example, processing Incidents, or Change Requests, or configuring CMDB. To perform these duties, one or more roles should be designated to the agent, based on his tasks and responsibilities.

In SimpleOne, we have the following specific sub-roles within ITSM agents role:

RoleDescription
ITSM_agent

ITSM Agent can perform standard actions for an ITSM agent (like opening, updating, and closure incidents, changes, problems, and requests).

It's a parent role for other ITSM-related activities roles.

change_managerChange Manager Can change the values of all fields in any Change Request, Change Task, Approval Ticket in any status except closed.
cmdb_managerCMDB manager can create, read, update, and delete records in Configuration Management Database.
incident_managerIncident manager can change the values of all fields in any Incident, Incident Task in any state except Closed.
problem_managerProblem Manager can change the values of all fields in any Problem, Problem Task in any state except Closed.
request_managerRequest Manager can change the values of all fields in any Service Request, Request Task in any state except Closed.
service_catalogue_managerService Catalogue Manager can change the state of any Article related to any Service specification (Internal or External).
service_level_managerService Level Manager can edit SLM related records (Agreement Commitment, Commitment Type, Timepoint Indicator, Timeframe Indicators).
service_ownerService Owner can change the state of any Article related to Service specification (Internal or External) of the owned Service.


Administrators


Administrative roles can be divided into two groups:

  1. Administrative roles;
  2. Special administrative roles. 

Specialists designated with the administrative roles have access to all system features and data and can pass all security checks.

In SimpleOne, there are two administrative roles:

RoleDescription
admin

The System Administrator role. This role has access to all system features, functions, and data.

security_adminGrant modification access to High-Security Settings, allow a user to modify the Access Control List.

Special administrative roles are able to be granted with specific administrative rights without the full privileges of the administrative role. For example, a notification admin can create a notification rule but not the assignment rule.

In SimpleOne, there are several special administrative roles:

RoleDescription
announcement_managerCan create, edit, retire, and publish Announcements.
import_adminCan manage all aspects of imports (including import sources, import sets, transform maps, and fieldsets).
impersonatorCan impersonate users. It does not allow impersonation of admin users.
notification_adminCan create and edit notification rules.
user_managerCan create new users and Employees, can add users into groups.
wf_adminCan create and edit workflows in Workflow Editor.

  • No labels