Creating and Maintaining Security Roles

Before creating Technician accounts, you must consider the tasks that technicians should perform in Alloy Navigator, and determine what security roles must be granted. It is important to have a role strategy in place before you create roles.

Alloy Navigator’s default workflow offers you the following administrative roles:

• Administrator — The Administrator role is for the Alloy Navigator “super administrator.” This role grants all Management and Administration permissions and unrestricted access to all Alloy Navigator objects.

  NOTE: The predefined Administrator role is granted to the initial Technician account when you create the Alloy Navigator database. For details, see Predefined Administrator Role.

• Administrator (Log Management) — The Administrator (Log Management) role is for an Alloy Navigator administrator who views and manages Alloy Navigator logs.

• Administrator (Security) — The Administrator (Security) role is for an Alloy Navigator administrator who is in charge of security management. This role grants administrative access only to the single Accounts and Roles section, where role members can manage accounts, roles, and user sessions.

• Administrator (Services) — The Administrator (Services) role is for an administrator responsible for configuring Alloy Navigator services such as the Alloy Discovery Integration and the Mail Connector. This role grants administrative access to the Services section of the Settings and provides all advanced administrative functions.

• Administrator (Views/Dashboards) — The Administrator (Views/Dashboards) role is for an Alloy Navigator administrator who creates and shares views and dashboards. This role restricts administrative access to the Dashboard Management and Shared Views sections and grants all administrative permissions.

• Administrator (Workflow) — The Administrator (Workflow) role is for an Alloy Navigator workflow manager. This role gives administrative access to the Workflow and Business Logic section of the Settings.

Your strategy for non-administrative roles depends on IT business processes in your organization. Alloy Navigator’sdefault workflow provides a wide collection of roles, such as Asset Manager, Change Request Manager, Change Request Technician, Helpdesk Manager, Helpdesk Technician, etc., that are generally sufficient for many organizations. You can keep the defaults, customize these roles needed, or create your own roles.

NOTE: The default workflow pack includes the least-privileged Viewer role. This role grants the View permission to all objects, allowing its members to view all Alloy Navigator objects in read-only mode.

TIP: The Viewer role is used as the default role for all newly created accounts for technical staff members. However, you can use a different default role, make several default roles, or you can have no default roles at all. For details, see Modifying Security Roles and Creating Technician Accounts.