Administration Guide

Controlling Access to Objects

Each object class in Alloy Navigator offers granular permissions for controlling the interaction of technicians with these objects.

  • Delete — allows role members to delete objects.

    NOTE: Several object classes in Alloy Navigator can have approval steps in their lifecycle. In order to enable technicians to delete or modify Approval Stages and Approval Requests you must also grant them the Modify permission on such objects.

  • Modify — allows role members to modify objects.

    NOTE: Granting the Modify permission on Products will also enable a technician to create, modify, and delete Vendor Products.

    IMPORTANT: We recommend that all modifications of objects in Alloy Navigator are always implemented through Actions. The Modify permission should be granted only to administrators who have a good understanding of how direct modifications may affect the system. For details, see Controlling Availability of Actions.

  • View — allows role members to browse and view objects. The View permission also controls the ability to view commands for accessing the module that houses those objects. For example, technicians without the View permission on Incidents will see neither the link for accessing Incidents in the Sidebar nor the Incidentscommand in the Go menu in their Desktop App and Web App, and will be unable to configure My Calendar to view Incidents.

    NOTE: In order to enable technicians to view Approval Stages and Approval Requests, you must also grant the View permission on the primary object class in the approval workflow, e.g. on Change Requests.

    NOTE: Granting the View permission on Products will also enable technicians to view Vendor Products.

  • Manage Activities— allows role members to modify and delete activity records for a particular object class.

    NOTE: This permission allows role members to modify and delete only activities whose category is not set to read-only. For details, see Managing the Category Lookup List.

  • Management — a special permission for Stock Rooms (their lifecycle is not controlled through workflow). The Management access permission implicitly includes View, Add, Modify, and Delete permissions for viewing and managing Stock Rooms.

Some special user access permissions are grouped under Miscellaneous:

  • Report — the Create, Delete, Modify, and View permissions for Reports allow role members to create, delete, modify reports and report folders, view the list of reports and generate (run) reports.

    IMPORTANT: In order to enable technicians to generate reports, you must additionally grant the View permission on objects contained in those reports (on Incidents, Computers, Consumables, etc.). Otherwise, these reports will be unavailable for users. For details on reports, see Help: Reports.

  • Announcement — the Management permission for Announcements implicitly includes View, Add, Modify, and Delete permissions for viewing and managing Announcements.

  • Customer Satisfaction Rating — these permissions control access to rating information for Incidents and Service Requests collected from Self Service Portal customers. The View All Ratings permission allows role provides the ability to view star ratings and comments for all Tickets. The View Own Ratings permission works similarly, however the scope of visible ratings and comments is limited to Tickets where the person is the Assignee.

    NOTE: In order to collect rating information from customers, you must create and maintain a customer satisfaction survey. For details, see How to Create and Maintain Customer Satisfaction Survey.

  • Reference Tables — this is a special group for the Management permission for objects whose lifecycle is not controlled through workflow, i.e. Brands and Company Addresses. The Management access permission implicitly includes View, Add, Modify, and Delete permissions for viewing and managing Brands and Company Addresses.