Online Help | Desktop App

Understanding security roles

Updated in 2022.1

Security roles control the following aspects:

Security roles can have a restricted access scope.

Management and administration permissions

A set of special management and administration permissions is granted to the Alloy Navigator administrators through role membership. The full list of the management and administration permissions follows:

  • Administrative Access: These permissions control the level of administrative access to the desktop Settings App and web-based Admin Center:

    • Basic Administrative Access: Allows role members to log in to the Settings App and grants access to other administrative tools such as the Import tool, the Automation Server Manager, and others.

    • General, Security Management, Business Logic Management, etc.: -Control the level of access to the Settings App. Each permission corresponds to an individual section. The Settings App hides unavailable sections from the user.

  • Advanced Administrative Functions: These permissions control access to advanced administrative functions in Alloy Navigator:

    • Batch Update: Allows role members to perform identical changes in multiple records at once. For details, see Batch-updating fields in multiple records.

    • IMPORTANT: You must additionally grant the Modify permission on the objects that will be updated. Otherwise, users will be unable to perform the actual Batch Update.

    • Recurrent Ticket Management: Grants access to the Recurrent Tickets feature. With this permission, users can set up auto-creation of Service Desk Tickets based on a schedule.

    • Local Dashboard Customization: Allows role members to locally customize dashboards. Note that dashboard customization is available only in the Desktop App. For details, see Customizing dashboards.

    • Local Snippets Management: Allows role members to create, modify, and delete their personal snippets. For details, see Using snippets.

    • Shared Snippets Use: Allows role members to use shared snippets. Note that shared snippets are configured in the Settings App by an administrator. For details, see Managing shared snippets.

  • View Management: These permissions control access to shared and local views, as well as the ability to share personal views and export grid data.

    • Shared View Management: Allows role members to create, modify, and delete shared data views, regardless of their ownership

    • Local View Management: Allows role members to create, modify, and delete local data views.

    • Share Views: Allows role members to share personal views and their modifications.

    • Export Views: Allows role members to export data from views. For details, see Exporting grid data.

User access permissions

You can assign security roles to grant technicians certain access permissions on Alloy Navigator objects. User access permissions are grouped by modules and then by object classes.

  • Delete: Allows role members to delete objects.

    NOTE: In order to enable a technician to delete Approval Stages and Approval Requests, you must also grant the Modify permission on the approved objects.

  • Modify: Allows role members to modify objects.

    IMPORTANT: We recommend that all modifications of objects inAlloy Navigator2023 are always implemented through Actions. The Modify permission should be granted to administrators only who have a good understanding of how direct modifications may affect the system.

    NOTE: In order to enable a technician to modify Approval Stages and Approval Requests, you must also grant the Modify permission on the approved objects.

    NOTE: Granting the Modify permission on Products will also enable a technician to create, modify, and delete Vendor Products.

  • View: Allows role members to browse and view objects. The View permission also controls the ability to view commands for accessing the module that house those objects and the reports. For example, technicians without the View permission on Incidents will see neither the link for accessing Incidents in the Sidebar nor the Incidents command in the Go menu in their Desktop App and Web App, will not be able to configure My Calendar to view Incidents.

    NOTE: In order to enable a technician to view Approval Stages and Approval Requests, you must also grant the View permission on the approved objects.

    NOTE: Technicians without the View permission on Brands and Company Addresses will still see the commands for accessing those objects in the Tools > Reference Tables menu because Brands and Company Addressess are not actually "objects" but reference tables. However, Alloy Navigator will not display Brands and Company Addresses grids to those technicians.

    NOTE: Granting the View permission on Products will also enable a technician to view Vendor Products.

  • Manage Activities: Allows role members to modify and delete activity records for a particular object class.

    NOTE: This permission allows to modify and delete only activities whose category is not set to read-only.

  • Management: A special permission for Stock Rooms (objects whose lifecycle is not controlled with workflow). The Management access permission implicitly includes View, Add, Modify, and Delete permissions for viewing and managing Stock Rooms.

Some special user access permissions are grouped under Miscellaneous:

  • Report: The Create, Delete, Modify, and View permissions on Reports allow role members to create, delete, modify reports and report folders, and view the list of reports and generate (run) reports.

    NOTE: In order to enable technicians to generate reports, you must additionally grant the View permission on objects contained in those reports (on Incidents, Computers, Consumables, etc.). Otherwise, these reports will be unavailable for users. For details on reports, see Reports.

  • Announcement: The Management permission for Announcements includes View, Add, Modify, and Delete permissions for viewing and managing Announcements.

  • Customer Satisfaction Rating: These permissions control access to rating information (star ratings and comments) for Incidents and Service Requests, collected from Self Service Portal customers.

    • View All Ratings: Allows role members to view ratings of all tickets.

    • View Own Ratings: Allows role members to view ratings only of their tickets, meaning where the role member is the Assignee.

  • Reference Tables: This is a special group for the Management permission for objects whose lifecycle is not controlled with workflow, i.e., Brands and Company Addresses. The Managementaccess permission implicitly includes View, Add, Modify, and Delete permissions for viewing and managing Brands and Company Addresses.

Availability of workflow Actions

Security roles allow you to control the availability of workflow Actions to technicians. Any Action is available only to technicians who possess one of the roles assigned to that Action. This way, different Actions can be made available to different technical teams or groups, depending on their tasks and responsibilities.

Access scope

If you want a role to grant its members access to only a limited scope of Alloy Navigator objects, you can restrict a role's access scope by organizations or by data segments. This means that for each role you can specify a list of organizations or data segments for which the role will apply.

Security roles with a restricted access scope apply only to objects (such as Computers, Purchase Orders, Tickets) that belong to certain organizations and/or data segments, based on the values of the Organization and Data Segment fields of those objects.