Creating security roles
Updated in 8.7
To create a security role:
Under Users & Security > Accounts and Roles > Roles, click New. The New Security Role form appears.
On the General tab, enter a name for the role (required) and any description (optional). If you plan to assign this role to all new Technician Accounts by default, select the This role will be assigned by default to all newly created Technician accounts check box.
TIP: You can mark multiple roles as default. When you create a Technician Account, all the default roles will be automatically assigned to it.
To grant the role's members full permissions on a particular object, select the check box next to the object's name.
To allow specific actions on an object, double-click the object's name and select the actions the role’s members will be allowed to perform.
TIP: You can expand all nodes on the list of permissions by choosing Expand All from the pop-up menu. To collapse the expanded nodes, choose Collapse All.
Optional: To add members to this role on the fly, click the Members tab, click Add, select the Technician accounts in the Select Accounts window, and click OK.
NOTE: If these accounts are currently in use, your changes will be applied the next time the users log in.
You can restrict access to specific data segments, organizations, or both.
A role with a restricted access scope applies (grants permissions to) only to the objects that have the Data Segment or Organization attribute, and their values match the segments and organizations for which the role allows access to.
INFO: For additional information, see Administration Guide: Controlling the Access Scope.
Click the Access Scope tab.
Click Data Segments and clear the check boxes of the segments you want excluded from the access scope. By default, all segments are included.
NOTE: You manage the list of available data segments in the
Users&Security >Accounts and Roles > Data Segments section. For details, see Managing data segments.
IMPORTANT: Segment-related restrictions apply only to objects that have the Data Segment attribute. The most of Alloy Navigator objects ave this attribute. However, neither Stock Rooms nor Administrative Permissions have the Data Segment field, so any segment restrictions will not affect user access to these entities.
- Click Restrict access to organizations and add the organizations to include in the access scope:
To allow role members access to their own organizations (i.e. the organization which the current user belongs to) and objects within them, select the Allow access to objects within Current User’s Organization check box.
To allow role members access to certain organizations and objects within them, click Add, select the organizations, and click OK. To include sub-organizations, select them explicitly, even if the parent organization is already selected.
NOTE: Organization-related restrictions apply only to organization-related objects(Assets, Computers, Configurations, Consumables, Contracts, Documents, Hardware, KB Articles, Library Items, Networks, Organizations, Persons,Tickets (Change Requests, Incidents, Problems, Service Requests, Work Orders) , Purchase Orders (with their Purchase Order Items), Software Licenses, Tracked Software).