Controlling Access to Objects
Each object class in Alloy Navigator
Create — allows role members to create objects.
Delete — allows role members to delete objects.
NOTE: Several object classes in Alloy Navigator
Expresscan have approval steps in their lifecycle. In order to enable technicians to delete or modify Approval Stages and Approval Requests you must also grant them the Modify permission on such objects.
Modify — allows role members to modify objects.
NOTE: Granting the Modify permission on Products will also enable a technician to create, modify, and delete Vendor Products.
IMPORTANT: We recommend that all modifications of objects in Alloy Navigator
Expressare always implemented through Actions. The Modify permission should be granted only to administrators who have a good understanding of how direct modifications may affect the system. For details, see Controlling Availability of Actions.
View — allows role members to browse and view objects. The View permission also controls the ability to view commands for accessing the module that houses those objects. For example, technicians without the View permission on
Ticketswill see neither the link for accessing Ticketsin the Sidebar nor the Ticketscommand in the Go menu in their Desktop App and Web App, and will be unable to configure My Calendar to view Tickets.
NOTE: In order to enable technicians to view Approval Stages and Approval Requests, you must also grant the View permission on the primary object class in the approval workflow, e.g. on Change Requests.
NOTE: Granting the View permission on Products will also enable technicians to view Vendor Products.
Service Desk > Ticket >Manage Activities— allows role members to modify and delete activity records for Tickets.
Service Desk > Announcement > Announcement Management— a special permission for Announcements. The Announcement Management access permission implicitly includes the Create, Delete, Modify, and View permissions for viewing and managing Announcements.
IT Assets > Consumable > Manage Rules— a special permission for Threshold Notification Rules (their lifecycle is not controlled through workflow). The Manage Rules access permission grants access to the Consumable Management module and implicitly includes the Create, Delete, Modify, and View permissions for viewing and managing Threshold Notification Rules.
Some special user access permissions are grouped under Miscellaneous:
Report — the Create, Delete, Modify, and View permissions for Reports allow role members to create, delete, modify reports and report folders, view the list of reports and generate (run) reports.
IMPORTANT: In order to enable technicians to generate reports, you must additionally grant the View permission on objects contained in those reports (on
Tickets, Computers, Consumables, etc.). Otherwise, these reports will be unavailable for users. For details on reports, see Help: Reports.
Customer Satisfaction Rating — these permissions control access to rating information for
Ticketscollected from Self Service Portal customers. The View All Ratings permission allows role provides the ability to view star ratings and comments for all Tickets. The View Own Ratings permission works similarly, however the scope of visible ratings and comments is limited to Tickets where the person is the Assignee.
NOTE: In order to collect rating information from customers, you must create and maintain a customer satisfaction survey. For details, see How to Create and Maintain Customer Satisfaction Survey.
Reference Tables — this is a special group for the Management permission for objects whose lifecycle is not controlled through workflow, i.e.
Manufacturers, Networks,and Company Addresses. The Management access permission implicitly includes View, Add, Modify, and Delete permissions for viewing and managing Manufacturers, Networks,and Company Addresses.