Open topic with navigation

Configure > Setting Up the Application > Users > Roles

About Roles

The Role Workspace

The system assigned at least one role to all HEAT users of the type employee. Users can have multiple roles. The system uses roles to define responsibilities for the users as they work within the application.

A roleDevice-specific perspectives and activated modules designed to enable users to see modules and perspectives relevant to their work or position. Individual users log in using a selected role. consists of device- or function-specific application access to various workspaces, business objects, and fields. When you create users, you assign them to a specific role. These roles are available to the user upon logging in. When a role is selected, it determines the default set of user interfaces (forms, dashboards, and their controls) available to the user.

HEAT contains a default set of roles organized by common user functions, including administrator, Service Desk Analyst, and various manager roles. Access to modules and features (security rights) and access to business objects and fields (business object rights) are based on the user's role. You can customize these roles or create entirely new ones.

For example, a user logging into HEAT under the Change Manager role might view a layout of the change form that differs from the change form seen by a technician, in addition to dashboards displaying change request data recorded by the system over the last day and trending information for the week. The role can also be linked to a specific device, letting users log on in a role that views dashboard data for layouts for that machine.

ClosedViewing Roles
1. Within the Configuration Console, open the Roles workspace. The list of available roles appears.

--or--

Log into the Service Desk Console as an administrator and open the Role workspace.

2. Double-click a role name to view the list of users assigned to that particular role.

Sample List of Administrators

3. Within the Configuration Console, open the Roles and Permissions workspace. The list of available roles appears with the following information:
Field Description
Role Name The name of the role as stored within the business object.
Display Name The name of the role as displayed in the HEAT interface and in pick lists.
Tabs A list of the available tabs (user interfaces) available for display for users assigned to this role. Hover over a table cell to display a complete pop-up list of the tabs assigned to the particular role.
Users Click Find Users on any row to open the Role workspace, from where you can view the list of employees who are in that particular role.
Action Click Clone to create another role with the same attributes. You must provide a unique name for the new role.
ClosedCreating a Role

You can create roles that appear within the application role lists, such as when defining a quick action. New roles do not appear in the main login drop-down list. Therefore, users must be associated with one of the default roles before they can be linked to a created role.

1. Within the Roles and Permissions workspace, click Add New.... The Role Details page appears. The following default tabs appear (results may vary depending on your system setup):
2. Enter options.
Closed-options-
Option Description

Show "Talk with Agent" button (applicable for Self Service only)

Places a Talk with Agent button in the header bar of the role interface. This only applies to the Self Service role.

Overwrite default branding options with the options listed below

Enables selections within the Branding Options section.

New UI

Uses the new HEAT user interface. If not selected, the system displays the original user interface.

Self Service Role

Defines this role as Self Service.

Branding Options

These options only apply to the Self Service role.

Logout Button

 Shows the Logout button.

Change Password Button

Shows the Change Password button.

Show "Report an Issue" button

Shows the Report an Issue button.

New Window Button

Shows the New Window button.

Select Workspace Button

Shows the Workspace button.

Help Link

Shows a button the enables users to access this online help.

Change Role Button

Shows a button that enables users to change roles.

Change Logo

You can select a different logo for any role. By default, each role uses the original logo defined for the application (see Using the Style Editor).

1. Click Change Logo. The file navigation window appears.
2. Navigate to a logo and click Open. The updated logo appears.
3. Click Save from the toolbar. Users of that role will see the logo in the top left corner of their window.
4. To revert to the original default logo, click Reset Logo.

Top Links and Bottom Links

You can define external links to be visible at the top of Self Service pages. For example, you can direct customers to pages to download software updates or to access an external knowledge base.

1. Click Add Item to add a table row for defining a top link. This icon only appears when you check Overwrite default branding options with the options listed below.
2. Enter information into the fields.
Field Description

Title

The display name for the link.

URL

A valid URL to be used as the link target, such as http://www.frontrange.com.

New Window

Displays the link in a new browser window.

Pass Single Sign-on Info

Passes single sign-on information if working within a secured environment.
3. Click Save from the toolbar.
ClosedTop Level Tabs

In HEAT, the top-level tabs contain the user interfaces that are available to the user upon logging in. User interfaces, shown as additional tabs at the top of the Service Desk Console, combine forms for recording information for your company, the dashboards which display the compiled metrics, and their controls.

For example, an Incident Manager can view a Home tab containing several dashboards displaying metrics for incidents according to status and ownership. In addition, the Incidents tab contains a grid that lists existing incidents, a record display area with details for a selected incident, and a toolbar allowing the Incident Manager to create a new incident, change its status, or take additional actions.

1. From Top Level Tabs, click Add New Tab. The list of workspace types appears.
2. Click the workspace type that you want. The tab preferences page appears.
3. Select options.
Options Description

The Tab is Available

Gives this role access to this workspace, but the tab might not be initially visible.

The Tab is Initially Visible

Gives this role access to this workspace and the tab is initially visible.

The Tab Can Be Closed by User

Gives this role access to this workspace, and the tab contains a Close button (X).

Search tags

Search tags to use within the dashboard configuration.

Show Toolbar

Allows this role to see the search toolbar.

4. Click Add this Tab.
5. Click Save from the toolbar. The system saves the settings.
ClosedObject Permissions

Specify the view for a role view and read-access rights for business objects. Unlike regular object permissions, the Object Permissions page allows you to apply data-segregation security constraints. You can specify security rights based on the data and relations within the business object and within the business object of the current user.

For example, administrators may be able to view and modify data in any record, while members of the support role may not be able to view private information such as a social security number.

The application of the data-segregation security organizational unit constraint to a role can affect your saved searches. You may need to modify your search parameters to reflect these constraints.
1. From the Object Permissions tab, select the object (for example, address) for which you want to change permissions. The list of permission selections appears.
2. Select the permissions for the role for each appropriate object.
Closed-permissions-
Permission Description

Add

Adds data to a selected business object.

View

Views data in a selected business object.

Edit

Manipulates data in a selected business object.

Delete

Deletes data in a selected business object.

Lifecycle

Click Edit, then check Allow Editing to enable the role user to edit the object in the final state.

For more specific rights, you can expand an object in the table and set rights for specific business object components:

  • Object fields.
  • Object links to the Profile.Employee (employee profile) object.
  • Linked Profile.Employee object fields.
  • Relationships linking the object to Profile.Employee (such as the CAB in change).
  • Object links to objects or hierarchies that are also related to Profile.Employee.

Access

Click Edit, then click Add a new case... to define advanced security criteria. For example, you can create a definition to make an incident be view-only when it is closed. The match can be based on literal, validated, or numeric input. You also can specify a match when the field is empty.

You can match against:

  • Your own Profile.Employee business object.
  • Multiple objects (one-to-many relations of Profile.Employee).
  • A hierarchy of objects (relation to a hierarchical object).

When defining multiple cases, the object-matching logic uses the case with the widest application in the event of a conflict. When roles are combined, their access cases are combined. If one role has unrestricted access (no cases) for an object, the cases are not combined and the merged role maintains its unrestricted access to the object.

Enter the criteria, then click Update.
3. Click Save from the toolbar.
ClosedSystem Permissions

You can assign default permissions for sharing items with other roles. By publishing permissions, you can define dashboards, quick actions, or searches within one role and allow assigned users to share them with another role.

1. Select the System Permissions tab.
2. If you are working in a Managed Service Provider (MSP) environment, select Apply MSP Security to apply a combination of the user's tenant and organizational unit security access to this object when logging in with this role.
This option is visible only to MSP providers who have had the MSP database enabled by FrontRange Solutions.
3. Select options for the role.
If a role does not have permission to create quick actions, saved searches, or dashboards (and its parts), users in that role cannot create them. If a role does not have permission to edit quick actions, saved searches, or dashboards (and its parts), users in that role cannot edit them.
 

Create (for self)

Edit (for all)

Delete (for all)

Quick Action

Create, edit, and delete quick actions created by the user.

Create personal quick actions and edit quick actions created by other users.

Delete quick actions created by other users.

Search

Create, edit, and delete saved searches created by the user.

The user cannot publish to any other roles.

Create personal searches and edit saved searches created by other users. The user can publish to other roles.

 

The system displays an Edit button next to the saved search.

 

The user can view dependencies (to see if the saved search is being used in other areas, such as dashboard parts).

Delete saved searches created by other users.

 

The user can view dependencies (to see if the saved search is being used in other areas, such as dashboard parts).

Dashboard

Create, edit, and delete dashboard and dashboard parts created by the user.

Create and edit dashboard and dashboard parts created by other users.

Delete dashboard and dashboard parts created by other users.
4. Select the roles that have permissions to publish (or save) from the Allow Publishing drop-down lists:
  • Quick actions

  • Searches

  • Dashboards
  • Reports
Publishing to other roles is enabled only if edit permissions are selected for the role.
5. Click Save from the toolbar.
The system permissions are in effect for the user role after they log out then log back in.
ClosedPermissions to Grant Roles

You can assign the ability to link a role to another user. For example, a Service Desk Manager may need the ability to assign supporting roles within the service organization, such as Service Desk Analyst.

1. From the Permissions to Grant Roles tab, check the linked roles that you want.
2. If needed, check This role can log into administration tool: to permit users with this role to log into the Configuration Console. For example, a management-level employee may need access to the Configuration Console to edit a form or layout. In this case, you need to apply additional restrictions to this role.
Because it provides access to the Configuration Console, we recommend that you severely restrict the use of this permission. In a default installation, the system limits this permission to administrators.
3. Click Save from the toolbar.
ClosedModifying Roles
1. From the Roles and Permissions workspace, select the role to modify.
2. Edit the role using the options described above.
3. Click Save from the toolbar.
ClosedDeleting Roles

You can delete any role, including HEAT default roles.

Do not delete the administrator role, as this could prevent access to the Configure Console.
1. Open the Roles and Permissions workspace.
2. From the far right column, click Delete in the row of the role to delete.
ClosedCloning Roles

You can create a copy of an existing role. For example, you could clone the basic settings for a Service Desk Analyst, then customize the role by changing its associated dashboards or security settings.

1. From the Roles and Permissions workspace, click Clone corresponding to the role that you want to clone. The clone role window appears.
2. Enter a unique name for the role, then click OK.

The new role appears in the role list.

ClosedLinking Users to a Role

For information on adding users to a role, or linking and unlinking users, see Linking Roles to an Employee.

ClosedFinding Role Users

You can view a list of users assigned to a specific role by doing the following:

1. From the Configuration Console, from the User Management workspace toolbar, click Roles. The list of roles appears.
2. Click Find Users corresponding to the role that you want to clone. The list of users linked to this role appears.
3. Click New to create a new user record to link to this role.
4. To remove a user from a role, select the user on the list, then click Delete.
5. Click Link to link the selected user to another user. Select the other user from the list, then click Select.
6. Click Unlink to break the link between the selected user and the role.
7. Click Go to to view the details of the selected user.

Related Information

Assigning Layouts (Workspaces) to Roles

Topics

Error Messages

Examples

Give an SDA Access to Assigned Incidents

Give an SDM Access to Incidents for an OU

Give Self Service Access to Submitted Incidents

Give an SDA Access to Incidents Assigned to an OU

Submit a Request on Behalf of a Customer

Tasks

Using Employees

Using Contact Groups

Using Departments

Using Teams

Change Roles

Knowledge Management Roles

Problem Management Roles

Release Management Roles

Service Request Roles

Reference

Using the Contact Store

Using External Contacts

Using the Identity Store

Employment Type

Administrator Tasks

Change Manager Tasks

Configuration Manager Tasks

Executive Tasks

Guest Tasks

Inventory Manager Tasks

Knowledge Manager Tasks

License Manager Tasks

Problem Manager Tasks

Release Manager Tasks

Report Manager Tasks

Self Service Tasks

Service Desk Analyst (SDA) Tasks

Service Desk Manager (SDM) Tasks

Service Owner Tasks

Schedule Entry

Copyright © 2011-2014 FrontRange Solutions USA Inc. | All Rights Reserved