nService user authorization (i.e. access control) is based on groups. Each service in the service catalog has four groups defined: user group, tier 1 technician group, tier 2 technician and administrator group. Services that don’t have these groups defined inherit them from their ancestors. If a service inherits the groups, it inherits all groups. Services, service requests, products, knowledge baseModule | Action Right | User Group | Technician Groups | Service Administrator Group | System Administrator Group | Services | Submit service requests for this service. | Yes | Yes | Yes | Yes | Add, edit, respond to, assign, close service requests of this service. Run reports. | No | Yes | Yes | Yes | Delete service requests of this service; Edit, move and delete the service; Add, edit, delete the request routing and notification rules, statuses and priorities of this service. | No | No | Yes | Yes | Products | Can select the product in service requests. | Yes | Yes | Yes | Yes | Add, edit, delete, move products and sub-categories. | No | No | Yes | Yes | Knowledge Base | View knowledge articles and question & answer wizards. | Yes | Yes | Yes | Yes | Add and edit knowledge articles and question & answer wizards. | No | Yes | Yes | Yes | Delete and move knowledge articles and question & answer wizards; Add, edit, delete, move knowledge folders. | No | No | Yes | Yes |
Users, assets, groups and organizational unitsUsers, assets and groups can be placed in to OUs (organizational units). Once they are there, they are mainly managed by the adminitrators of their OU. Users, assets and groups outside of any OU can be managed by any service technician. Action Right | Users | Service Technicians | Organizational Unit Admin Group | System Admin Group | Browse organizational unit tree | Employees | Yes | Yes | Yes | Add, edit, delete and move organizational units | No | No | No | Yes | Add, edit users, groups and assets in an organizational unit | Edit Self | No | Yes | Yes | Delete users, groups and assets in an organizational unit | No | No | Yes | Yes |
| Action Right | Users | Organization Admin Users | Service Technicians | System Admin Group | Add, edit users not in any organizational unit | No | Yes, within his organization | Yes | Yes | Delete users, groups and assets not in any organizational unit | No | Yes, within his organization | No | Yes |
Organization admin users are designed for organizations other than the website owner. They don’t have any meaning in the organization that owns the website. It is designed to let the companies that you serve to manage their own users. Organizations, sites, email, event log, service zone, system settingsService technicians can add and edit organizations and sites. Only system administrators can delete them. Only system administrators can operate on emails, event log, service zone, system settings.
|