Use > Change Management > Security > Change Management security roles and settings

Change Management security roles and settings

User Role: System Administrator

The out-of-box security roles for Change Management include the following:

  • change advisory board (CAB)
  • change analyst change

  • change analyst tasks
  • change approver

  • change coordinator
  • change coordinator change
  • change coordinator tasks
  • change domain expert (CDE)
  • change implementer

  • change manager
  • change owner
  • change requestor

Tip If you have upgraded from a previous version of Change Management, which is not Process Designer based, see Change Management security profiles mappings for more information about the mappings between the legacy Change Management profiles and the current Process Designer security roles.

Rights and settings

To view the rights and settings that are defined for out-of-box Change Management security roles, follow these steps:

  1. Navigate to System Administration > SecurityRoles.
  2. In the Name field, select a Change Management security role.
  3. Click Search.
  4. Double-click a security area to open the Rights form.

    This form lists the rights and settings of the security role for the selected security area.

  5. View the Rights and Settings sections in the form.

    The following table describes possible rights for Change Management security areas.

    Security role rights Description
    New Can create new records in this area
    View Can view records in this area.
    Expert

    Has Expert rights in this area

    Admin

    Has Admin rights in this area

    Modify Template Can modify template records in this area
    Update Can update records in this area
    Delete/Close Can delete or close records in this area
    Allowed Categories Specifies the categories in this area that users with this role can select
    Allowed Statuses Specifies the status values in this area that users with this role can select

    The following is a list of settings available for Change Management security areas.

    • Allow Inefficient Query: When this option is true, users with this role can run incomplete (inefficient) queries in this area, but receive a warning message. The Skip Inefficient Query Warning option overrides this setting. If not selected, users with this role cannot run inefficient queries in this area.
    • Skip Inefficient Query Warning: Turns off inefficient query warnings for this area. This option overrides the Allow Inefficient Query option.
    • Can Approve: Users with this role can approve records in this area.
    • Can Delegate Approvals: Users with this role can delegate their own approvals in this area to another user.
    • Reopen: Users with this role can reopen records in this area.
    • Change Manage Format: The name of the form to display as the default change queue form. If left blank, sc.manage.chm is used.
    • Default Category: Unused
    • Default Task Category: Unused
    • Initial Change View: Unused. Service Manager automatically saves the Change view that users with the role opened last time.
    • Initial Task View: Unused. Service Manager automatically opens the Change Task view that users with this role opened last time.
    • Initial Format: The initial format that is used when users with this role search change records. If left blank, cm3r.search is used.
    • List Format: Also known as QBE Format. This is the QBE form to use when displaying records to users with this role. If left blank, cm3r.qbe is used.
    • Task Manage Format: The name of the form to display as the default task queue form. If left blank, sc.manage.cmt is used.
    • Append Query: This field stores an expression to append to all queries in this area run by users with this role. This expression restricts the records that the user with this security role can see, by appending (adding on) this query to everything the user does in this module. You must use the field name from the dbdict in the expression. For example, you can enter priority.code=”3” so that users with this security role can only see Priority 3 records.
  6. View the Security Folders section.

    This section specifies security folders that are accessible to this Role for records of this area. For more information, see Add folder permissions to a security role.

    The out-of-box security folders available in Service Management are DEFAULT and advantage. You can also create security folders to meet your business needs. By default, all security folders are assigned to a new security role created. Once a role is created and rights are configured, you can modify the security rights for a role within an area.