Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Service Management

Administer > Administer Service Management > People > Roles

Roles

Service Management has built-in roles that are based on industry best practice recommendations. Large companies might have several people assigned to the same role. Smaller organizations might have multiple roles assigned to one person. Maintaining a role-based view of the organization makes sure that you adhere to the best practice model no matter who is assigned to the role or how you divide the responsibilities associated with the role. For example, if your company is large, you may have separate process designers and process owners assigned to each module. A smaller company might assign both roles to one person for each module.

Permissions are controls within applications. When assigned, they enable you to complete certain Service Management tasks, such as adding update information to a record. Permissions are an administrative strategy to control access to records and limit the number of people who can view, create, update, or delete records. Permissions to view particular data domains limit your ability to view only records that are tagged with those domains. For more information, see Data domain segmentation.

If you have development and production tenants, all configuration changes must be made on the development tenant. For more information about synchronizing the tenants, see Dev2Prod - How to synchronize your development and production tenants.

How to create a role

Service Management provides a robust set of roles that map to ITIL best practice recommendations. You can create new roles to meet the needs of your organization. After you create a new role, you can assign permissions to the role.

From the main menu, select Administration > Master Data > People > Roles.
Click Add at the top of the left pane.
Type a Name in the New role dialog box.
Click OK or Add another. Service Management confirms that the new role is saved.

The new role has no default permissions. Your next step is to update the role with the specific permissions that you want the role assignee to have.

How to edit role permissions

New roles have no initial permissions. After you add a new role, you must assign specific permissions that are appropriate to the role. Occasionally, you might need to edit existing roles by changing existing permissions.

To update role permissions:

From the main menu, select Administration > Master Data > People > Roles.

If necessary, expand any of the following sections to assign or change permissions.

General

Permission	Description
Log into the application	Login rights are the lowest level of permission granted.
Access to application administration modules	Permission to view administrative areas.
Encryption domain administrator	Permission to create encryption domains.
Permission to create public reports	Create public dashboard reports and charts.
Permission to create public favorite views	Save searches as public views and favorites.

Security

To add authorization to access records in all data domains, select the View all data domains check box.

To add authorization to access records in specific data domains, click inside the text box and select the data domains that you want to include.

Note To delete a specific data domain from the list, click .

If a role that you are updating has permission to view all data domains and you want to change the permissions to view only specific data domains, first deselect the View all data domains check box and then select the specific data domains that you want to assign.

To grant permission to clear data from encrypted fields, select Permission to clear encrypted data.

Record Type

Permission	Description
View	Enables you to view records of the selected record type.
Delete	Enables you to delete records of the selected record type.
Update	Enables you to update records of the selected record type in the grid.
Admin	Enables you to update the selected record type in the records module.
Create	Enables you to create records of the selected record type.
Comments	Enables you to edit or delete any existing comments on records of the selected record type.

To add permission to access a certain type of record:
1. Click Add.
2. Choose the record type from the list, and select the relevant permissions.
3. Click OK. The new record type permission is displayed in the Record Type list.
To remove a record type permission:
- Choose the record type from the list, and clear the relevant permission.

Resources

Permission	Description
Create	Enables you to create resources.
Delete	Enables you to delete resources.
View	Enables you to view resources.
Update	Enables you to update resources.

To add permission to access a resource:
1. Click Add.
2. Choose the resource from the list, and select the relevant permissions.
3. Click OK. The new resource permission is displayed in the Resources list.
To remove a resource permission:
- Choose the resource from the list, and clear the relevant permission.

Knowledge Management

Permission	Description
Import articles	Retrieve articles from external sources.
Publish articles to the Service Portal	Enable self-service users to access knowledge articles.
Update articles that are currently published in the Service Portal	Make changes to published articles.
Hide articles that are currently published in the Service Portal	Remove published articles.

Questions & Answers

Permission	Description
Ask questions	Enables a Service Portal user to post questions in the portal. For more information, see How to authorize knowledge handling in the Service Portal.
Answer questions	Enables a Service Portal user to respond to questions posted in the portal. For more information, see How to authorize knowledge handling in the Service Portal.
Moderate user questions and answers	Enables the Knowledge Contributor, Knowledge Publisher, or Knowledge Administrator to respond to questions posted in the Service Portal, and to review answers for relevance or accuracy. For more information, see How to moderate Q&A.

Live Support

Permission	Description
Be able to request chat support	In the Service Portal, only a user with this permission can request an online chat. This applies in cases where chat support is otherwise available through the chosen offering. If a user does not have this permission, the request chat option is not displayed.

On-Call Schedule

Permission	Description
Be able to access on-call schedule	Only a user with this permission can view On-Call Schedule Management. If a user does not have this permission, the feature is not displayed.

Change Management

Permission	Description
Can create emergency change	Only a user with this permission can initiate an emergency change.
Allows access to the change analytics module	Only a user with this permission can access the change analytics module.
Allows configuration of KPI goals and thresholds	Only a user with this permission can configure KPI goals and thresholds.

Service Portal administration

Permission	Description
Customize the look and feel of the Service Portal	Only a user with this permission can change the Service Portal.

Approvals

Permission	Description
Override approvals of	Grant permission to override approvals for the following record types: Request Change Article Idea Proposal Release

Permission

Description

Override approvals of

Grant permission to override approvals for the following record types:

Request
Change
Article
Idea
Proposal
Release

Service Asset and Configuration Management (SACM)

Permission	Description
Administrator	Grant Service Asset and Configuration Management administration rights to the selected role.
Advanced import	Only a user with this permission can implement the advanced record import method.
Allows view service modeling	Only a user with this permission can view the Service Modeling link if the Service Management belongs to a suite SSO enabled account.

On-Premise Bridge

Permission	Description
Administrator	Grant On-Premise Bridge administration rights to the selected role.

You can grant or remove access rights to complete endpoint tasks.

Endpoint	Description
UCMDB 10.20 and later	Access the Universal Configuration Management Database (UCMDB) repository.
Knowledge Indexing	Submit knowledge articles for indexing to make them easily accessible to Service Portal end users.
Email Integration	Access the Service Portal via email, without logging in.
Rest Executor 1.0	Access the REST API.
Operations Orchestration 10.02 and later	Integrate with Operations Orchestration.
PPM Outbound Integration	Send Service Management ideas and proposals to Project and Portfolio Management (PPM).
PPM Optimization Solver	Optimize scenarios in the Project and Program Management module.
LDAP Integration	Access an LDAP server.

Analysis

Permission	Description
Enable management of Hot Topic Analytics	Grant permission to manage the stop list in Hot Topic Analytics.

Tasks

Permission	Description
Ability to view all tasks	Grant permission to view tasks assigned to all people.

Click Save on the toolbar.

You can delete any role.

From the main menu, select Administration > Master Data > People > Roles.
In the left pane, select the role to be deleted.
Click Delete on the toolbar. Service Management displays a confirmation message.
Click OK to confirm the deletion.

How to assign a role to a user

You can assign one or more roles to a user in Service Management.

From the main menu, select Administration > Master Data > People.
Select the user to whom you want to assign a role.

You can filter the list by clicking the Add filter button, selecting Name, and typing the name of the user, or part thereof. Click the record identifier in the ID column to display the selected record.
Click in the Role field under System use definitions. Service Management displays a list of available roles.
Select one or more roles to assign to the user.
Click Save on the toolbar.

How to unassign a role from a user

You can selectively remove any role from any user.

From the main menu, select Administration > Master Data > People.
Click Add filter , select the Name field, and type the name of the user. Click the record identifier in the ID column to display the selected record.
Click in the Role field under System use definitions. For any role that appears in the field, click Delete to remove that role.
If necessary, repeat the previous step to unassign other roles.
Click Save on the toolbar.

Default roles

Service Management has pre-configured roles that are consistent with ITIL v3 recommendations and naming conventions. Service Management also has custom roles to support various users and modules, including the On-Premise Bridge, MT Console, and Service Portal.

You can assign these roles to end users, modify the permissions associated with a role, or make other changes to meet the requirements of your environment.

Role	Description
Application Analyst	Creates, updates, and deletes optimization records; creates surveys and evaluates survey results for application cloudification.
Application Owner	Creates, updates, and deletes applications and roadmaps.
Application Portfolio Administrator	Assigns roles for the APM module; defines workflows for applications and optimizations.
Application Portfolio Manager	Creates and updates application portfolios; runs portfolio analysis.
Asset & Configuration Administrator	Configuration administrator for Service Asset and Configuration Management.
Asset & Configuration Manager	Configuration manager for Service Asset and Configuration Management.
Business Intelligence Integration	Customer role for the Business Intelligence integration.
Catalog Administrator	Administrator of the Service Catalog.
Change Approver	Evaluates and authorizes (or disapproves) changes.
Change Assignee	Responsible for assigned change.
Change Coordinator	Coordinates all requests for changes throughout their lifecycle.
Change Manager	Manages changes and functions as the point of escalation.
Change Owner	Reviews and manages assigned changes.
Change Process Owner	Accountable for all change-related activities. Functions as the champion, advocate, and design lead of the change module.
Change Requestor	Submits requests for changes.
Change Task Assignee	Closes assigned change tasks.
Contract Manager	Manages external vendors and contracts with vendors.
Default	Default user with login and Service Portal permissions to create and view requests.
Favorite Views Owner	Creates public views. Tip This is a very granular role, granting permission to a single area. Combining it with another role that already has the same permission would be redundant. But you can use it to add this permission to someone who has another role that does not grant the permission to create public views, without altering that other role.
Financial Manager	Manages financial aspects of the assets, including devices, licenses, and infrastructure and peripheral assets.
Guest	Can view the following on the Service Portal: Available services News and knowledge articles Questions that have been submitted Note Cannot submit nor answer questions.
Idea Administrator	Configuration administrator for Idea Management.
Idea Reviewer	Reviews, categorizes, and approves/rejects ideas.
Incident Analyst	Investigates and resolves assigned incidents.
Incident Coordinator	Coordinates resolution and closure of incidents.
Incident Manager	Manages incident resolution and functions as the escalation focal point.
Incident Process Owner	Accountable for all incident-related activities. Functions as the champion, advocate, and design lead of the incident module.
IT User	Has full access to all functional modules, including some configuration rights. Has read-only access to foundational data.
Knowledge Administrator	Has all permissions assigned to manage Knowledge Management article publication.
Knowledge Contributor	Creates, edits, and reviews knowledge articles for an internal or external audience.
Knowledge Publisher	Publishes knowledge articles to an internal or external audience.
MT Administrator	Manages the multi tenant (MT) environment for a provider tenant. This is the only user, along with the Tenant Admin, who has permissions to add users who can access managed customer data.
MT Agent	Manages and is able to access managed customer data. Only users with this role can be added to the list of users who can view incident or request data for a managed customer in the Vendor Management > Managed Customer tab.
OPB Remote Agent	Integrates On-Premise Bridge internal processes.
Portfolio Manager	Analyzes proposals, defines the workflow, and manages business objectives.
Problem Analyst	Investigates and resolves assigned problems and known errors.
Problem Coordinator	Coordinates problem records through their lifecycle.
Problem Manager	Manages problem resolution and functions as the escalation focal point.
Problem Process Owner	Accountable for all problem-related activities. Functions as the champion, advocate, and design lead of the problem module.
Problem Task Assignee	Closes assigned problem tasks.
Program Manager	Owns programs. Can add content and is responsible for managing related projects together.
Project Manager	Owns projects. Responsible for managing all aspects of a project's success.
Project Portfolio Manager	Owns project portfolios. Can add content and is responsible for high-level management.
Proposal Administrator	Creates approval definitions for proposals.
Proposal Creator	Creates, publishes, and abandons proposals.
Proposal Reviewer	Reviews, categorizes, and approves/rejects proposals.
Release Coordinator	Coordinates release records through their lifecycle.
Release Process Owner	Accountable for all release related activities. Functions as the champion, advocate, and design lead of the release module.
Reports Publisher	Configures charts and graphs for reporting.
Request Approver	Business approver for a request.
Resource Manager	Creates and edit resources types.
SACM Integration	Customer role for external integrations.
Self-Service Portal Administrator	Manages entitlement rules and the Service Portal user experience.
Self-Service Portal User	Service Portal end user has permissions to view the Services catalog, search for knowledge articles, submit questions, and respond to questions submitted.
Service Level Manager	Negotiates Service Level Agreements and manages Service Level Management processes.
Service Request Agent	Assignee who fulfills service requests.
Service Request Coordinator	Assigns and coordinates service requests.
Service Request Manager	Manages the Service Request module and functions as the escalation focal point.
Service Request Process Owner	Accountable for all service request-related activities. Functions as the champion, advocate, and design lead of the Service Request module.
Service Request Task Assignee	Completes and closes assigned service request tasks.
Software Manager	Manages the life cycle of software assets and license optimization.
Stockroom Admin	Manages stockrooms and their content.
Strong Identity Validation Bypass	Can approve tasks without strong identity validation. Note This role is not relevant for users with the Tenant Admin role.
Survey Editor	Creates and manages surveys.
Tenant Admin	Super user role that has permissions for everything in the application. It is recommended to assign only one tenant admin role per tenant system.
Vendor Liaison	Interfaces with external third-party support representatives for incident resolution.

Note A role indicated with a lock icon is a system role, which cannot be edited.