Security

The topics in this section explain the Service Desk security roles, security areas, and rights.

Setting rights to interactions

Applies to User roles: Service Desk Manager

The Service Desk Manager can set rights to interactions using the role-based security. The Service Desk and Service Desk Configuration areas contain default security rights and settings. The rights are copied to new roles created for these areas. However, the settings are inherited only if there are no settings specified on the roles.

Note Whenever the roles in an operator record are updated, the operator must log out and then log in for the changes to take effect.

Service Desk security areas

Applies to User roles: System Administrator

The security areas for Service Desk are Service Desk and Service Desk Configuration. These areas contain the default security rights and settings for Interactions in the Service Desk module. The security right settings will be inherited by the new roles created in an area when no settings are specified in the security role.

These security areas are used to set permissions to operators to provide access to particular area of Service Desk. For example, for the Service Desk Analyst security role, set rights as View for the Service Desk area. Then, an operator with this security role can only view the Service Desk items under Service Desk module. The following table lists the areas and the relevant Service Desk menu items the operators can access.

Area

System Navigator menu items for this area

Service Desk

This area contains the default security rights and settings for Service Desk requests in the Service Desk module.

For example, Create New Interaction, Interaction Queue, and Search Interactions.

Service Desk Configuration

This area contains the default security rights and settings for Service Desk administration and configuration, which are dedicatedly used by Service Desk module. For example, Settings and Interaction Categories.

Note When you set the security rights for a security role in the Service Desk Configuration area:

  • The View right is to view the settings defined in the Administration menu and the Configuration menu.
  • The Update right is to update the values of existing settings defined in the Administration menu and the Configuration menu.
  • The New and Delete rights are to create and delete a setting in the Configuration menu, such as category.
  • The Admin right is to add, edit, or delete the settings in the Administration > Settings menu.

Default rights

The default rights defined in areas will be inherited when you create new security roles. The following table shows the out-of-box default rights defined in the Service Desk and Service Desk Configuration areas.

Area Name View New Update Delete/Close Expert Admin
Service Desk TRUE FALSE Never Never FALSE FALSE
Service Desk Configuration FALSE FALSE Never Never FALSE FALSE

Default settings

The default settings defined in areas will be inherited when you create new security roles. In an out-of-box system, none of the default settings is checked or set in the Service Desk and Service Desk Configuration areas.

Service Desk security roles and settings

The out-of-box security roles for the Service Desk module include the following:

  • service tech
  • service desk agent
  • service desk analyst
  • service desk manager
  • self service
  • approver
  • service desk process owner

Mapping between previous security profiles and current PD security roles

The following table lists the mapping relationship between previous Service Desk security profiles and current PD security roles in the Service Desk module.

Security Profile Security Role/Area
DEFAULT DEFAULT/Service Desk
approver approver/Service Desk
helpdesk tech helpdesk tech/Service Desk
initiator initiator/Service Desk
self service self service/Service Desk
service desk agent service desk agent/Service Desk
service desk manager service desk manager/Service Desk
sysadmin sysadmin/Service Desk
N/A service desk analyst/service desk process owner/Service Desk

Field mapping between security profiles and PD security rights/settings

The following table lists the mapping of fields in legacy Service Desk security profiles and Process Designer security roles.

Security profile settings Process Designer security rights and settings
New New
Close Delete/Close
Update Update
View View
Can notify
Alternate views
Advanced Search
Template Mass Update Expert
Complex Mass Update
Approval groups Approval Groups
Allowed Statuses Allowed Statuses
Can Create Personal Views Can Create Personal Views
Can Create System Views Can Create System views
Lock on Display Lock on Display
Modify Templates Modify Templates
Delegate Approvals Can Delegate Approvals
Initial view Initial View
List Format List Format
Manage Format Manage Format
ESS initial format ESS initial format
ESS edit format ESS edit format
ESS search format ESS search format
ESS list format ESS list format
Default Template Default Template
Append query Append query
New Thread: View -> Search New Thread: View -> Search
New Thread: Search -> List New Thread: Search -> List
New Thread: List -> Edit New Thread: List -> Edit
New Thread: View -> Edit New Thread: View -> Edit

Out-of-box role rights

Based on the mapping rules, the rights and settings in previous security profiles are mapped to the rights and settings in the Service Desk area specified in the corresponding security roles. See the table below for the out-of-box security rights of the new security roles in the Service Desk area and the Service Desk Configuration area. This table only lists the new security roles that have different settings with the default rights.

Area Name Role Name View New Update Delete/Close Modify Template Expert Admin
Service Desk service desk analyst TRUE TRUE Always Always FALSE TRUE FALSE
service desk manager TRUE TRUE Always Always TRUE TRUE FALSE
service desk process owner TRUE TRUE Always Always TRUE TRUE TRUE
system administrator TRUE TRUE Always Always TRUE TRUE TRUE
Service Desk Configuration service desk manager TRUE TRUE Always Always FALSE FALSE FALSE
service desk process owner TRUE FALSE Never Never FALSE FALSE FALSE
system administrator TRUE TRUE Always Always TRUE TRUE TRUE

For information about the out-of-box role rights in the Common Configuration area, see Out-of-box role rights in the Common Configuration area.