Manage Permissions

Concepts

Permissions are the most basic unit of authorization and they enable access to Service Manager Service Portal applications and services.

Permissions are associated with a role, and the role is assigned to an organization's group so that members of the group have certain Service Manager Service Portal capabilities.

The following default Service Manager Service Portal permissions are provided:

Identity Management (IdM) Permissions

Permission Type Description Use
IDM_ADMIN Consumer Enables all IdM operations, scoped to the user's organization. Consumer organization administrators
SUPER_IDM_ADMIN Provider Enables all IdM operations on all organizations (except deleting the Provider organization). Provider organization administrators
ROLE_REST Consumer Default role assigned to all users. Automatically assigned to all users.

Catalog Permissions

Permission Type Description Constraints
CATALOG_ADMIN Consumer Enables administration of catalogs. Users must also be assigned the IDM_ADMIN permission to manage authorization of catalog items.
SUPSCRIPTION_ADMIN Consumer Enables managing subscriptions.

Service Exchange (SX) Permissions

Permission Type Description Use
AGGREGATION_ADMIN Consumer Performs aggregation of offerings into catalogs. Consumer organization administrators
INTEGRATOR Provider Enables SX transport user to perform catalog operations. SX transport user

Miscellaneous Permissions

Permission Type Description Use
CONTENT_ADMIN Provider Manages content packs for SX. Provider organization administrators
LICENSE_ADMIN Provider Enables viewing license details and uploading new licenses. Administrators who manage Service Manager Service Portal licenses.
CONSUMER Consumer Enables requesting and approving services. Typically assigned to all Consumer organization users.
SEARCH Provider Enables search operations. Search service transport user
SUPPORT Consumer Enables access to support items. Consumer organization administrators
DIAGNOSTICS_ADMIN Provider Enables viewing and managing Service Manager Service Portal diagnostics metrics. Provider organization administrators
SUPPLIER_ADMIN Consumer Enables managing Service Manager Service Portal suppliers. Consumer organization administrators
SUPPLIER_VIEWER Provider Enables viewing Service Manager Service Portal suppliers. Provider organization administrators

Note You cannot edit or delete a default Service Manager Service Portal permission.

Tasks

The Administrator can perform these tasks in the Permissions view:

View Permissions

To view all of the permissions and groups associated with an organization's roles:

  1. Click the Identity application in the Launchpad.
  2. In the Organization List view, click the organization that contains the permissions you want to view.
  3. In the Organization Details view, click Permissions.

The Permissions view is displayed and all of the permissions and groups associated with the organization's roles are listed.

Manage Permissions

Note This task assumes you are in the Permissions view for the organization. (See View Permissions for instructions.)

To manage the permissions for an organization:

  1. In the Permissions view, click Manage Permissions. All of the permissions for the organization are listed.
  2. In the Permission List view, you can add new permissions to the organization, edit permissions, and delete permissions.

Note You cannot edit or delete a default Service Manager Service Portal permission.

Associate Group with Role

Note This task assumes you are in the Permissions view for the organization. (See View Permissions for instructions.)

To associate an organization's group with a role:

  1. In the Permissions view, for the role that you want to associate with a group, click Add Group.
  2. In the Add Group dialog, select the group, and then click Save to finish.

The specified group is associated with the role and listed under the role.

Associate Permission with Role

Note This task assumes you are in the Permissions view for the organization. (See View Permissions for instructions.)

To associate a permission with an organization's role:

  1. In the Permissions view, for the role that you want to associate with a permission, click Add Permission.
  2. In the Add Permission dialog, select the permission, and then click Save to finish and save your new permission.

The specified permission is associated with the role and listed under the role.

Remove Group from Role

Note This task assumes you are in the Permissions view for the organization. (See View Permissions for instructions.)

To remove a group's association from an organization's role:

  1. In the Permissions view, for the role you want to remove a group, click the remove icon for the group.
  2. Confirm removal of the group from the role.

The group is no longer associated with the role.

Remove Permission from Role

Note This task assumes you are in the Permissions view for the organization. (See View Permissions for instructions.)

To remove a permission's association from an organization's role:

  1. In the Permissions view, for the role you want to remove a permission, click the remove icon for the permission.
  2. Confirm removal of the permission from the role.

The permission is no longer associated with the role.

Remove Organization

Note This task assumes you are in the Permissions view for the organization. (See View Permissions for instructions.)

To remove an organization:

  1. In the Permissions view, click Remove.
  2. Confirm deletion of the organization.

The Service Manager Service Portal organization is deleted.

 

Related Topics