# Configuration Management Security Roles

It also includes permissions for viewing, creating, updating and deleting CMDB item details, attaching objects to CMDB items and forms. This is where you would manage such roles as Change Manager, Configuration Manager, Service Portfolio Manager and Service Request Catalog Manager.

{% hint style="info" %}

### Before you start

You must have **Security Roles setup** selected in the Admin tab of your own **General Access security role** before you can assign or remove permissions for any security roles.
{% endhint %}

1. Display the Configuration Management Security Roles details window, if it is not already on screen.
2. Select the Menu button, then **Admin**, then select **System Administration**.

   The System Administration window appears.
3. In the Explorer pane, expand **Security Roles**, then select **Configuration Management**. All existing Configuration Management security roles are displayed.
4. Assign the global permissions for the security role:

<table data-header-hidden><thead><tr><th width="275"></th><th></th></tr></thead><tbody><tr><td>Disable CMDB Security</td><td>Analysts with this role have unlimited access to the CMDB. Select this option to effectively turning off the granular security system for access to the CMDB. All CMDB items will open in edit mode, regardless of other permissions. Leave this deselected to assign specific permissions to the role.</td></tr><tr><td><p>External Resource Search</p><p></p><p><strong>You cannot select this option if </strong><mark style="color:blue;"><strong>Disable CMDB Security</strong></mark><strong> is selected</strong></p></td><td><p>Analysts with this role can search for CMDB items from the <strong>External Resources Search</strong> window. Analysts with this permission are restricted to a <strong>Cached Resource Search</strong> so searches can only return CMDB details that have been imported and not excluded from the Federated CMDB. This option also allows Analysts to view external resource data via the <strong>Linked Resources</strong> option.</p><p></p><p></p></td></tr><tr><td><p>Federated CMDB Admin </p><p></p><p><strong>This option is only enabled if </strong><mark style="color:blue;"><strong>External Resource Search</strong></mark><strong> is selected.</strong></p></td><td><p>Analysts with this role can import CMDB Items from the <strong>External Resource Search</strong> window. They can also perform a <strong>Full Resource Searchsearch for Item Details within the CMDB which have not been imported into ASM Core</strong>, access the <strong>Federated CMDB Administration</strong> windows and access and process <strong>Discrepancy Reports</strong> through the CMDB Item Details Explorer option of the same name.</p><p></p><p></p></td></tr></tbody></table>

### **Permissions**

Having set the global permissions, you can use the tabs to set specific permissions.

Each tab contains options for viewing, creating, updating and deleting CMDB entities as well as viewing and adding stakeholder information and managing objects. More specifically, the tabs are organized as follows:

<table data-header-hidden><thead><tr><th width="259"></th><th></th></tr></thead><tbody><tr><td>CMDB Items</td><td>Options relating to CMDB items, including configuration items, services, service actions and service bundles</td></tr><tr><td>People</td><td>Options relating to people, including Users, Analysts and External Contacts</td></tr><tr><td>Organizations</td><td>Options relating to organizations including external suppliers</td></tr><tr><td>Locations</td><td>Options relating to physical addresses</td></tr><tr><td>Contracts</td><td>Options relating to contracts</td></tr><tr><td>Subscriber Groups</td><td>Options relating to subscriber groups</td></tr><tr><td>Cost Centers</td><td>Options relating to cost centers</td></tr><tr><td>Jurisdictions</td><td>Options relating to jurisdictions</td></tr><tr><td>Forms</td><td>Options controlling access to forms and assigning access levels to forms</td></tr></tbody></table>

Select to save the changes and close the window. Provide the Change Reasons if prompted to do so. Alternatively, select another tab, if appropriate.