Configuration Management Security Role: People Tab

You can set permissions for a Configuration Management Security Role relating to People. This includes setting permissions for viewing, creating, and updating Users, Analysts, and External Contacts.

Before you start

You must have Security Roles setup selected in the Admin tab of your own General Access security role before you can assign or remove permissions for any security roles.

You must have Security Roles setup selected in the Admin tab of your own General Access security role before you can assign or remove permissions for any security roles.

  1. Display the Configuration Management Security Roles details window, if it is not already on screen.

  2. Assign the global permissions for the security role:

Disable CMDB Security

Analysts with this role have unlimited access to the CMDB, including the External Resource Search and Federated CMDB Admin options. Select this option to effectively turning off the granular security system for access to the CMDB. All CMDB items will open in edit mode, regardless of other permissions. Leave this deselected to assign specific permissions to the role.

External Resource Search

Analysts with this role can search for CMDB items from the External Resources Search window. Analysts with this permission are restricted to a Cached Resource Search so searches can only return CMDB details that have been imported and not excluded from the Federated CMDB. This option also allows Analysts to view external resource data via the Linked Resources option.

Federated CMDB Admin

Analysts with this role can import CMDB Items from the External Resource Search window. They can also perform a Full Resource Searchto search for Item Details within the CMDB which have not been imported into ASM Core, access the Federated CMDB Administration windows and access and process Discrepancy Reports through the CMDB Item Details Explorer option of the same name.

This option is only enabled if External Resource Search is selected.

People Tab

Select the People tab and make the necessary changes to the permissions.

User View

Analysts with this role can search for and view Users

User New

Analysts with this role can create Users.

User Update

Analysts with this role can update User details.

User Delete

Analysts with this role can delete Users.

User View must be selected to enable these options.

Analyst View

Analysts with this role can search for and view Analysts.

Analyst New

Analysts with this role can create Analysts.

Analyst Update

Analysts with this role can update Analyst details.

Analyst Delete

Analysts with this role can delete Analysts.

Analyst View must be selected to enable these options.

Update IPK Groups

Analysts with this role can update the IPK Group membership details for any Analyst.

Update Workflow Groups

Analysts with this role can update the Workflow Group details for any Analyst.

Analyst View must be selected and Analyst Update deselected to enable this option.

External Contact View

Analysts with this role can search for and view External Contacts

External Contact New

Analysts with this role can create External Contacts.

External Contact Update

Analysts with this role can update External Contact details.

External Contact Delete

Analysts with this role can delete External Contact details.

External Contact View must be selected to enable this option.

Permissions

The following permissions can be set for managing people, regardless of whether the person is a User, Analyst or External Contact.

Permissions

The following permissions can be set for managing people, regardless of whether the person is a User, Analyst or External Contact.

Person Cancel Lock

This option cancels the lock set while updating a person’s details. By default, only one Analyst can update a person record at any one time. Selecting this option disables this function and enables the person record to be updated by two or more Analysts simultaneously.

User Update must be selected to enable this option.

Person Action by Default

Analysts with this role can open a person’s record in edit mode directly, without needing to use the Edit button.

User, Analyst or External Contact Update must be selected to enable this option.

Person Object Download

Analysts with this role can download and view objects that are attached to people. This option also allows access to view the Delegation section on the Person Details.

User, Analyst or External Contact View must be selected to enable this option.

Person View Secure Attachments

When enabled, allows analysts with this role to view attachments using the secure PDF Viewer

Person Object Update

Analysts with this role can update objects that are attached to People. This option also allows editing of the Delegation section on the Person Details

User, Analyst or External Contact Update and Person Object View must be selected to enable this option.

Person Object Cancel

If an object attached to a Person has been checked out, Analysts with this role can cancel the checkout. Person Object Version Control in CMDB Settings must be enabled.

Person Object Delete

Analysts with this role can delete Objects that are attached to people

Person Object Update must be selected to enable this option.

Person Stakeholder View

Analysts with this role can view stakeholders linked to people

Person Stakeholder Write

Analysts with this role can update details for stakeholders that are linked to people

Person Stakeholder View must be selected to enable this option.

Allow Password Reset via API

Analysts with the appropriate role have the capability to reset passwords for users and analysts directly through the API. This feature is critical for automating password management and enhancing system security. It ensures that password resets can be performed quickly and efficiently, without the need for manual intervention, thus reducing downtime for users and maintaining high levels of security compliance.

  • Security: Ensures operational security by limiting access to authorized personnel.

  • Efficiency: Streamlines the process of password management, making it faster and less prone to errors.

  • Automation: Facilitates the integration with automated systems for managing user credentials.

To utilize this feature, the analyst must have the specific permission enabled in their role settings. It is essential to monitor and audit the use of this permission to prevent unauthorized access and potential security risks.

Allow Bulk Password Reset via API

Analysts with this role can update passwords in bulk, or for multiple people at once.

Person Cost Center View

Analysts with this role can view or search for Cost Centers that are linked to people

Person Cost Center Update

Analysts with this role can update Cost Centers that are linked to people

Person Advanced Search

Enables the Advanced Search option when searching for people. Analysts with this role can create searches using advanced search functions.

Last updated