Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This article describes how you can create and manage roles to implement Role Based Access Control (RBAC) in the application.

 

The access to the application features is based on the job roles of the users. A role is a logical grouping of support groups, contacts, or both.  All the members of a role inherit the permissions that are assigned to the role. A role facilitates easier assignment of permissions across the application. You can give similar permissions to contacts and support groups that can perform similar activities. For example, there could be different approval groups, which could all be grouped into the role of an approver. You can give this role the permission to access the Outstanding Items link in the navigation menu. This task reduces the effort in giving permissions to each group or contact undertaking this activity.

You can assign a particular workflow action to a role that contains support groups and members from a particular organization. Similarly, you can configure a management role to have access to certain reports. Association to the role can be direct or by virtue of the support group membership.

You can complete the following tasks with roles: 

  • Group the contacts and support groups logically.
  • Assign the permissions for the various application features to selective roles.
  • Determine the information that a role can view in a ticket using role-based views.

The role-based permission is applicable to all functions where permissions are applied. The role-based permissions include the navigation panel, toolbar options, knowledge articles, workflow actions, ticket templates, and communication templates. 

A role is not directly associated to an organization, site, or location. Contacts from any organization, site, or location can be assigned to one role. Making an organization inactive does not affect the role. The role remains the same. However, some of the contacts or support groups that are associated with the role can become inactive when their primary organization, site, or location is made inactive.

Considerations

Review the following points that are associated with roles:

  • You cannot deactivate a role. The deleted roles are directly removed from the application.
  • A contact and a support group can participate in multiple roles.
  • The permission assignment to a role is not a part of role creation. The Assigned Permissions section is read-only and displays the permissions that are assigned to the current role. 
  • The system defined roles have a negative ID value. You cannot delete the system defined roles. For example, KB Analyst and KB Admin. 
  • You can delete a role. When you delete a role, the role record gets removed from the application. When a role is deleted, the relationships to contacts and groups that are related to the role are also lost. Therefore, permissions available to the contacts and support groups through that role are no longer available.

  • Do not create more than one role with the same name. The reason is that there could be a conflict in the recognition of the name by the system. However, CA Cloud Service Management does allow you to create multiple roles with the same name.
  • Roles cannot be used for assignments. Roles are available only of managing permissions and for identifying recipients for a communication template. This behavior makes it possible to send the notification to all members of the role.

Prerequisites

Verify the following prerequisites:

  • Support groups and contacts are configured.  

Create Roles

Follow these steps:

  1. Create Role: Navigate to MANAGE, ADMINISTRATION, ToolsRoles, and click Create New.
  2. Fill in the required information and click Apply Changes.
    Note: A role name cannot match with any organization and support group name.

  3. Add Role Members: Search and select groups, contacts, or both to add to the current role.
    Note: The Assigned Permissions tab is read only and displays the permissions that are assigned to the current role.

When a contact associated with a role is made inactive, it does not affect the role or other contacts that are associated with the role. The contact is listed in the contact list of the role record. The relationship of contact with the role is not deleted.

  • No labels