Define Functionality Security Rights (Access to Functionality)

Use the Rights tab in the Security Group Manager to define the access to CSM functionality for a Security Group.

Good to know:

  • Functionality security rights control access to CSM functionality (example: Allowing a User/Customer in a Security Group access global Dashboards).
  • To make items easy to find, functionality is organized by category/subcategory (example: Dashboards/Global Dashboards).
  • For a detailed description of each security right, see Security Rights Reference.

To define functionality security rights:

  1. Open the Security Group Manager.
  2. In the Group drop-down, select the Security Group for which you want to define rights (example: Admin).
  3. Click the Rights tab.
  4. Category: Select the CSM functionality category for which you want to set rights (example: Dashboards, Calendars, etc.). Notable categories include:
    Option Description
    Default right Sets default rights for all functionality in a Security Group, use. This default is also used for any new functionality that is added in future versions of CSM
    Note: The defaults only affect untouched functionality; if you have already set specific rights for functionality, those rights override the default. You can override the default at any time by manually setting rights for functionality.
    Application rights Houses basic CSM functionality rights, such as Table Management, Grid/Toolbar/Task Pane personalization, etc.
    Security features Houses security feature rights, such as system settings, Role/Team management, SAML settings, etc.
    Sites Houses Portal Site rights
    A list of associated subcategories displays below the category.
  5. Subcategory: Select the functionality for which you want to set permissions. The available rights show as check boxes below the subcategory. Rights vary by functionality but include a combination of the following:
    Option Description
    View Item can be viewed
    Add New item can be added
    Edit Existing item can be modified
    Delete Item can be deleted
    Allow Action/access is allowed
    Run Item can be run
    Open Item can be opened
    Note: Many rights are scope-related (User, Role, Team, Global), meaning they allow/deny access to an item based on an intended audience.
  6. Rights check box: Select this check box to allow this Security Group permission to perform the action. Clear the check box to deny permission.
  7. Click Save Save Button.

Example: To deny the Service Desk Security Group access to the Cherwell Administrator module:

  1. Open the Security Group Manager
  2. Click the Rights tab.
  3. Select the Security features category.
  4. Click the Run the administrator tool? security right
  5. Clear the Allow check box.
© Copyright 2018 Cherwell Software, LLC. All rights reserved.