Roles & Permissions

rami.ejailat · June 28, 2015, 3:21pm

It would be great to be able to create user roles to restrict certain permissions to senior staff:

Restrict File Transfer & Shell Execute from the session tools
- Restrict Deleting (company/site/device/job/procedure/policy)
Restrict Creating Procedures
- Restrict Unattended Access
Restrict running certain Procedures/Jobs (ex. admin only tasks)

Ilker · June 29, 2015, 3:59am

Hi,

Yes, Role Based Administration is on roadmap and your list is noted as well.

Ilker

Ilker · June 29, 2015, 4:00am

What other features / actions do you see should be limited per role?

On RMM / On service Desk / On Patch Management?

rami.ejailat · June 29, 2015, 5:02am

I’ve only went through RMM so far, but generally, there might be 3 levels:

Standard technician who just uses what’s available and requests remote support from the customer (no shell execute, can’t create/edit/delete, possible to edit company/site name/description)
Advanced technician who can create/edit procedures/policies, but not delete. Audit trail becomes important, so it edits can be saved as revision history copies; at the moment, we have to create a copy and delete the existing one, and then figure out if it’s being used elsewhere and do the same there (ex. a procedure in a job). Instead, you can give the procedure and ID and keep the previous copies as revision history, but the system always uses the latest version (like Google Docs revision history).
Admin who can also delete. Delete is usually the most dangerous thing and normally should be avoided (and audited).

On the other hand, procedures and jobs can have similar levels on who can run them (or see them). Note that a job can contain a high level procedure, but yet, it can be allowed to be used by any level.

Ability to assign/restrict technicians to companies/sites would be great. This means that the technician will only see alerts from the assigned devices.

So, introducing “Groups” might be a good idea, especially dynamic groups (windows servers, Linux, Mac computers, machines with certain software like certain antivirus/backup/AutoCAD/accounting/ …) which simplifies assigning expertise as necessary.

InfoSecAdmin · June 27, 2018, 12:37pm

Will it be very difficult in the ITSM permissions for role - to change that running procedures can be done without the permissions to edit/delete them?
At the moment, any role which can run a procedure can also delete it (all custom and user added scripts out there).

Rick_C · June 28, 2018, 1:45am

Hi @InfoSecAdmin
Thank you very much for pointing out to us this specific condition with running procedures. Your input is important to us as it will help to improve the usefulness of C1 for the entire user community. We will forward your suggestion to the product development team where they will review it and determine where it will fit best on the product roadmap.