Permission sets provide a mechanism for controlling the operations that can be performed by a user or user group. You can:
- Set permissions for a partner user or a client user independent of their profile.
- Restrict activities using the permission values for each permission type.
- Authorize access according to role.
The PERMISSION SETS window displays the list of available permission sets, by Name, and the operational areas that support access control.
For each permission set-operational area, the icons have the following significance:
- The eye icon indicates view permission only.
- The pencil icon indicates permission to view and manage.
Create a permission set
When you add a permission set, you are presented with a list of areas that have permissions associated with them. Choose the permission you want to be in your permission set and the permission level for each permission.
Select Setup > Account > Permission Sets.
Click +Add.
In the Scope field, choose Partner or Client user applicability of the permission, and
- For partner scope, enter a permission Name.
- For client scope, in the Client field, choose EVERYONE or a specific client and enter a permission Name.
Enter a description for your permission set.
In the Permissions section, for each access-controlled area that you want to be part of this permission set, select the permission you want to allow.
Click Save.
The following is general usage information:
Delete a permission set
You cannot delete the default Administrator or User users.
- Select Setup > Account > Permission Sets.
- Select one or more named permission set you want to delete.
- Click Remove.
- Click Yes to confirm you want to permanently delete the permission sets.
Permissions reference
The permission listing differs depending on partner or client scope.
Notes
- The permission listings in the following table are mentioned in the order of the authorization level, from the highest to the least access levels.
- A user with the highest permission level can access and perform all the actions that are available within each permission set.
| Permission Type | Permission Value |
|---|---|
| Administration | Administration - Allows access to the Setup tab. |
| Alerts | Manage - Allows view and manage access to:
|
| Clients (Partner-level) | Client Manage - Allows you to manage a client. Client Create - Allows you to create a new client. Client Edit - Allows you to edit client details. Client View - Allows you to view the client information. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Cloud Management | Power Cycle - Allows you to Stop, Start, and Restart instances. Launch Instances - Allows to create new instances in the cloud account. A user with Power Cycle permission can also perform the actions available with the Launch Instances permissions. |
| Management Profile Manage | Manage - Allows access to view, create, and edit the existing gateway profile. View - Allows access to the Setup tab and to view the services gateway remotely. A user with Manage permission can also perform the actions available with the View permission. |
| Commands | Allow to run commands - Permits users to run commands. | Credentials | Manage - Allows access to manage the existing credential sets. Create - Create a new credential set. To create a new credential set, you should have access to the All Devices option. Edit - Edit a credential set. View - View all the credential sets, including the passwords. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Custom Attributes | Manage - Allows you to control the users who can manage the custom attributes. Create - Allows users to create custom attributes. View - Allows users to only view the custom attributes. A user with Manage permission can also perform the actions available with Create, and View permissions. |
| Dashboards | View Dashboard - Allows users to only view a dashboard.
The permission allows the:
The permission allows different users (service provider, partner, and clients) to perform a different set of actions on a Private and a Shared dashboard. See Role based dashboard permissions for detailed information about the permissions. |
| Dashboard Access Only | Dashboards Access Only - Allows access only to one's own Dashboard and the Shared Dashboard. The user should also have either the View Dashboard or Manage Dashboard permission along with the Dashboards Access only permission. If this permission is enabled, the users can only access the Dashboards tab and cannot access any other feature. To view the details populated using widgets in the Dashboard, users must configure the permissions required for each widget. See Role based dashboard permissions for detailed information about the permissions. |
| Devices | Manage - Allows access to:
View - Allows access to devices under:
|
| Device Monitor Template Configuration | Apply Templates permission - Allows the user to Assign/Unassign templates and monitors. Customize Templates - Allows the user to edit monitors and change the thresholds at device level. A user with Customize permission can also perform the actions available with Apply permissions. |
| Gateway Firmware | Allow Gateway Firmware Update - Allows the user to update the gateway firmware. |
| Integration | Manage Integration - Allows users to manage various integration services:
View Integration - Allows users to view the Integration tab and details of the configured integrations. For example, Integration Audit Logs and Authentication Details except for secret/token. A user with Manage permission can also perform the actions available with Edit and View permissions. |
| Jobs | Manage - Allows access to:
A user with Manage permission can also perform the actions available with the View permission. |
| Knowledge Base | Manage - Allows users to move an article, and also create, edit, and delete the:
View - Allows users to view, rate, comment, like, and share an article. A user with Manage permission can also perform the actions available with Edit, and View permissions. |
| Metrics | Manage - Allows users to create metrics. |
| Monitors | Manage - Allows access to:
Customize - Allows access to:
A user with Manage permission can also perform the actions available with Create and Edit, Customize, and View permissions. |
| OpsQ | OpsQ Manage - Allows you to create, edit, or delete the alert policies for:
OpsQ View - Allows you to view the alert policies for:
A user with Manage permission can also perform the actions available with the View permission. |
| Patch Approvals | Manage - Allows access to:
|
| Process Automation | Manage - Allows users to create and view the process automation artifacts. View - Allows only to view the process automation artifacts. A user with Manage permission can also perform the actions available with the View permission. |
| Projects | Manage - Allows users to manage projects. View - Allows users to view projects. A user with Manage permission can also perform the actions available with the View permission. |
| Recording Audit | All Recordings Play, Search, Edit - Users can play, search, and edit notes for all recordings. Users cannot delete any recordings. My Recordings Play, Search, Edit - Users can play, search, and edit their recordings only and not any other user recordings. Play, Search All Recordings - Users can play the recording and search for a recording. A user with All Recordings Play, Search, Edit permission can also perform the actions available with the other recording permissions. |
| Reports | Manage - Allows users to manage, create, edit, delete, and view the reports. View - Allows access to view the Reports. A user with Manage permission can also perform the actions available with the View permission. |
| Roles | Manage - Allows access to view, create, and delete roles. View - Allows access to view the defined roles in the Setup tab. A user with Manage permission can also perform the actions available with the View permission. |
| Scheduled Maintenance | Manage Scheduled Maintenance - Allows users to view, manage, create, edit, and delete scheduled maintenance. View Scheduled Maintenance - Allows users to view scheduled maintenance. A user with Manage permission can also perform the actions available with the View permission. |
| Change Request | Manage - Allows users to manage, create, edit, delete, and view the change request. Create - Allows users to create, edit, and view the change request. Edit - Allows users to edit and view the change request. View - Allows users to view the change request. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Incident | Manage - Allows users to manage, create, edit, delete, and view incidents. Create - Allows users to create, edit, and view incidents. Edit - Allows users to edit and view incidents. View - Allows users to view incidents. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Problem | Manage - Allows users to manage, create, edit, delete, and view the problem. Create - Allows users to create, edit, and view the problem. Edit - Allows users to edit and view the problem. View - Allows users to view the problem. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Service Request | Manage - Allows users to manage, create, edit, delete, and view service desk requests. Create - Allows users to create, edit, and view service desk requests. Edit - Allows users to edit and view service desk requests. View - Allows users to view service desk requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Task Request | Manage - Allows users to manage, create, edit, delete, and view task requests. Create - Allows users to create, edit, and view task requests. Edit - Allows users to edit and view task requests. View - Allows users to view task requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Time Bound Request | Manage - Allows users to:
Edit - Allows users to view and edit time-bound requests. View - Allows users to view time-bound requests. Note: Allows users to manage, create, delete, edit, and view time-bound requests, if they have the service desk manage permission. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Service Catalog | Manage - Allows users to view, create provisioning policies, service catalogs, and provisioning workflows. View - Allows users to view service catalog management in the Setup tab. A user with Manage permission can also perform the actions available with the View permission. |
| Service Order (Partner-level) | Manage Service Order - Allows users to manage the service order. Create Service Order - Allows users to create a service order. Edit Service Order - Allows users to edit the service order. Delete Service Order - Allows users to delete a service order. View Service Order - Allows users to view the service order. A user with Manage permission can also perform the actions available with Create, Edit, Delete, and View permissions. |
| Service Desk | Manage - Allows users to manage, create, edit, delete, and view the service desk. Create - Allows users to create, edit, and view the service desk. Edit - Allows users to edit and view the service desk. View - Allows users to view the service desk. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
| Scripts | Manage - Allows users to schedule a given script on a set of devices or to run the script immediately using the Run Now option. View - Allows access to scripts page in the Automation tab, also allows access to view the list of scripts available, and the scripts scheduled on devices. A user with Manage permission can also perform the actions available with the View permission. |
| Traces | Traces View - Allows users to view traces. |
| Users | Manage - Allows access to create, edit and deactivate users, user groups, and roles. Create - Allows access to create users. View - Allows access to view the existing users in the Setup tab. A user with Manage permission can also perform the actions available with the Create and View permissions. |
Role based dashboard permissions
The Role based dashboard permissions are applicable to both the Classic Dashboard and Dashboard 2.0 versions.
Service provider users - private dashboard
The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a private dashboard:
| User | Dashboard Permission | Admin Permission | Actions |
|---|---|---|---|
| Service provider | View | Yes | None |
| Service provider | View | No | None |
| Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously. | |||
| Service provider | Manage | Yes |
|
| Service provider | Manage | No |
|
| Service provider | None | - | No Access |
Service provider users - shared dashboard
Note
The information provided in the Service provider users - shared dashboard is only applicable to Classic Dashboard.A Service Provider user cannot share a dashboard in Dashboard 2.0 version.
The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a shared dashboard:
| User | Dashboard Permission | Admin Permission | Actions |
|---|---|---|---|
| Service provider | View | Yes |
|
| Service provider | View | No | View |
| Service provider | Manage | Yes |
|
| Service provider | Manage | No | View |
| Service provider | None | - | No Access |
Partner users - private dashboard
The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a private dashboard:
| User | Dashboard Permission | Admin Permission | Actions |
|---|---|---|---|
| Partner users | View | Yes | None |
| Partner users | View | No | None |
| Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously. | |||
| Partner users | Manage | Yes |
|
| Partner users | Manage | No |
|
| Partner users | None | - | No Access |
Partner users - shared dashboard
The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a shared dashboard:
| User | Dashboard Permission | Admin Permission | Actions |
|---|---|---|---|
| Partner users | View | Yes |
|
| Partner users | View | No | View |
| Partner users | Manage | Yes |
|
| Partner users | Manage | No | View |
| Partner users | None | - | No Access |
Client users - private dashboard
The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a private dashboard:
| User | Dashboard Permission | Admin Permission | Actions |
|---|---|---|---|
| Client users | View | Yes | None |
| Client users | View | No | None |
| Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously. | |||
| Client users | Manage | Yes |
|
| Client users | Manage | No |
|
| Client users | None | - | No Access |
Client users - shared dashboard
The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a shared dashboard:
| User | Dashboard Permission | Admin Permission | Actions |
|---|---|---|---|
| Client users | View | Yes |
|
| Client users | View | No | View |
| Client users | Manage | Yes |
|
| Client users | Manage | No | View |
| Client users | None | - | No Access |