Not sure if this is what you are looking for, but some access to Categories/Reference Lists etc can be found in the "Non-Process Related Objects" area of privileges. For example, if wanting to specify an Incident Category, open Privileges, go to Incident Management, and double-click Non-Process Related Objects. You will find all the Categories etc in the list here, which you can apply permissions to.
Having said that, I have never tried restricting access to any of these areas, so not sure if it will function as mentioned here... Only one way to find out.
Remember to keep in mind that permissions are cumulative.
Thanks again for your reply...
I created group (let's called it "CategoriesAdmin"), the privilege is like in the picture that i attached...
and i add Analyst role to person in "CategoriesAdmin" too..and then i give shortcut Administration to that group..
The result is the group can create Categories, but can create New User, new Service Level too...and i don't need that, i only want the group only can create Categories...
Any idea Paul??
With my system I do the adding of categories. This way I keep control over adding (or not adding unnecessary) categories. I consider this an admin function so when my users needed a new category, they shoot me an e-mail. After 3 months, the number of categories I have added can be counted on 2 hands. Many of the categories I do have don't get used anyways. We use categories to describe types of problems, not each issue, it makes the reports more useful.
My apologies, but I am unsure in this space - I have never attempted to lock down so specifically.
I do add my voice to Carl's suggestion that it is probably a better idea to only allow a very select group of people to perform this function anyway, as otherwise you lose control over the categories.
Hi Carl and Paul,
I agree with you both
I already suggest to my client, please choose System Admin as SA (maybe from IT division) to manage that all (adding categories, adding user, adding service level,etc), so if End User who used that system want to add categories, they send an email to System Admin..
but they have other opinion, they still want one group only to add categories, and SA for add user, add service level, etc...because they guess their categories will increase rapidly...
Do you have any idea Friends??
I have locked down my permissions so that people only have access to those elements they need to do their job.
So I have an Administrators role which has permissions to Update and create Service Levels, along with the designers for windows and object design.
I have a role called Service Desk Administrators who do the administration and maintenance of all " other drop down" values - categories, reference lists etc. To do this they need access to run the Administration icon, and also the create privilge on the category / reference list.
I have a role that enables only some people (mainly Service Desk who log calls) to create End users.
This way I don't have people messing things up by playing around!!
And if anybody requires the ability to perform the actions, or need an additional category creating, they have to log a ticket with the Service Desk who will assign it to the relevant person to action.
Thanks for your reply, and sorry for my late response about your answer..
Whether your "Administrator Role" can only create and update Service Level? so, your "Administrator Role" can not create and update User, Categories??
Can you explain about how is your setting in "Administrator Role"?
and please explain about setting and privilege in your "Service Desk Administrator Role" too?
I don't quite understand what you are asking.
The principle is that Administrators role has ALL privilges
Analyst has is the basic role for ALL analysts to allow them to get basic view functionality - and everybody who has access to Landesk is in this role. Then depending on their job, analysts get a selection of the following roles
ChangeAnalysts need to be able to raise and implement changes.
ChangeReviewers need to be able to review changes
ChangeAdministrators need oversee all things change and need to be able to approve changes and update changes
Logger role is for analysts who can log incidents
LoggerAdmin role is for Service Desk administrators who can do specific elevated tasks like create categories
Support and Maintenance role are required for tasks that are required for maint tasks.
I am attaching a pdf of how my priv are set up for you - its based on a crystal report that was posted on the community - wish I can remember who it was so I can credit him. I can see I need to do some consolidation and sorting out again - there is a lot of duplication.
Privilges.pdf 151.0 K