4 Replies Latest reply on Oct 3, 2018 9:24 AM by nspeed

    Permissions: Role vs Team

    AnthonyDowns Specialist



      I'm looking for some ideas on how other people are using roles in their environment. Have you had any issues using team instead of role for any permissions? I understand something have to be published to a specific role, Dashboards, Layouts, etc.


      Right now we probably have close to 30 or more roles in use, basically whenever a team was created a role was created as well. This has led to it being a real pain if we need to do object level permission or add/modify workspaces. My plan now was to make two new roles analyst & management and move everyone to these roles then remove the previous roles. Once this has been done, we can create new specific roles if we need but it should not be nearly as many roles as we have currently.


      Any thoughts if this is a good/bad idea?



        • 1. Re: Permissions: Role vs Team
          vee Specialist

          Hi Anthony,


          Pretty much what we do - not sure if anyone has a better solution but it works well enough for our situation. We have about 5 main roles for our agents and like 3-4 others for specific uses. Had to strike a bit of a balance between access control and manageability but I can imagine having a role per team would be a nightmare.


          Good luck with your update!

          1 of 1 people found this helpful
          • 2. Re: Permissions: Role vs Team
            DTurner Expert

            Hi Anthony,


            When we had the admin training a while back, one thing the trainer stressed was going through the system and disabling any redundant (for our needs) features - something we haven't done yet

            I'd definitely advise minimising roles where necessary - roles are useful for customised access e.g. different layouts, top level tab requirements etc. I find the OU structure comes in handy for request offering access so for us, this is something I'd like to prioritise.


            Considering that there are various ways to hide or prevent access - e.g. visibility rules, layouts, roles, object permissions - I'd suggest looking at these and weighing up which best suits your requirements; more than likely a combination and it is more a question of "To what extent will I use this particular feature?"



            1 of 1 people found this helpful
            • 3. Re: Permissions: Role vs Team
              AnthonyDowns Specialist

              vee & DTurner Thank you for the replies.


              It looks like we are going to go ahead with consolidating those roles.


              I really wish we could use OU's for request permissions. Right now we probably have 80 published request and they are all available to self-service users (excluding a few strictly IT related). This is because we can really only pull name, username, and email right now. So you can imagine how troublesome reporting can be on anything other than a team level.

              • 4. Re: Permissions: Role vs Team
                nspeed Apprentice

                At the moment we are using the services to set the permissions.

                But next our system will be used for a broader range of users/proceses and we are also thinking about using the categories in the services and/or the teams.