Configuring security groups for user access
To ensure that users can access the appropriate Service Portal functions, administrators must configure security groups that grant users access to the applications that are required for their role.
When a user is added to Service Portal, one or more roles can be assigned to the user. A user role is equivalent to a security group, which is defined in the Security Groups application in the classic IBM Control Desk interface.
When you create a new Security Group, you must give permissions ((READ, WRITE, DELETE, NEW, SAVE, INSERT) to the relevant authorization applications to ensure that users of these groups can use Service Portal.
In the New Security Group page, the maxadmin user must open the Object structure tab and for each OS shown in the table, assign the relevant permissions.
| OS Authorization App | Group Self Service App | Group Agent App | Group Config App |
|---|---|---|---|
| CDUIATTACH_A | Delete, New, Read, Save | Delete, New, Read, Save | Delete, New, Read, Save |
| CDUICOMMTEMPLATE_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUICLASSSTRUCTURE_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUICOMMLOG_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIDOCINFO_A | Delete, New, Read, Save | Delete, New, Read, Save | Delete, New, Read, Save |
| CDUIFAVITEMS_A | Delete, New, Read, Save | Delete, New, Read, Save | Delete, New, Read, Save |
| CDUIIMG_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIMAXATTRIBUTE_A | Read | Read | Read |
| CDUIGETSYSPROP_A | Read | Read | Read |
| CDUIINCIDENT_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIINCIDENTLOG_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIMYINCIDENT_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIMYPROBLEM_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIMYSR_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIMYTICKET_A | Delete, New, Read, Save | Delete, New, Read, Save | Delete, New, Read, Save |
| CDUIOFF_A | Delete, New, Read, Save | Read | Delete, New, Read, Save |
| CDUIOFFLIST_A | Delete, New, Read, Save | Read | Delete, New, Read, Save |
| CDUIPRIORITYMATRIX_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIPROBLEM_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUISLA_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUISRMBULLETIN_A | Read | Read | Read |
| CDUISRMINCIDENT_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIALNDOMAIN_A | Read | Read | Read |
| CDUINUMDOMAIN_A | Read | Read | Read |
| CDUISYNDOMAIN_A | Read | Read | Read |
| CDUIGETGROUPMEMBER_A | Read | Read | Delete, New, Read, Save |
| CDUIGETPERSONGROUP_A | Read | Read | Delete, New, Read, Save |
| CDUIGETPGTEAM_A | Read | Read | Delete, New, Read, Save |
| CDUIGETUSER_A | Read | Read | Delete, New, Read, Save |
| CDUIGROUP_A | Read | Read | Delete, New, Read, Save |
| CDUIUSER_A | Read | Read | Delete, New, Read, Save |
| CDUISR_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUIASSET_A | Read | Read | Read |
| CDUIBOOKMARK_A | Delete, New, Read, Save, Insert | Delete, New, Read, Save, Insert | Delete, New, Read, Save, Insert |
| CDUIWOCHANGE_A | Delete, New, Read, Save, Insert | Delete, New, Read, Save, Insert | |
| CDUIMYWORKLOG_A | Delete, New, Read, Save, Insert | Delete, New, Read, Save, Insert | |
| CDUIWORKLOG_A | Delete, New, Read, Save, Insert | Delete, New, Read, Save, Insert | |
| CDUITKTEMPLATE_A | Read | Read | Read |
| CDUISITE | Read | Read | |
| CDUITICKET_A | Delete, New, Read, Save | Delete, New, Read, Save | |
| CDUISRMSOLUTION_A | Read | Delete, New, Read, Save | Delete, New, Read, Save |
| CDUISRMOFFCOMMENTS_A | Delete, New, Read, Save | Delete, New, Read, Save | Delete, New, Read, Save |
| CDUISRMOFFERING_A | Read | Read | Delete, New, Read, Save |
| CDUISRMSOLCOMMENTS_A | Delete, New, Read, Save | Delete, New, Read, Save |
Administrators control how security groups are defined. There are
two ways to create security groups:
- Create custom security groups
- You can create your own security groups or you can modify existing security groups. You must ensure that you have a security group for each user role in the preceding table and that you grant access to the applications that are required for the user role.
- Install IBM Control Desk Optional Content and use pre-configured security groups
- Optional content packages consist of artifacts and configurations that can be installed with
IBM Control Desk and used to facilitate
implementation. The optional content packs include the following pre-configured security groups,
which can be used for Service Portal user roles:
- SDASELFSERV - for self service users
- MAXADMIN - for administrative users
- SDAAGENT - for agent users