Creating a Role

To be able to use IT Asset Management, each account must be enabled, and assigned to at least one role. Access rights set for each role give two independent kinds of control:

You can restrict the amount or scope of data available to the role, by specifying one enterprise group in each of one or more of the Location, Corporate unit, Cost center, or Category fields. If you specify multiple group types, operators in this role can see only data that belongs to all the specified groups (a logical-AND).
You can restrict the functional areas of IT Asset Management that are available to operators assigned to the role. Note that when you first create a new role, it has no access to any part of the product. You must specify an appropriate access level, as described below, for each part of the product you want this role to see.

To create (or edit) a role:

1. Go to Administration > IT Asset Management Settings > IT Asset Accounts.
2. Click the Roles tab.

A list of existing roles displays.

3. Click Create a role.

The Create a Role page appears.

Tip:To edit an existing role, instead click the edit (pencil) icon at the right end of the role's entry in the list of available roles. You cannot rename a role, but thereafter you can edit the remaining values just as if you were creating a new role.

4. Enter the Name and Description of the role.
5. In the Access rights section, search and select one or more from Location, Corporate unit, Cost center, or Category to restrict the scope this role to the selected entities. For example, if you select Melbourne location for this role, the accounts assigned with this role would be able to view data that belongs only to Melbourne location.
6. From the alphabetic list of headings, click one (such as Administration or Applications) to expand the accordion covering the product modules; and define the permissions to access the listed features.

Repeat this for as many areas of product functionality as are needed for this role.

Tip:Access to devices is managed separately for discovered devices and inventory devices.

Within an expanded section (in most sections, but not in Business reporting portal, for which see below), the Privileges drop-down list lets you select common, high-level groupings of privileges from the following:

None—Denies access to the features in this module
Read only—Allows an operator in this role to review, but not change, information in this module
Normal—Grants access to the most common features in this module
Full—Grants access to all the features in this module
Custom—Enables you to control the access level for each of the features present in this module. You can select one of the following access levels for each feature:
Allow—Enables this feature for the operator with this role. Relevant menu items and on-screen controls are visible to the operator, and behave as expected.
Disallow—Does not grant access to this feature for an operator in this role. However, this setting is local for this role, and if an operator is assigned to multiple roles, an Allow for a feature in a role overrides a Disallow for the same feature in all other roles.

For example, if an operator Sam has two roles 'Role1' (disallows the List applications feature) and 'Role2' (allows the List applications feature), then Sam with 'Role1' and 'Role2' would be able to use the List applications feature.

Deny—Disables this feature for the operator in all circumstances. When an operator is assigned to multiple roles, a Deny for a feature in any role overrides an Allow for the same feature in all other roles.

For example, if 'Role1' denies the Create a new application feature but 'Role2' allows it, the operator, Sam, with 'Role1' and 'Role2' would not be able to see or use the Create a new application feature.

7. Only if you need to create business analytics reports, you can use the Business reporting portal section of the accordion to assign privilege levels associated to the My Analytics Home page (Dashboards > My Analytics Home).

Tip:These privileges are only available when you have imported the appropriate license from Flexera that includes the right to use the current version of Flexera Analytics (powered by IBM Cognos Analytics).

The Business reporting portal section provides the following Cognos privilege levels.

Analytics User—Can access the Cognos Workspace and Workspace Advanced, Report Studio, Query Studio, and Analysis Studio.

Important:By default, no more than 250 operators may be linked to the role that grants the Analytics User privilege (or to all roles that grant this privilege). If you assign more than 250 operators to these roles, all operators are locked out until you reduce the count of operators to the licensed limit. If you need more than 250 operators with this privilege, contact your Flexera Consultant with your request to increase the licensed count.

8. Click Create to create the role (or Save if you have been changing an existing role).

IT Asset Management displays the Role was created successfully message (and a similar message for an edited role). This role is now available in the Role list of Account Properties page for assignment.