Roles
IT Asset Management (Cloud)
The
Roles tab on the Accounts page displays an
alphabetical list of available roles that can be assigned to accounts. IT Asset Management supports role-based access control. A role is a logical grouping of access rights or
privileges. Instead of assigning individual privileges to each account, the administrator
groups the privileges into roles, and you can then assign an operator's account to one or more
roles.
Tip: Until an operator's account is assigned to at least one role, the
operator cannot access any part of IT Asset Management.
Access rights define what an account can do in IT Asset Management. For example, an administrator role can control the configuration and management of IT Asset Management whereas a report viewer role can only view the reports and dashboards (and then only for data objects where the operator has at least Read only privileges). When you assign a role to an account, IT Asset Management assigns the access rights contained in the assigned role to that account.
Mapping roles and accounts
Only user accounts that have specific responsibilities and security approvals should be
assigned to roles that bring high-level privileges. For example, the typical administrator
role has tasks like:
- Configuring FlexNet Manager Platform properties
- Configuring currency settings
- Troubleshooting through the System Tasks page, and accessing/downloading logs
- Managing operators of FlexNet Manager Platform, and their privilege levels.
You can create multiple roles and assign one or more roles to an account, based on its job
requirements. When you assign multiple roles to an account, the account receives a logical
union of all the access rights assigned to each of the assigned roles.
Tip: If you
assign multiple roles where you have an overlap between an 'allow' right and a 'deny', the
'deny' always wins.
This page enables you to perform the following activities:
- Search for existing roles: You can search for an existing role. For information about searching and using other UI options, see the topics under Using Lists in IT Asset Management.
- View accounts associated with a role: Each role record displays the number of accounts assigned with that role. You can click this link to view the list of accounts assigned with the role on the All Accounts page.
- Create a role: You can create a new role and assign it to one or more accounts. See Creating a Role.
- Copy an existing role: You can copy an existing role to create a new role with modified privileges. Click the copy icon for the role you wish to copy. IT Asset Management displays the Create a Role page. Modify the desired properties and click Create. For more information, see Creating a Role.
- Change the rights for an existing role: You can adjust the privileges given to an existing role. Click the edit (pencil) icon for the role you wish to edit. IT Asset Management displays the Edit rolename page, where you can change any values except the role Name (other than this, the page is identical to the display for creating a new role). Modify the desired properties, and scroll to the bottom of the page to click Save. For more information, see Creating a Role.
- Delete a role: Click the delete icon for the role you wish to delete. IT Asset Management displays a confirmation message. Click OK to
delete the role.Note: You can delete a role whether or not there are accounts assigned to the role. When a role is deleted, any privileges granted to accounts through only that one role are revoked, so that (as always) each account has the sum of privileges granted by the roles to which it is currently assigned. Keep in mind that an account must be assigned to at least one role to have any access to IT Asset Management. If you delete the only role to which an account is assigned, the operator using that account is no longer able to use IT Asset Management until you assign that account to another role.
IT Asset Management (Cloud)
Current