Roles

Each technician accessing the help desk tool will have a set of permissions to execute specific tasks in the application. These permissions are termed as Roles in ServiceDesk Plus. Roles are defined based on the various modules in the application.

The Administrator can create multiple roles and assign it to technicians based on the requirement. You can also view the list of technicians assigned to a particular role from the Role List View page.

Roles can be assigned only to technicians. Roles for requesters are pre-defined and hence cannot be configured.

To access Roles Configuration Wizard, go to Admin > Users & Permissions > Roles (Old UI: Admin > MSP Details > Roles).

The Roles List View page displays the list of default roles available in the application. You can perform actions such as adding, editing and deleting roles and viewing technicians assigned to a role.

The list of technicians assigned to a particular role can be viewed from the Role List View page by clicking View Technicians configured with this role icon. This makes it feasible for the administrator to assign permissions to technicians. To know more about viewing technicians assigned to a role, refer Viewing Technicians assigned to a Role.

Default Roles

The default roles (also known as System Roles) are pre-defined. The roles and their description is given in the tabular column below,

Roles	Description
AERemote Control	Role to perform Remote Control on workstations located remotely. This role should be combined with a role providing complete access to the assets module.
AnnouncementConfig	Role given to technicians to view, add, edit, and delete announcements.
Enable CMDB	Role to access the CMDB module. If a technician is provided with this role alone, then he would be able to view the Assets and the CMDB module. Apart from viewing the relationship map in the CMDB module, he would be able to Import CIs from a CSV file. If the technician is provided add, edit and delete permissions over the Assets module, then the same operations can be performed in the CMDB module for the CIs. To add attributes and relationships, the technician should be provided with add and edit permission over the assets module. Technician, without SDAdmin role, would not be able to set up the Configuration Item Types and Relationship Types in the Admin module.
HelpdeskConfig	Role to make changes related to helpdesk configuration. A user with this role will have access to the Home tab and Admin tab to make request related configuration.
MSPDashboardOwner	Mandatory. Provides view permission to MSP business dashboard.
SDAccountAdmin	Mandatory. Provides full control to his/her associated accounts.
SDAccountManager	Mandatory. Provides view permission to his/her associated accounts.
SDAdmin	The role given to the administrator. The administrator has access to all the modules in the application. The administrator alone has the privilege to access the Admin module which is the key to operate the application.
SDChangeManager	Role to access the entire Change module and perform operations such as adding change, editing, deleting and assigning change to technicians. The SDChange Manager alone has the privilege to approve/reject a change. The Dashboard display widgets related to Change module such as Change by Type, Approved Changes and Unapproved Changes. Technicians with this role can also view only their schedule in Schedule calendar.
SDCo-ordinator	Role to access the entire Request module and perform actions such as creating incident/service requests, editing, deleting and performing all the actions over the requests. The Dashboard display widgets related to Requests module such as Requests by Technicians, Open Requests by Priority, SLA Violation by Priority, Unassigned and Open Requests, SLA Violated requests and Requests Approaching SLA Violation. Technicians with this role can also view the Technician Availability Chart.
SDPointOfContact	Mandatory. Provides view permission to his/her associated accounts
SDReport	This role, by default, provides permission to create and schedule survey reports alone. This role when combined with another role, allows the technician to access reports based on the modules enabled in the other role.
SDSiteAdmin	If Sites are configured in the application, the SDSite Admin role provides complete access to his/her associated sites. The Site Administrator can configure all the Admin configurations pertaining to his/her site alone.

The above nine default roles cannot be deleted. However, SDSiteAdmin Role can be edited to suit your organization's needs.

Contents

Add a Role
Edit a Role
Viewing Technicians Assigned to a Role
Delete a Role

Add a Role

To add a role:

Click Add New Role link.
On the Add Role form, enter a unique name in the Role Name field.
Enter the description in the Description field.
Enable Permissions for the role by selecting the check boxes beside the access levels defined for each module of the application.

Permissions

The following are the permissions for the eight modules in the application:

Permissions	Description
View	View permission enables the technician to view the selected module. They cannot perform any other operations.
Add	Add permission allows the technician to perform Add operation for the selected module. On selecting the Add option for a module, the View permission check box is automatically enabled. If you have selected Add checkbox for request module, then the Add option under Advanced Permission - Request module is automatically enabled. Similarly, if Add checkbox is selected for the purchase module, then the Add option under Advanced Permission - Purchase module is also enabled.
Edit	Edit permission enables the technician to perform Edit operation for the selected module. The technician cannot perform Add or Delete operation. However, on selecting the Edit option for a module, the View permission check box is automatically enabled. If you have selected Edit checkbox for request module, then the Edit option under Advanced Permission - Request module is automatically enabled. Similarly, if Edit checkbox is selected for the asset module, then the Edit option under Advanced Permission - Assets module is also enabled.
Delete	Delete permission allows the technician to perform Delete operation for the selected module. The technician cannot perform Add nor Edit operation. However, on selecting the Delete option for a module, the View permission check box is automatically enabled. If you have selected Delete checkbox for request module, then the Delete option under Advanced Permission - Request module is automatically enabled.
Complete Access	Selecting complete access check box for a module automatically enables View, Add, Edit and Delete checkbox for that module. Complete Access allows the technician with complete access to the selected module. If the selected module has Advanced Permissions, then those options are enabled automatically. If an action is disabled in Advanced Permission, say, Adding Requesters under Request module, then complete access to request module gets automatically disabled.

Example: To provide complete access to requests, assets, contract, and solutions module, enable Complete Access check box beside these modules. This will automatically enable all the operations of corresponding modules.

Permissions for modules Requests, Purchase and Assets are further categorized and defined under Advanced Permission.

Request FGA (Fine Grained Authorization)

Enable advanced permissions for Add, Edit and Delete operations by enabling any of the following check boxes.

Advanced Permissions	Description
Adding/Editing Request Task	Permission to Add/Edit the request tasks.
Adding Requesters	Permission to add new requesters on the fly while creating a new requests/problem/change. Adding requesters without this permission pops up an error message stating "Requester Does not Exist".
Resolving Request	Permission to change a request status to Resolved.
Disabling Stop Timer	Permission to change the status of a request to On hold.
Merging Requests	Permission to merge two or more requests.
Closing Request	Permission to change the status of a request to Closed.
Modifying Due Time	Permission to change the Due By Time and also the First Response Time of a request.
Modify Resolution	Permission to add/edit a resolution for a request.
Re-opening Request	Permission to change the status of the request to Open from the previous state.
Assigning Technicians	Permission to assign/reassign requests to technicians.
Editing Requester	Permission to edit the requester's name while viewing the request.
Deleting Others Notes	Permission to edit/delete notes added by other users/technicians. If the option is disabled, then the technician can delete the notes added by him/her.
Deleting Others Time Entry	Permission to delete the Work Order details entered by other technicians. If the option is disabled, then the technician can only edit/delete his/her Work Order Entry.
Deleting Request Task	Permission to delete the request tasks of a request.

Scan FGA (Fine Grained Authorization)

Advanced Permissions	Description
Scan Now	Permission to scan workstations from the workstation details page.

Purchase FGA (Fine Grained Authorization)

Advanced Permissions	Description
Adding New Product	Permission to add new products while creating a purchase order.
Adding New Vendor	Permission to add new vendors while creating a purchase order.

For instance, if all actions under Advanced Permission Request - Edit are disabled, then the technician is allowed other edit permissions such as editing the request type, status, mode, level, urgency, priority, impact, and category of the request.

You can provide permission to share requests, task technician to access requests, technicians in a task group to access requests, and approve solutions by enabling the respective checkboxes.

Permission	Description
Share requests	Technicians with this role will have access to share their requests.
Task technician to access requests	Task Technicians with this role can access requests to which their tasks are associated.
Technicians in a task group to access requests	Technicians in a task group with this role can access requests associated with that task group.
Approve solutions	Technicians with this role will have access to approve solutions.

For requests whose permission is obtained through these roles (Task technician to access requests & Technicians in a task group to access requests), request details can be accessed only from task details and the request will not be listed in the request list view.

Example: A site has two groups, say Group1 and Group2. Adam is a technician associated to Group1 with the privilege to view requests All in group & assigned to him. Adam can view all the requests in Group1and the requests assigned to him. He has the privilege to re-assign the requests to other technicians in his associated sites but once this is executed, the request will not be visible to Adam. You can also choose to restrict technicians from viewing the requests, problems, changes, and assets in the application. To do this, select the corresponding radio button in Technicians allowed to view,
All: The technician can view the requests, problems, changes, and assets for all the configured sites.
All in associated Site: The technician can view the requests, problem, changes, and assets for his/her associated sites alone. To associate sites with a technician refer Technician.
All in Group & assigned to him [Requests only]: The technician can view only the requests assigned to his/her associated group, and also the requests that are assigned to him/her.
Assigned to him [Requests only]: The technician can view only the requests assigned to him/her alone.

A technician has permission to view Requests, Problems, Changes, and Assets only if the View permission for these modules are enabled under Permissions.

Click Save. The role is displayed on the list view page.
Click Save and Add New to add another role.
Click Cancel to cancel this operation.
Click View List link to go back to the Roles List View page.

Edit a Role

To edit an existing role:

On the Role List page, click edit iconbeside the role name that you want to edit.
On the Edit Role form, you can modify the name of the role, description, and permissions associated with the role.
Click Save.
Click Save and add new to add a new role after editing.
Click Cancel to cancel this operation.

Viewing Technicians Assigned to a Role

To view technicians assigned to a role:

On the Roles List View page, click View Technicians configured with this Role icon
The Role to Technicians pop-up appears with the list of technicians configured with this role.

Deleting Role

To delete a role:

On the Role List page, click the delete iconbeside the role name that you want to delete. A dialog box confirming the delete operation appears.
Click OK to delete.
Click Cancel to cancel the operation.
Technician List is displayed on a pop-up window if technicians are assigned with a role.
Select the technician and enable the Send Notification check box to notify the technician. The e-mail address of the technician appears in the To field. You can add CC recipients for this notification if required. Enter the Subject and Description.
Click OK.