This article contains a table lists the default groups in the out-of-the-box system and describes the general permissions of each. The process you can use to print or save the full details of a group's permissions is described below the table. You can find information on how to actually configure group permissions in the Group Permissions Wizard article.
General description of access permissions
This group has full configuration and record access permission for the system. Admin users can see and do everything that is possible in the system. The number of admin users should be as small as possible. Admin users generally should not be deleted.
|Admin Import||Power User||This group is a copy of the Admin group that has additional create permissions specifically for importing. Admin Import users generally should not be deleted.|
|Adobe Sign User||Power User||This group, along with the Admin and Business Admin groups, is the only group that can see and work with Adobe Sign elements, such as the Adobe Sign Envelope and Adobe Sign Recipient by default. This group can create, edit, delete, import, export, or copy records they own in any of the AdobeSign tables.|
This group sets up unregistered users with the ability to edit records. Unregistered users can click on a hyperlink in an outbound email to edit records if they are given the Anonymous user distinction. If all your users have user records in the system, you do not need this group. As a power user, the Anonymous user uses an assigned or floating license. Anonymous users generally should not be deleted.
This group contains people who can approve either Contracts, Change Requests, or both. Approvers primarily interact with their own Approval records, but they can also edit Approval records assigned to their team, and view related records. They can also view and edit Contracts and Change Requests for which they are an approver, and can view tables related to approving Contracts such as Approvals, Approval Templates, and Companies.
Base Service Desk
This group uses the same base permissions as the highly privileged groups who work with Service Desk tables. Users in those privileged groups should also be in the Base Service desk group. All IT Staff should belong to this group, as well as any additional groups for special permissions.
This group has full create and edit access to all the records in the Support Case, Service Request, Incident, Problem, and Task tables, and create and edit access to Change Request and Time Entry records that they own. These users have full view access of the Asset, Service, Company, and Employee tables, can edit their own Employee records, but does not have any other create or edit access in those tables. It can create and edit End Users records. It cannot delete records.
|Business Admin||Power User||This group is for business administrators who can view or edit all records in all tables. Business Admin users generally should not be deleted.|
This group is responsible for management of Change Request records and has full privileges on the Change Request table. Members can create, edit, and delete records in this table and are typically users with Change Manager or Change Owner roles. They can also create task and approval workflows for Change Requests, and can edit Change Request related services.
This group has full control over records in the Asset and Model tables. People responsible for working on and configuring Asset records, managing asset resources, or other similar projects, are typically in this group. They might also be added to the Service Manager group if they are responsible for setting up change request workflows or services related to assets.
This group has full control over records in the Contract, Approval, Approval Templates, Approval Workflow, and Company tables. They also have limited access to the End User and Employee tables. They are responsible for creating, editing, and approving contracts for customers or the company.
This group has similar permissions to the Contract Managers group. Members are responsible for and have full permission of Contracts where they are the Internal Contract Owner, but can also view Contracts that they did not create or were not assigned to.
|Contract Requester||Power User||This group is for internal employees who can create and edit their own contracts. They can also view all contracts.|
This group is used for end user customers, who can submit and view their own support cases. This group is generally only used when providing external customer support.
This group is used so Customer Managers can view all support cases for their own company. Similar to the Customer group, the Customer Manager group is generally only used for providing external customer support.
This group can create, edit, and export their own Document records. However, they cannot view the Document records of others.
This group has nearly full control of all records in the Documents table. However, they do not have the ability to modify the Status field of a Document record manually.
This group can edit Approval records where they are the Approver. They can also view all records in the Document table.
|DocuSign User||Power User||This group, along with the Admin and Business Admin groups, is the only group that can see and work with DocuSign elements, such as the DocuSign Envelope and DocuSign Recipient tables, by default. This group can create, edit, delete, import, export, or copy records that they own in any of the DocuSign tables.|
This group is assigned to external users who can click on a hyperlink in an outbound email that allows them to create new requests, such as leads, users, or incidents, in the system without needing to access the rest of the End User Interface. Guest users generally should not be deleted.
This group is for customers in the Employee table who can create Service Requests and Purchase Requests, report Incidents, as well as see their own Asset records. This group can also edit some of their profile information, view other employee contact information, and may also have access to the Knowledge Articles table.
This group is responsible for coordinating and recording information about marketing campaigns and providing quotes to prospective customers. They have full access to the Campaign, Company, Lead, Opportunity, and Product tables. They also have limited access to the Product Quoted, Quote, Task, Team, Time Entry, People: External User, and People: Employee tables.
This group is responsible for managing the Purchase Request, Item, and Item Requested tables. They can also view and edit all records in the Company Document table.
|Project Manager||Power User||This group has full control over Project, Task, and Task Template records that are related to their project. They can also create records and edit others' records in the Asset, Billing, and Billing.SR Time Entry tables.|
This group is responsible for recording sales efforts for specific companies, as well as the Purchase Order records that are created. This group can also create and update Support Case records for the companies they represent. They have full control over records in the Company, Contract, Lead, Opportunity, and PO tables. They also have partial access to records in the Campaign, Product, Product Quoted, Project, Quote, Support Case, Task, Team, Time Entry, People: End User tables.
This group has full control over records in the Service, Task, Task Step, Task Template, and Task Workflow tables. Besides Admins and Business Admins, Service Managers are the only group that can create new Services.
|Vendor||End User||This group is used to categorize vendor companies that can use the vendor portal. This group can create, edit, and view their own Company Document records, edit and view their own Company records, and view their own Contract records|
Access Group Permissions
To access and print group permissions in the system:
- Go to Setup > Access > Manage Groups.
- Edit a group.
- Select the Tables tab.
- Click Access to sort the Access column with Yes at the top.
- Click the box to the left of Edit in the header row, and click Select all found records.
- Hover over the printer icon and choose Print/Download Table View.
This produces a printout showing the basic Record permissions for each table. You can copy/paste the page contents into a text editor in order to document system permissions for each group, or group permissions for each system.