Groups
This table lists the default groups that have been set up for the ITIL KB and describes the general permissions of each. To see more information about a group's permissions, you can print out or save to a file the full details of that group's permission by going to Setup > Access > Manage Groups, editing the group, and then on the Table tab, mousing over the printer icon to print out the general permissions for the group.
Groups | Type | General description of access |
|---|---|---|
Admin | Staff | These users can edit the system including rules and workflow, and can view, change and delete all records |
| Admin Import | Staff | This is a copy of the admin group with some additional create permissions for fields that may need to be set during import, such as date created, date updated, and so on. |
Anonymous | Staff | This group is only used to enable unregistered users to click on an email hyperlink sent in an outbound email in order to edit that record. It is used in conjunction with the Anonymous user. If all your users have logins in the system, you will not need this group. |
Approver | Staff | This group holds people who can approve Contracts or Change Requests. Approvers will primarily interact with their Approval records, but they can also view change requests for which they are an approver. They may be added to the Change Approval Board or the Emergency Change Approval Board Teams. They can also view and edit Contracts for which they are an approver, and can view tables necessary to approve Contracts such as Steps, Approvals, Approval Templates, and Companies. |
Base ServiceDesk | Staff | This group has the base permissions that should apply to all more privileged groups dealing with the Service desk tables. Users in those groups should also be made a member of the Base Servicedesk group. This group has full create/edit access to records in the Service Request, Incident, Problems, and Tasks tables, and create/edit own access to Change Requests and time entries. It has full view access to Configuration Items, Services, Companies, and Employees and can edit its own employee record, but has no other create or edit access in those tables. It can create/edit end user records, but not delete records. |
| Business Admin | Staff | This is for business administrators of the system who can view and edit all records in most tables. It is one level lower than the system administrators, who are in the admin group. |
Change Manager | Staff | This group is responsible for management of Change Request records and has full privileges on the Change Request table. Members can create, edit, and delete records in this table and will typically be Change Managers or Change Owners. They can also create task and approval workflows for Change Requests, and can edit Change Request related services. Change Managers will typically also be on the Change Advisory Board and possibly the Emergency Change Advisory Board Teams. They also have privileges to the configuration items table, where they can edit the status and other elements of configuration items, in order to carry out change requests on those configuration items. |
| CI Change Creator | Staff | This is a group used by a special script that captures changes to desired fields in Configuration Items, and stores those changes as records in the CI Change Log table. Do not delete if you use this functionality. |
Configuration Manager | Staff | This group has full access to the Configuration Item records and is responsible for creating, editing, and deleting those records. People responsible for working on and configuring CIs, managing CI resources, and maintaining the configuration item catalog would typically be in this group. They might also be added to the Service Manager group if they are responsible for setting up change request workflows or services related to CI's. |
Contract Creator | End user | For internal employees who can create contracts or contract requests. They can create and edit their own contracts and view all contracts. |
Contract Manager | Staff | This group has full access to the Contract table, Approvals table, Steps and Approval Workflow tables, and Companies table. They also have some access to End Users and Employees. They are responsible for creating, editing, and approving contracts for customers or the company. |
Contract Owner | Staff | This group has a subset of the Contract Manager permissions. They are responsible for Contracts assigned to them, and have full permissions there, but can only view Contracts that they did not create or were not assigned to. They have all the other permissions necessary to allow them to use Contracts effectively. |
Customer | End user | Used only when providing external customer support. Then this group is used for end user customers, who can submit and view their own support cases. |
Customer Manager | Staff | Customer Manager – relevant if providing external customer support. Customer managers can view all support cases for their own company. |
Guest | End user | This group may be used in hyperlinks to allow creation of new requests of any kind, such as Leads, users, Incidents, without seeing the rest of the user interface. It can also be used by a user to self-register. |
Internal customer | End user | Internal Customers are your general employees - they can submit Service Requests and Incidents based on the service catalog, as well as see their own Configuration Items. They can edit some of their profile information and view other employee contact information. They may also access Knowledge FAQs. Most users should be in this group in addition to any other groups they need. |
Knowledge Creator | End user | Can create knowledge articles and edit their own records until they are approved. They can also view others' records. This user should also typically be put into the Internal end user group to be able to submit service requests. |
Knowledge Reviewer | Staff | Can edit approvals for knowledge articles for which they are the approver. |
Knowledge Manager | Staff | People who can approve and publish knowledge articles. They are responsible for Knowledge articles, maintenance of knowledge topics, and knowledge subtypes. |
Marketing | Staff | This group is responsible for coordinating and recording information about marketing campaigns and providing quotes to prospective customers. They have full access to: Campaign, Company, Lead, Opportunity, and Product tables. They have some access to Product Quoted, Quote, Tasks, Teams, Time Entry, People: End User, and People: Employee tables. |
Procurement Group | Staff | This group is responsible for managing the Items Requested in service requests that involve purchases and they also have full access to the CI Subtypes and Catalog Items tables. They are generally added to the Base ServiceDesk group as well to be able to resolve the service requests for purchases. |
Sales | Staff | This group is responsible for recording information regarding sales efforts to specific companies as well as Purchase Orders made. They can also create and update Support Case records for the companies they represent. They have full access to: Company, Contract, Lead, Opportunity, and PO tables. Partial access to Campaign, Product, Product Quoted, Project, Quote, Support Case, Tasks, Teams, Time Entry, People: End Users. |
Service Manager | Staff | For staff responsible for maintaining the Service Portfolio (Service table) and the Task Workflows/Templates table. Only the Service Manager group can create new Services. |