This table lists the default groups in the system and describes the general permissions of each. To see more information about a group's permissions, you can print out or save to a file the full details of that group's permission.
General description of access permissions
The admin group has full configuration and record access permission for the system. Admin users can see and do everything that is possible in the system. The number of admin users should be as small as possible.
This group is used to enable unregistered users to click on an email hyperlink sent in an outbound email in order to edit that record. It is used in conjunction with the Anonymous user. If all your users have user records in the system, you will not need this group. As a power user group member, the Anonymous user uses an assigned or floating license.
This group holds people who can approve Contracts or Change Requests. Approvers will primarily interact with their Approval records, but they can also view change requests for which they are an approver. They can also view and edit Contracts for which they are an approver, and can view tables related to approving Contracts such as Approvals, Approval Templates, and Companies.
Base Service Desk
This group has the base permissions that should apply to all more privileged groups dealing with the Service desk tables. Users in those groups should also be in the Base Service desk group.
This group has full create/edit access to records in the Support Case, Service Request, Incident, Problem, and Task tables, and create/edit own access to Change Requests and Time Entries. It has full view access to Assets, Services, Companies, and Employees and can edit its own employee record, but has no other create or edit access in those tables. It can create/edit end users (external customers). It cannot delete records.
This group is responsible for management of Change Request records and has full privileges on the Change Request table. Members can create, edit, and delete records in this table and will typically be Change Managers or Change Owners. They can also create task and approval workflows for Change Requests, and can edit Change Request related services.
This group has full access to the Asset records and is responsible for creating, editing, and deleting those records. People responsible for working on and configuring Assets, managing Asset resources, and so on would typically be in this group. They might also be added to the Service Manager group if they are responsible for setting up change request workflows or services related to assets.
For internal employees who can create contracts.
This group has full access to the Contract table, Approvals table, Steps and Approval Workflow tables, and Companies table. They also have some access to End Users and Employees. They are responsible for creating, editing, and approving contracts for customers or the company.
This group has a subset of the permissions that Contract Managers have. Its members are responsible for Contracts assigned to them, and have full permissions there, but can only view Contracts that they did not create or were not assigned to. They have all the other permissions necessary to allow them to use Contracts effectively.
Unused unless providing external customer support. Then this group is used for end user customers, who can submit and view their own support cases.
Customer Manager – relevant if providing external customer support. Customer managers can view all support cases for their own company.
Can create documents and edit their own – customer of document table.
People who can approve and publish documents.
Can edit approvals for which they are the approver.
This group may be used in hyperlinks to allow creation of new requests of any kind (such as leads, users, Incidents) without seeing the rest of the user interface
Internal Customer in employee table, can create Service Requests, Purchase Requests, and report Incidents, as well as see their own Assets, edit some of their profile information, and view other employee contact information. They may also access Knowledge FAQs.
This group is responsible for coordinating and recording information about marketing campaigns and providing quotes to prospective customers. They have full access to: Campaign, Company, Lead, Opportunity, and Product tables. They have some access to Product Quoted, Quote, Tasks, Teams, Time Entry, People: End User, and People: Employee tables.
This group is responsible for managing the Purchase Request and Item tables.
This group is responsible for recording information regarding sales efforts to specific companies as well as Purchase Orders made. They can also create and update Support Case records for the companies they represent. They have full access to: Company, Contract, Lead, Opportunity, and PO tables. Partial access to Campaign, Product, Product Quoted, Project, Quote, Support Case, Tasks, Teams, Time Entry, People: End Users.
For staff responsible for maintaining the Service Portfolio (Service table) and the Task Workflows/Templates table. Only Service Managers can create new Services.
To print group permissions...
- Go to Setup > Access > Manage Groups.
- Edit a group.
- Select the Tables tab.
- Sort by the Access column so that tables the group can see are on top, where Access is Yes.
- Check the box in the header row to select all tables.
- Hover over the printer icon and choose Print/Download Table View.
This produces a printout showing the ownership of records in the table and the basic permissions for each table for the selected group. Copy/paste the page contents into a text editor to document the system permissions for each group.