Permissions in Change Management
The role of the Administrator in Change Management is crucial for seamless workflow processes to take place. Below we have defined the ability enabled by each permission and provided best practices for which permission is required by each persona. Please make sure only relevant users can make changes in the CM lifecycle.
Permissions
Prior to assigning permissions, it is important to understand:
- What each permission allows
- Best practices for which permissions are recommended for each task that an individual is responsible for during the Change Lifecycle.
Below are detailed descriptions of which permissions are recommended per user.
Navigate to Setup > Users & Acess > Roles. All roles that can part take in the Change Management process need the Create and/or Manage permissions.
The following sections explain the CM process and lifecycle in detail. This information is helpful when determining which permissions are relevant to each user.
From the Add Permission button, select the Action from the dropdown menu and Configuration Item from the Subject dropdown menu. Click Create Permission to save changes made.
Change Catalog:
Table 1: Defining the permission
| Action | Definition |
|---|---|
| Manage | Allows users to create, delete, or update CCIs |
| Read | Allows users to view approved CCIs |
| Create | Allows users to create new CCIs |
| Update | Allows users to update existing CCIs |
| Delete | Allows users to delete CCIs |
The table above is based on the given scope: Site - Department - State (Draft/Internal/Approved)
Table 2: Best practice to manage the permissions
| Role | Permission |
|---|---|
| Owner | Manage |
| CAB Manager | Update |
| Requester | Read |
| Implementer | Update |
Changes:
Table 1: Defining the permission
| Action | Definition |
|---|---|
| Manage | Allows users to create, delete, or edit a Change Request |
| Read | Allows users to view (only!) |
| Create |
Allows users to:
|
| Update |
Allows users to update an existing Change Request. This includes:
|
| Delete | Allows users to delete a Change Request |
The table above is based on the given scope: Site - Department - Requester - Assignee - CC'd on
Some organization only allow pre-approved change processes and therefore you can block the ability to create Ad-Hoc changes. Follow the steps below to ensure you define the proper permissions/restrictions.
- Navigate to the relevant role
- Select Add Restriction
- Make the following selections:
- Action - Create
- Subject - Change
- Scope - Ad Hoc
Table 2: Best practice to manage the permissions
| Role | Permission |
|---|---|
| Owner | Manage |
| CAB Manager | Update |
| Requester | Create |
| Implementer | Update |