Prerequisite Settings for Users and Security Groups

General access to request types and certain functions related to processing requests are controlled by access grants associated with security groups. Users in those security groups have access to all of the functionality enabled by those access grants. You can impose restrictions on request viewing or processing at the request type level.

This section addresses the license and access grants settings required to enable general access to request processing.

Note: Only users with the Administrator license can create or modify user and security group accounts. Work with your administrator to provide users with the basic settings required to process requests. Process and data restrictions can later be implemented using settings in the workflow and request type definitions.

Licenses

To create and process requests, users must have either the Demand Management license or the Configuration license.

For details on the functionality associated with each license, see Licenses and User Roles. The following sections address how the functionality provided with each access grant depends on the license type the user has.

Access Grants

Table 4-1. Access grants related to request creation and processing lists the access grants that provide general access to request processing functionality.

Table 4-1. Access grants related to request creation and processing

Access Grant

Description

Demand Mgmt: Edit Requests

Perform basic request processing actions.

Lets the user:

  • Generate requests.

  • Edit the request as specified on the User Access tab in the Request Type window.

  • Delete the request as specified on the User Access tab in the Request Type window.

  • Cancel the request as specified on the User Access tab in the Request Type window.

Prevents the user from:

  • Changing the workflow when creating or editing a request.

Demand Mgmt: Edit All Requests

Perform advanced request processing actions.

User can:

  • Always edit the request.

  • Always delete or cancel a request.

  • Change the workflow when creating and editing a request.

  • Override and remove any references on any request.

Demand Mgmt: Change Request Type

Change the request type for existing requests.

Demand Mgmt: Edit Request Header Types

Create, update, and delete request header types in the Request Header Types Workbench.

Demand Mgmt: Edit Request Types

Create, update, and delete request types in the Request Types Workbench.

Demand Mgmt: Override Demand Mgmt Participant Restriction

This access grant lets the user review a request, regardless of whether that user has viewing permission as defined on the User Access tab for the request type.

Screen and function access provided through access grants is cumulative. A user who belongs to three different security groups has the access to all of the user interface and functionality granted to all of the groups combined. To restrict certain screen and feature access, remove the user from any security group that has access to those areas.

Use the Access Grants tabs in the User window to see all security groups that have been given specific access grants, and then:

  • Remove the user from the security group (using the Security Group tab in the User window).

  • Remove the access grants from the security group (in the Security Group window). Do this only if no one in that security group requires the access that the access grant provides.

    Note: The PPM includes additional access grants that you can use to control access to other functions in Demand Management. For more information, see Access Grants.