Set security for a variable Apply role-based restrictions to a catalog variable to control which users can create, write (update), read, and delete a value for the variable. About this task To apply role-based restrictions to a catalog variable: Procedure Click the lock icon next to each field. Select the roles that should have the associated access. This example shows that, for the the CPU Speed variable used by the Executive Desktop catalog item, only users with the itil role can write (update) or create a value for that variable. Note: You might need to configure the variable form to add the Create roles, Read roles, Update roles, and Write roles fields.