Set security for items and categories

Administrators can control access to content in the service catalog by creating and applying user criteria records.

Catalog managers and catalog editors can apply existing user criteria for items and categories to which they are assigned. However, catalog managers and catalog editors cannot create or edit user criteria directly.

You can create user criteria records that define conditions for user information. Then apply these criteria records to catalog items and categories, controlling access to these items and categories.

For example, create a USA Sales user criteria record matching users who are both in the sales team and based in the USA. Then apply this record to the USA IT Hardware catalog category, so only users matching the record can access that category.

The feature is active by default in new Fuji instances and upgraded instances that do not use entitlement-based access controls. If you upgrade an instance that uses entitlements, you can migrate to user criteria to take advantage of the improved control, flexibility, and reuse.

Access controls allow you to:

  • Manage access to multiple items and categories in one user criteria record. For example, create a single UK Employees user criteria record and apply it to multiple items and categories that are available to employees in the UK.
  • Allow access if one condition matches, or if all conditions match. For example, define that only users who are both in a specific location and who belong to a specific department can have access.
  • Use Available For and Not Available For lists to allow or prohibit access to users matching the conditions in a criteria record. For example, specify that a US-based catalog category is available for the users located in the USA but is not available for users belonging to the Sales department (whether in the US or not).
  • Extend matching to create conditions matching additional fields in the User [sys_user] table, without having to use a script. For example, you can add a condition to match items against the Cost center field in user records.