Set security for a variable Apply role-based restrictions to a catalog variable to control which users can create, write, update, read, and delete a value for the variable. About this task To apply role-based restrictions to a catalog variable: Procedure Click the lock icon next to each field. Select the roles that have the associated access. This example shows that, for the CPU Speed variable used by the Executive Desktop catalog item, only users with the itil role can write (update) or create a value for that variable. Note: If needed, configure the variable form to add the Create roles, Read roles, Update roles, and Write roles fields.