Set security for a variable Add permissions to a variable by specifying the roles that can perform read, write, or create actions on the variable. If a role is specified for the read, write, or create actions, only users with the specified roles can perform these actions. If no role is specified for the read, write, or create actions, all users who can access the catalog item can perform these actions irrespective of their role. For example, if no role is specified for the Write roles field, all users who can access the catalog item can edit the variable value in the variable editor. A user with a role that does not match any of the following roles cannot set variable values even through scripting. About this task To apply role-based restrictions to a catalog variable: Procedure Click the lock icon next to each field. Select the roles that have the associated access. This example shows that, for the CPU Speed variable used by the Executive Desktop catalog item, only users with the itil role can write (update) or create a value for that variable. Note: If needed, configure the variable form to add the Create roles, Read roles, and Write roles fields.