Apply permissions to a service catalog variable Add permissions to a variable by specifying the roles that can perform read, write, or create actions on the variable. If a role is specified for the read, write, or create actions, only users with the specified roles can perform these actions. If no role is specified for the read, write, or create actions, all users who can access the catalog item can perform these actions irrespective of their role. For example, if no role is specified for the Write roles field, all users who can access the catalog item can edit the variable value in the variable editor. A user with a role that does not match any of the following roles cannot set variable values even through scripting. About this task On the Variable form, you can select roles for the following fields to specify who has these permissions.Table 1. Fields for service catalog variable permissions Field Description Create roles Roles that can create values for the variable before requesting the catalog item or record producer. If a user does not have the specified role, the variable is read only before requesting the catalog item or record producer. Read roles Roles that can view the variable before or after requesting the catalog item or record producer. Only a user with the roles specified in this field can view the variable. Write roles Roles that can edit the variable in the variable editor after requesting the catalog item or record producer. If a user does not have the roles specified in this field, the variable is read only in the variable editor. Procedure Navigate to Service Catalog > Catalog Definitions > Maintain Items, and select the catalog item with the variable that you want to set permissions for. In the Variables related list, select the variable. If the fields for the permissions that you want to set are not on the Variable form, configure the form layout to add these fields. Next to the field for the permission that you want to set, click the lock icon. In the window that opens for the permission, select the roles that should have the permission and move the roles to the Selected list. In the following figure, the itil role is selected in the Write roles window. Click Done after you finish selecting roles for the permission. On the Variable form, the roles that you selected are listed next to the field for the permission. The following figure shows the itil role listed next to the Write roles field on the form for the CPU Speed variable used by the Executive Desktop catalog item. With this setting, only users with the itil role can write values for the variable. Click Update.