This blogpost will detail my experiences and insights gained from implementing Role Based Access Control (RBAC) in a System Center 2012 R2 Service Manager environment.
After installing Service Manager a couple of so called User Roles are created:
In its simplest form you should simply add Active Directory groups to one of the groups above and users member of that group will receive the corresponding rights. Microsoft has outlined what each User Role profile can do in the following article on TechNet: Appendix A – List of User Role Profiles in System Center 2012 – Service Manager – http://technet.microsoft.com/en-us/library/hh495625.aspx
The roles above are scoped Global as mentioned in their description. This means that if you are member of one or more of these roles you can see every CI, task, view, templates etc.. So if you want to authorize users more granulary you have to create custom user roles.
It is possible to include an Active Directory Group into more than one custom user roles, you can for example create an custom user role for incident management and one for change management. If you add the AD group to both, the …read more
Read more here:: Technical Blog of Kenneth van Surksum