Users, Roles, and Teams Overview
In order to access ChangeGear, a user must exist in the system and be assigned to a role. The role determines the access privileges for that user as well as the group to which the user belongs. Users may also belong to teams and have different roles per team. ChangeGear uses these groups or teams to define which users receive communications such as alerts and notifications.
User Administration
Users are selected and assigned throughout ChangeGear. You can define the details for users, and the roles into which they are placed, on the Users page in the Administration module.
The User page lets you define the critical details for each of your users including the licensing authorization and restrictions, names, title, department, and location. You can use the Common Tasks menu to create, edit, and delete new users as well as define their logon security access and create a detailed user profile.
Integrating Single Sign-On
A key feature of ChangeGear is the integration of user authentication with Microsoft Windows Active Directory (AD), as well as third-party identification providers. Using integrated authentication, users do not need to re-enter their credentials when accessing ChangeGear. This feature saves time, credentials are easier to manage because there are no separate user passwords to maintain, and if a user's authentication account is disabled their ChangeGear account becomes disabled as well.
When creating users in ChangeGear, some key details are automatically populated from the authentication provider. For example, the provider may provide the user’s first name, last name, and e-mail address.
To configure single sign-on using Active Directory, see Adding a User.
Roles Administration
All users must be placed into roles in ChangeGear. A role defines the user's privileges, including which fields are viewable or editable, and acts as a grouping mechanism in determining who receives notifications and other types of communication. Roles determine what items are visible to a given user - including modules, workflows, views, and fields - and how the user can interact with a given item.
ChangeGear provides a set of predefined roles. You can, however, use the Roles page to add roles and modify the descriptions, members, and module- and field-level privileges of these roles to meet your organization's requirements. Roles in ChangeGear are also used in conjunction with Teams, should you choose to implement them.
Teams Administration
Users may be placed in two different types of teams in ChangeGear: notification teams and security teams. A notification team can include groups of users with potentially disparate ChangeGear roles. A security team is a set of users with privileges that can be different from the user's role. Teams are used to divide the workload and ticket or CI management duties across departments, locations, or other organizational division. Security teams can also be used to restrict access to sensitive information within items. You can create teams and modify their membership, privileges, description, and group e-mail from the Teams page.
Users can belong to multiple notification and security teams. They can have different privileges and roles in each security team - i.e., George may have a Reviewer role by default, but he has the role of Incident Manager in the Database Security Team and the role of IT Staff in the DevelopmentTeam. If a ticket or CI is specifically assigned to George, he will only be able to access it with the privileges of the Reviewer role. However, if a ticket or CI is assigned to the Database Security Team, George will be able to access it with the privileges of the Incident Manager role. If a ticket or CI is assigned to the Development Team, George will be able to access it with the privileges of the IT Staff role.
All teams can have an assigned Team Owner that serves as a way to notify the team lead.
