Analyst Security & Permissions
In the Supportworks client under the Analyst Properties there is an Application Rights tab and a System Privileges tab, the tabs may seem to have similar functions however there are key differences:
System Privileges - define access to different aspects of the general functionality of Supportworks that may or not be given to an analyst. For example, you can define a set of permissions which allow an analyst to log calls on Supportworks. This does not however specify which type of calls the analyst can log and which application this permission relates to. This further granular level of permissions is defined under the applicable application (i.e. data dictionary).
Application Rights defines the rights unique to applications (data dictionary) the analyst has access to. Many of these are subsets of the generic functions. For example, an analyst might have access to 2 data dictionaries; ITSM and Default. The analyst might be permitted to log and view incidents within the Default data dictionary but only permitted to view incidents on the ITSM data dictionary. If you have a combination of permissions assigned to an analyst, it results in permissions being added but not revoked. For example, if the 'can log incidents' right is enabled on the analyst properties but not on the security profile or vice versa, the analyst will be able to log incidents.
Roles work differently. With a combination of roles assigned to the analyst from security profiles and /or analyst properties, the highest role overrides the others.
Further information regarding system privileges, application rights, roles and security profiles are available via the following links