ServiceChanger
  • SERVICECHANGER V3
    • Introduction
  • GETTING STARTED
    • How to get started?
    • Learn the basics
    • Attribute Hierarchy: A Simple Guide
  • FEATURES
    • Automated Group Assignment
    • Attribute-Based Access Control
    • Intelligent Group Recommendations
    • Primary Collaboration Groups
    • Data Cleaner
  • GENERAL
    • Microsoft Entra ID
    • Roles and App Settings
    • API Documentation
      • Example: Membership Runbook
    • Frequently Asked Questions (FAQ)
    • Roadmap
Powered by GitBook
On this page
  • Why Use Static Roles?
  • App Settings & Restrictions
  • Third-Party Source (Global Setting)
  1. GENERAL

Roles and App Settings

In ServiceChanger

PreviousMicrosoft Entra IDNextAPI Documentation

Last updated 15 days ago

ServiceChanger follows a static role-based model to keep permissions simple and clear. Unlike dynamic access control, this approach ensures straightforward role assignments that minimize complexity.

There are two user roles in ServiceChanger:

  • ServiceChanger Administrator

  • ServiceChanger Operator

Both roles have essential access, but Administrators have additional privileges related to system settings, bulk actions, and subscription management.

The table below outlines what each role can and cannot do:

Feature
Administrator
Operator

Manage Third-Party Source setting

✅ Yes

❌ No (Button greyed out)

Manage Subscriptions

✅ Yes

❌ No (Button greyed out)

Generate All Attributes

✅ Yes

❌ No (Button greyed out)

Bulk Group Assigner

✅ Yes

❌ No (Button greyed out)

Bulk M365 Group Creator

✅ Yes

❌ No (Button greyed out)

Administrators have full control over system settings and bulk actions, while Operators manage daily operations without modifying critical configurations.

Why Use Static Roles?

✅ Keeps role management simple and prevents unnecessary complexity ✅ Ensures that only administrators can change system-wide settings ✅ Reduces risk by limiting access to bulk actions and subscription management

This structure allows organizations to securely manage access without making permissions overly complicated.

Access rights are managed directly in Microsoft Entra ID. For detailed instructions, click here.

App Settings & Restrictions

Certain settings in ServiceChanger affect all users, regardless of their role.

Third-Party Source (Global Setting)

The Third-Party Source setting is a system-wide configuration that applies to both Administrators and Operators.

  • When enabled, all user attribute modifications (Job Title, Location, and Department) are disabled in ServiceChanger.

  • This ensures that Microsoft Entra ID follows an external source, such as an HR tool.

Affected Feature
Change When Third-Party Source is Enabled

Edit Job Title, Location, Department (User Details Page)

Greyed out & disabled

Data Cleaner - Rename, Cancel, Save Buttons

Greyed out & disabled