Matrix42 Enterprise Service Management comes with predefined roles. Each role has specific rights that define in detail what can and cannot be done in the system by a user to whom this role is assigned. Every user can be a member of one or more roles, so you can make sure that the users can change or see only the data pertaining to their areas of responsibility.

Every employee who is registered in Matrix42 ESM is automatically a member of the Everyone role. Permissions that are granted to this role apply automatically to all users of Matrix42 ESM.

Members of the Administration role have all permissions in Matrix42 ESM. Other roles can be defined for individual modules of Matrix42 ESM. Every employee can be a member of more than one role, in which case the permissions of the individual roles are accumulated.

The access to each area of an application, the data is managed separately and independently for each user role and within a number of available in the system Configuration Items. Data access and the entire application content for a specific user is defined by a number of a multi-layered permission settings, where access to the Configuration Item's data is the last verified step.

Permissions and audience are defined by the following criteria, starting from the most important ones placed on top of the list:

1. Application access
2. Navigation Item's audience
3. Layout audience settings (for a layout opened by the Navigation Item);
4. Action settings (of an opened by the Navigation Item layout);
5. Layout settings (layout opened for the specified action);
6. Data access settings specified as User Roles' Permissions for specific Configuration Items. 

Read this section to learn about how to manage CRUD security and Set Audience in SolutionBuilder.