Service Portal has a security structure dependent on roles with one exception: Space Admin. Space Admin is a platform permission that gives the user the rights to administer the space and related items.
Roles are special teams used only for access and not for working items. Service Portal comes with the following roles preconfigured:
The roles are built into various security policies at the space and kapp level to allow for desired access control. Security Policies are evaluated in much the same way as Service Workflow attributes. When Service access is being determined, the Service is checked first. If no security policy is defined there, the Kapp is checked.
Service Portal comes with the following Security Policies applied: