Administrators can create custom, user-defined variables in HelloID. These variables may contain API keys, passwords, or other sensitive information that should be hidden from those who do not need that information. Variable values can be seen in the history of an automated task, for example, but can be hidden with the appropriate usage of permissions.

Configure an Admin Group

We are going to assign some specific rights to allow user-defined variables to be shown only to administrators. These rights can be assigned to synchronized groups, local HelloID groups, or both. For more information on group management see the article How to Manage Groups.

Our example uses a group called 'HelloID Variable Administration' with a narrowly defined scope of access.

Scope the Role

Before we can assign the rights to group, we should first create a role to specifically address the challenge of hiding variable values. See the article Roles - Overview for more information on creating and managing roles.

Name the role something descriptive, set enabled on, and ensure the Default toggle is off.

The first setting, 'View Task Input Variables', allows for a user to see the variables that were communicated to the service when a self-service or service desk task is executed.

The next block controls the administration of the variables.

No other rights should be assigned to this role.

Final Steps

Assign the group created in the first step to the role assigned in the second to complete the configuration. Inspect other roles to ensure they do not have access to these variable options.