Profiles and Permissions in GLPI: Access Control in Practice

Richard Loureiro Updated on 2 min read 48 views

How to configure profiles, rights and restrictions in GLPI to control who sees and does what. RBAC guide with examples for self-service, technician and manager roles.

Misconfigured permissions are the #1 cause of security and usability issues in GLPI. This guide shows how to correctly configure RBAC for each user profile.

Understanding the permissions model

GLPI uses RBAC (Role-Based Access Control) with 3 dimensions:

  • Profile: set of permissions (what the user can do)
  • Entity: data scope (what the user can see)
  • Interface: Helpdesk (simplified) or Central (full)

A user can have different profiles in different entities. Example: Technician in the "IT" entity, Self-Service in the "HR" entity.

Self-Service (end user)

  • Interface: Helpdesk
  • Can: open tickets, track their own tickets, consult FAQ
  • Cannot: view other users' tickets, access assets, view configurations

Technician L1

  • Interface: Central
  • Can: view and resolve tickets from their group, consult CMDB, use knowledge base
  • Cannot: delete tickets, change rules, manage users

Supervisor

  • Interface: Central
  • Can: everything a Technician can + view tickets from all groups + approve validations + view reports
  • Cannot: change global configurations, manage plugins

Administrator

  • Interface: Central
  • Can: everything a Supervisor can + configuration + rules + entities + profiles
  • Cannot: change the Super-Admin profile, mass destructive actions

Configuring permissions

Go to Administration > Profiles and select the profile. Permissions are organized by module:

  • Assistance: tickets, follow-ups, tasks, validations
  • Assets: computers, monitors, software, etc.
  • Management: contracts, suppliers, budgets
  • Tools: knowledge base, projects, notes
  • Administration: rules, dictionaries, profiles, entities

Each item has CRUD permissions: Create, Read, Update, Delete, plus specific options.

Common pitfalls

  • Granting "All" ticket visibility to technicians – they will see tickets from all entities
  • Forgetting to test with the Self-Service profile – many bugs only appear in that interface
  • Not restricting the interface (Helpdesk vs Central) by profile

Next step

For access control to external systems within GLPI, see the Access Matrix module. For permission auditing, configure access logs and periodic reviews.

Frequently Asked Questions

GLPI comes with 7 profiles: Super-Admin, Admin, Technician, Supervisor, Observer, Self-Service and Helpdesk. Each one has pre-configured permissions that can be customized.

Yes. You can clone any existing profile and individually adjust the permissions for each item type (tickets, assets, configuration, administration).

Helpdesk is the simplified interface for end users (open and track tickets). Central is the full interface for technicians and administrators.

In the profile, configure ticket visibility as 'Group' instead of 'All'. The technician will only see tickets assigned to the groups they belong to.

Como traduzir chamados no GLPI com DeepL, Google ou IA

Como traduzir chamados no GLPI com DeepL, Google ou IA

May 27, 2026
Por Que Sua Empresa Deveria Usar o GLPI em 2026

Por Que Sua Empresa Deveria Usar o GLPI em 2026

May 26, 2026
O que é GLPI? Guia Completo 2026

O que é GLPI? Guia Completo 2026

May 22, 2026
50 Plugins e Módulos para GLPI: Guia Completo 2026

50 Plugins e Módulos para GLPI: Guia Completo 2026

May 19, 2026

Table of Contents

Search

Recent

Loading...

Trending posts

Last 7 days

Tags

Loading...

Need help?