locked
SCSM - Insufficient rights to assign SR to analyst RRS feed

  • Question

  • Hi all!

    This is my first thread in the forum, so don't judge too harsh :-)

    I have a problem that I can't really solve within SCSM 2012 SP1. I need a user-role that should be able to create and edit Incidents, Requests and Problems, so I created one with minimum required tasks with Incident Resolver as a template. yet there is one thing that the users with this role can't do: they can't assign Service Requests to Analysts.

    This user role is able to create, edit and close the Service Requests, but not assign them to Analysts. When trying to assign the Request, the users receive the following error 

    Date: 1/22/2014 5:05:59 PM
    Application: 
    Application Version: 7.5.3079.0
    Severity: Error
    Message: 

    Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user Domain\resolver does not have sufficient permission to perform the operation.
       at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
       at Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid discoverySourceId, IList`1 entityInstances, IDictionary`2 streams, ObjectChangelist`1 extensions)
       at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup managementGroup, Guid discoverySourceId, Boolean useOptimisticConcurrency)
       at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.Commit(EnterpriseManagementGroup managementGroup)
       at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.EnterpriseManagementObjectProjectionWriteAdapter.WriteSdkObject(EnterpriseManagementGroup managementGroup, IList`1 sdkObjects, IDictionary`2 parameters)
       at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.SdkWriteAdapter`1.DoAction(DataQueryBase query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String outputCollectionName)
       at Microsoft.EnterpriseManagement.UI.ViewFramework.SingleItemSupportAdapter.DoAction(DataQueryBase query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String outputCollectionName)
       at Microsoft.EnterpriseManagement.UI.DataModel.QueryQueue.StartExecuteQuery(Object sender, ConsoleJobEventArgs e)
       at Microsoft.EnterpriseManagement.ServiceManager.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

    Same goes if I create a user role with Problem Analyst as a template. Yet the problem is resolved if I create a user role with Advanced Operator as a template, but then the user has access to Change requests even if I uncheck all tasks for Change Requests, as the Edit button can only be disabled for All work items.

    So, the question is: how can I enable the possibility to assign Service Requests to Analysts under the Incident Resolver user role?

    If you need additional info - please let me know.


    Wednesday, January 22, 2014 3:11 PM

All replies

  • Custom security roles are created from a base role.  It has been my experience that roles created for Incident Resolvers cannot modify Service Requests even with those tasks enabled and vise-versa.  The solution is to create another role based on Service Request Analysts with those tasks enabled.
    Thursday, January 23, 2014 3:29 PM
  • Hey

    As mentioned, if you add a User to multiple User Roles then the permissions are cumulative. Another option could be manipulating/extend the default User Profiles. Check out these posts:

    http://marcelzehner.ch/2014/01/07/scsm-user-role-customization-using-powershell-and-sdk-part-1/
    http://marcelzehner.ch/2014/01/12/scsm-user-role-customization-using-powershell-and-sdk-part-2/

    Cheers
    Marcel


    Marcel Zehner // Blog --> http://marcelzehner.ch // Twitter --> @marcelzehner // Business --> http://www.itnetx.ch

    Monday, January 27, 2014 8:59 PM
  • I spent one week struggling till I come to this discovery ..........the custom user roles are based on the template they created from.......SO the best way to configure security is to make it Task based not Support Group based :) 

    Hossam Wael Elmosallamy (IT Support Engineer-ECC Solutions) MCSE - CCNA hossam.wael@eccsolutions.net Mobile:(011)-49464671 www.eccsolutions.net "Experience Reliability"

    Monday, December 22, 2014 9:20 AM