locked
Restrict way to open IR and SR RRS feed

  • Question

  • Hello!

    By default, the SCSM console brings me 2 options to open IRs and SRs: "Create (Workitem) from Template" and "Create (Workitem)".

    This is our scenario:

    Beyond the HTML5 Portal, we also open our Work Items via Console (when it's a internal IT service).
    We have our own built templates, and also Request Offerings, for IRs and SRs.
    But, for the internal services, we want that the opening proccess of work items be the following:

    • IRs can't be opened via the option "Create Incident", because this open a blank form, which is useless for us today.
    • SRs can't be opened via the option ""Create Service Request from Template", because this option does not load the user imput fields which have been created in the request offerings.

    For the user roles, we have created queues with some criterias, and the roles have the support groups assigned. Filtering the Tasks of the roles, I do not flag the tasks that I don't want the users access (Create Incident and Create Service Request from Template. Views and Forms templates of the roles are not filtered, then, it's created.

    Ok, let's go to the tests:

    1. Nothing done. The users still can see the options I do not flagged to they don't see.
    2. I decided to filter the Views and Form templates of the role, and they are related only to the MP of Work Item which refers to the Queue. (Ex.: Queue of Incidents - Views and Form templates only contained in the Incident MP - The same logic for SR's).
      Nothing done! The users now can't open the Work Items inside any views (CR, IR, PR, RR, SR, MA, RA, PA, SA etc.)

    So now, after the 2nd test, i know the missing flag (or the option which must not be flagged) is in Views or Form Templates roles, but, after scrolling up and down several times by this roles, I couldn't find any role which ensure me it will Works.

    Well, I think I was the most detailed possible about this case. If someone could help in the resolution, I'll be greatful.

    Thanks!!

    Monday, May 29, 2017 4:13 PM

Answers

  • Hi

    Security roles in Service Manager are sometimes difficult to troubleshoot. You should be able to take away the "Create Incident" and "Create Service Request From Template" tasks from analysts. And this is done by having these tasks unflagged under the tasks area of the security role.

    But the security roles in Service Manager are cumulative and so if an analyst is in two or more roles they will get the combined effect of the roles.  I suspect the analysts have been given access to all tasks in another role and this is why it is not working.

    Also the default Security Profiles (the Out of the Box ones) give access to all objects, tasks and views. Using any of these will not allow specific control.

    I would check if you have used any of the out of the box security profiles and if large groups of users eg domain users\authenticated users have been used.

    It is is usually better to make a custom Security Role based on the out of the box Security Profile. Doing this allows you to fine tune the specific components, like tasks and views.

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    • Marked as answer by Hiago S Tuesday, May 30, 2017 2:39 PM
    Monday, May 29, 2017 8:30 PM

All replies

  • Hi

    Security roles in Service Manager are sometimes difficult to troubleshoot. You should be able to take away the "Create Incident" and "Create Service Request From Template" tasks from analysts. And this is done by having these tasks unflagged under the tasks area of the security role.

    But the security roles in Service Manager are cumulative and so if an analyst is in two or more roles they will get the combined effect of the roles.  I suspect the analysts have been given access to all tasks in another role and this is why it is not working.

    Also the default Security Profiles (the Out of the Box ones) give access to all objects, tasks and views. Using any of these will not allow specific control.

    I would check if you have used any of the out of the box security profiles and if large groups of users eg domain users\authenticated users have been used.

    It is is usually better to make a custom Security Role based on the out of the box Security Profile. Doing this allows you to fine tune the specific components, like tasks and views.

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    • Marked as answer by Hiago S Tuesday, May 30, 2017 2:39 PM
    Monday, May 29, 2017 8:30 PM
  • Hi, Glen.

    Thank you again by helpping me solving another case!

    I had some catalog groups containing IT users, Domain Users, etc, which in roles, they had "All tasks can be accessed" option flagged. Filtering the tasks of this roles, the problem was solved.

    Now this users can't access the options "Create Incident" and "Create Service Request from template".

    Thank you so much!

    Tuesday, May 30, 2017 2:39 PM
  • Hi Hiago

    No problem, glad to help.

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Tuesday, May 30, 2017 8:25 PM