locked
Group Permissions Per Service Offering Not Working RRS feed

  • Question

  • So I am having a user permissions issue on the self service portal. 

    I have the following setups, I can provide any details necessary but I figure this gives an outline.

    IT Helpdesk User Group-->IT Helpdesk Catalog Group-->IT Helpdesk Request and Service Offerings

    I have an AD group assigned to the IT Helpdesk Security group that covers all the employees. So ALL employees can see these request offerings. There are NO connections that I can find between this group and the camera group I describe below. The next group, which is restricted, is the following.

    Camera User Group--> Camera Catalog Group-->Camera Request and Service Offerings

    This Camera User Group has an AD group containing users that we know to need access to requests regarding cameras. The problem is, these Camera Request and Service offerings are showing up in the service catalog for the IT Helpdesk User Group. If needed I can show screenshots of all of these things. 

    I should note I believe I have this all setup correctly. IT Group, all employees, access to a catalog group that is restricted to IT Helpdesk requests and offereings, it does NOT have camera related requests or offerings contained in the permissions.

    Camera group.... has a specified Camera AD group, catalog group for cameras which has service and request offering selected that relate to cameras.

    I log in with a user that only has Employee access, but they see ALL offerings, included Camera. 

    Any ideas on the cause of this?

    As a last note, I got the structure of how to do this from the following page.

    http://www.concurrency.com/blog/scsmportalpermisions/

    It seems pretty cut and dry...

    • Edited by CodyMathis Wednesday, June 18, 2014 7:03 PM Added Info
    Wednesday, June 18, 2014 7:03 PM

Answers

  • Whats probably happening is that you have IT Helpdesk User Group in a user role that has access to all catalog items. I believe that if the group is in any of the canned user roles, they will have All Catalog Groups selected. 

    So, is IT Helpdesk User Group in more than one user role? Or, is the group nested under any other group that would be in a user role with access to all catalog items?  Keep in mind that when creating a user role its default will have All Catalog Items selected.


    - Get on the floor, do that dinosaur

    • Marked as answer by CodyMathis Saturday, June 21, 2014 1:56 AM
    Wednesday, June 18, 2014 7:17 PM

All replies

  • Whats probably happening is that you have IT Helpdesk User Group in a user role that has access to all catalog items. I believe that if the group is in any of the canned user roles, they will have All Catalog Groups selected. 

    So, is IT Helpdesk User Group in more than one user role? Or, is the group nested under any other group that would be in a user role with access to all catalog items?  Keep in mind that when creating a user role its default will have All Catalog Items selected.


    - Get on the floor, do that dinosaur

    • Marked as answer by CodyMathis Saturday, June 21, 2014 1:56 AM
    Wednesday, June 18, 2014 7:17 PM
  • I have just went through and double checked. I have my IT Helpdesk User Group strictly defined in one security role, which is only given access to that one catalog group. 

    That is what is confusing me. I've got everything specific. I'll take the time tonight to do some screenshots of my setup. 
    Wednesday, June 18, 2014 7:51 PM
  • Turns out, I WAS doing everything correctly. I guess I should have mentioned I have the Cireson Total Management Suite installed on our SCSM setup. Turns out they haven't currently implemented this feature onto their HTML5 portal. It is supposedly supposed to work after this week when version 2.0 comes out.

    I appreciate the help. Turns out I spent a lot of time trying to make the impossible work. At least I have a very thorough understanding of the security roles and catalog groups. 

    Saturday, June 21, 2014 1:57 AM