Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

Overview

Group-based security supports organizations who have different departments with different security and business rules and need to leverage a single service desk system. When enabled, Group-based security can restrict one department from accessing tickets related to the other department. For example, an IT team and an HR team can use a single Intelligent Service Management (ISM) environment but restrict viewing of tickets from the other team. HR tickets with confidential information can only be viewed by members of the HR group. IT members cannot view HR tickets in Ticket Center, Advanced Ticket Center, Scratchpad or through Search. Additionally, self-service users can open and view their tickets that are assigned to all groups through the self-service portal, email, and the mobile app.

Note

  • If group-based security is enabled, organization-based security applies an additional restriction over group-based security.
  • As a behavior, the View Organization Tickets check box is disabled in the Groups workspace, by default. As a result, the self service user cannot view the tickets of the organization, if group-based security is enabled.

Implications of Enabling Group-based Security

The following sections explain the implications of enabling group-based security on the various aspects of user interaction with the application.

Impacted AreaImpact
Ticket Center, Advanced Ticket Center

Ticket list/grid displays only those tickets which belong to the groups that the Agent/Analyst is associated to.

Related TicketsIn the Related Ticket section, an analyst can view only those related tickets that are assigned to a group which they are associated to. Related tickets that belong to other groups are hidden.
Assigning TicketsA ticket can be assigned only to the analysts associated to the Contacts/Support Groups. The assignment lookup lists only those Contacts/Support Groups that the analyst/agent are associated to.
Search Search displays only tickets that are assigned to groups the analyst is a member of or tickets where the analyst is the  ‘Requestor’ or ‘Requested For’ user.
Create Ticket Analysts can log a ticket directly or can use Catalog or Scratchpad to create ticket for any user. The analyst could use the catalog to create a ticket that is automatically assigned to group they do not have permission to. In this case they will no longer have access to that ticket after creating it.

Note

Approvers from outside the group can be added. They can view the only the ticket details exposed in the Outstanding Items workspace. They cannot view the full ticket details in the application.

Enable Group-based Security

Enabling group-based security mainly impacts Analysts and End users’ ability to view and interact with the ticket related data. End users are restricted further only to view their own requests or tickets created as ‘Requested For’. 

Note: An administrator can perform the following actions.

To enable/disable group-based security, perform the following steps:

  1. Navigate to Manage> Tools> Configuration Parameter
  2. Select ENABLE_GROUP_BASED_ACCESS_CONTROL
  3. Set the Parameter Value to Yes to enable group-based security
    or Click No to disable group-based security.
  4. Click Apply Changes to save the data.

     

Configuration Parameter- Beta

Note: An administrator can perform the following actions.

To enable/disable group-based security, perform the following steps:

  1. Navigate to Manage> Tools> Configuration Parameter
  2. Select ENABLE_GROUP_BASED_ACCESS_CONTROL
  3. Click Yes
  4. Click Save to enable group-based security.

         Or

          Click No to disable group-based security.

After the parameter is set to Yes, group-based security is enabled and users outside the group cannot view the tickets. 

  • No labels