Organization-Based Security Scenarios
- Former user (Deleted)
- Amy Le (Unlicensed)
Scenario: Implicit OBS for Self Service Users
In this scenario, users can view tickets requested by them and the other tickets within their organization or down the hierarchy. The following example describes how the default implicit control is implemented for Self-Service Users:
- ABC Inc is the root level organization.
- Bruce Adams is the Self-Service User who is directly related to the root level organization.
- Head Quarters is the child organization under ABC Inc.
- Cat Taylor and Colter Ames are the Self-Service Users related to the child organization.
Configurations:
- Parameter Category = Self-Service Parameter Category
- Parameter Name = SSU_VIEW_MY_REQUESTS_ONLY
- Parameter Value = No
On the default support group Self-Service, select the View Organization Tickets option.
The table shows how the users related to each organization would view the tickets:
| User | View Tickets of ABC Inc. | View Tickets of Head Quarters |
|---|---|---|
| Bruce Adams | Yes | Yes |
| Cat Taylor | No | Yes |
| Colter Ames | No | Yes |
Scenario: Specific OBS for Self-Service Users
In this scenario, we can restrict the user from what they view. The following example describes how to set up specific OBS for serf-service users:
- We have two organizations Royal Mail and Parcel Force.
- Self-Service Users Lynn Parker and Mary Newburg are related to the Royal Mail organization.
- Self-Service Users Jeff Hardy and Joe Smith are related to the Parcel Force organization.
- Requirement:
- Lynn Parker and Mary Newburg from Royal Mail would view tickets that they have requested. Lynn Parker would not view the tickets reported by Mary Newburgl.
- Jeff Hardy and Joe Smith from Parcel Force would view tickets that they have requested and the other tickets requested within Parcel Force organization.
Configurations:
- Lynn Parker and Mary Newburg are related to a support group Royal Mail SSU Group and the default group Self-Service.
- Jeff Hardy and Joe Smith are related to a support group Parcel Force SSU Group and the default group Self-Service.
- Parameter Category = Self-Service Parameter Category
- Parameter Name = SSU_VIEW_MY_REQUESTS_ONLY
- Parameter Value = No
- On the default support group Self-Service, clear the selection for View Organization Tickets.
- On the support group Royal Mail SSU Group, clear the selection for View Organization Tickets.
- On the support group Parcel Force SSU Group, select the View Organization Tickets option.
The table shows how the users related to each organization would view the tickets:
| User | View self-requested tickets | View other tickets in the same organization |
|---|---|---|
| Jeff Hardy | Yes | Yes |
| Joe Smith | Yes | Yes |
| Lynn Parker | Yes | Yes |
| Mary Newburg | Yes | No |
Users can view the tickets in their organization from My Tickets.
Follow these steps:
- Navigate to Service Center and click My Tickets.
- Click Filt er and select Show my organization’s tickets.
Note: If this filter option is not available, users cannot view other tickets in their organization.
Scenario: OBS for Analysts – Direct Organization Relationships
This scenario describes the impact of OBS on Analysts with direct relationship with organization.
- Paul Martin is a member of the support group Parcel Force Support.
- Paul Martin is also a member of the Parcel Force Organization.
- Support group Parcel Force Support is directly related to Parcel Force Organization.
Configurations:
- Parameter Category = System
- Parameter Name = ENABLE_ORGANIZATION_BASED_ACCESS_CONTROL
- Parameter Value = Yes
Result:
- From Ticket Center, Paul Martin can view the tickets where the assigned_to_group on ticket is Parcel Force Support Group.
- Paul Martin can run a Global Search for tickets that are related to the Parcel Force Organization, which means either the Requester on the ticket OR the Requested For on the ticket has the organization set to Parcel Force Organization.
Scenario: OBS for Analysts – Indirect Organization Relationships
This scenario describes the impact of OBS on Analysts with indirect relationship with organizations.
- Sue Sponsor is directly related to organization Royal Mail.
- Sue Sponsor is a member of Database Support Group.
- The Database Support Group in turn is related to the Oscar Inc Organization and so Sue Sponsor is indirectly related to the Oscar Inc Org.
- Database Support Group is NOT related to Royal Mail Organization.
Sue Sponsor can do the following tasks:
- From Ticket Center view the tickets that are assigned to Database Support group.
- View the tickets of the organizations to which the user is either directly or indirectly related.
- Search for any tickets related to Royal Mail Organization and Oscar Inc. The global search will look for tickets where either Requester or Requested For has the organization set to Royal Mail Organization or Oscar Inc.
Summary:
- From Ticket Center, Analysts can view tickets assigned to any of the Support Groups of which they are a member.
- Analysts who are part of multiple organizations, can see tickets for all the associated organizations.
- Analysts cannot view the tickets assigned to Support Groups that they are not associated with.
- Analysts related directly or indirectly to the Requester or Requested For Organization on the ticket, can do the following tasks:
- Search for unlisted ticket by a keyword or ticket number.
- Open and edit the ticket.
- If the Requester Organization is different from the Requested For Organization on the ticket, and if Analyst is a member of any one of those Organizations, then the ticket will be accessible to Agent.
- If an Analyst has access to a ticket but one of the contacts (either Requester or Requested For) does not belong to a related Organization; the contact details will continue to be displayed on the ticket, but the user cannot view the contact record. A message "The Contact you are requesting does not exist or you are not permitted to access it" is displayed.
© 2019 Serviceaide 1-650-206-8988 http://www.serviceaide.com info@serviceaide.com