Group-based Security
Overview
Group-based security supports organizations who have different departments with different security and business rules and need to leverage a single service desk system. When enabled, Group-based security can restrict one department from accessing tickets related to the other department. For example, an IT team and an HR team can use a single Intelligent Service Management (ISM) environment but restrict viewing of tickets from the other team. HR tickets with confidential information can only be viewed by members of the HR group. IT members cannot view HR tickets in Ticket Center, Advanced Ticket Center, Scratchpad or through Search. Additionally, self-service users can open and view their tickets that are assigned to all groups through the self-service portal, email, and the mobile app.
Note
- If group-based security is enabled, organization-based security applies an additional restriction over group-based security.
- As a behavior, the View Organization Tickets check box is disabled in the Groups workspace, by default. As a result, the self service user cannot view the tickets of the organization, if group-based security is enabled.
Implications of Enabling Group-based Security
The following sections explain the implications of enabling group-based security on the various aspects of user interaction with the application.
| Impacted Area | Impact |
|---|---|
| Ticket Center, Advanced Ticket Center | Ticket list/grid displays only those tickets which belong to the groups that the Agent/Analyst is associated to. |
| Related Tickets | In the Related Ticket section, an analyst can view only those related tickets that are assigned to a group which they are associated to. Related tickets that belong to other groups are hidden. |
| Assigning Tickets | A ticket can be assigned only to the analysts associated to the Contacts/Support Groups. The assignment lookup lists only those Contacts/Support Groups that the analyst/agent are associated to. |
| Search | Search displays only tickets that are assigned to groups the analyst is a member of or tickets where the analyst is the ‘Requestor’ or ‘Requested For’ user. |
| Create Ticket | Analysts can log a ticket directly or can use Catalog or Scratchpad to create ticket for any user. The analyst could use the catalog to create a ticket that is automatically assigned to group they do not have permission to. In this case they will no longer have access to that ticket after creating it. |
| Standard Reports | Group Based security will not be applied to standard reports. All tickets will be shown in the Report |
Note
Approvers from outside the group can be added. They can view the only the ticket details exposed in the Outstanding Items workspace. They cannot view the full ticket details in the application.
Enable Group-based Security
Enabling group-based security mainly impacts Analysts and End users’ ability to view and interact with the ticket related data.
Note: An administrator can perform the following actions.
To enable/disable group-based security, perform the following steps:
- Navigate to Manage> Tools> Configuration Parameter
- Select ENABLE_GROUP_BASED_ACCESS_CONTROL
- Set the Parameter Value to Yes to enable group-based security
or Click No to disable group-based security. - Click Apply Changes to save the data.
Configuration Parameter- Beta
Note: An administrator can perform the following actions.
To enable/disable group-based security, perform the following steps:
- Navigate to Manage> Tools> Configuration Parameter
- Select ENABLE_GROUP_BASED_ACCESS_CONTROL
- Click Yes
- Click Save to enable group-based security.
Or
Click No to disable group-based security.
After the parameter is set to Yes, group-based security is enabled and users outside the group cannot view the tickets.
© 2019 Serviceaide 1-650-206-8988 http://www.serviceaide.com info@serviceaide.com