Overview
Group-based security supports organizations who have different departments with different security and business rules and need to leverage a single service desk system. When enabled, Group-based security can restrict one department from accessing tickets related to the other department. For example, an IT team and an HR team can use a single Intelligent Service Management (ISM) environment but restrict viewing of tickets from the other team. HR tickets with confidential information can only be viewed by members of the HR group. IT members cannot view HR tickets in Ticket Center, Advanced Ticket Center, Scratchpad or through Search. Additionally, self-service users can open and view their tickets that are assigned to all groups through the self-service portal, email, and the mobile app.
As a behavior, the View Organization Tickets check box is disabled in the Groups workspace, by default. As a result, the self service user cannot view the tickets of the organization, if group-based security is enabled.
Note
- Organization-based security applies as an additional restriction over group-based security, if enabled and vice versa.
Implications of Enabling Group-based Security
The following sections explain the implication of enabling group-based security on the various aspects of user interaction with the application.
Impacted Area | Impact |
---|---|
Actions | Ticket list displays only those tickets which belong to the group that the Agent/Analyst is associated to. |
Related Tickets | In the Related Ticket section, agent/analyst can view only those related tickets that are assigned to group which they are associated to. Related tickets that belong to other groups are hidden. |
Assigning Tickets | A ticket can be assigned only to the agent/analyst associated to the Contacts/Support Groups. The assignment lookup lists only those Contacts/Support Groups that the analyst/agent are associated to. |
Ticket Search | Ticket Search displays only those tickets that belong to the group the Agent/Analyst are associated to and the agent/analyst must be the ‘Requestor’ or ‘Requested For’ for those tickets. |
Create Ticket | Agents/Analysts can log a ticket directly or can use Catalog or Scratchpad to create ticket for any user. |
Note
Approvers from outside the group can be added. They can view the details in the Outstanding Items workspace but not view the ticket details.
Enable Group-based Security
Enabling group-based security mainly impacts Admin/Agent/Analyst and End users’ ability to view and interact with the ticket related data. End users are restricted further only to view their own requests or tickets created as ‘Requested For’.
To enable/disable group-based security, perform the following steps:
- Navigate to Manage> Tools> Configuration Parameter
- Select ENABLE_GROUP_BASED_ACCESS_CONTROL
- Click Yes
- Click Save to enable group-based security.
Or
Click No to disable group-based security.
Add Comment