Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

This section helps you set up your organization-wise user database. After you set up the user database, you can create roles and groups, and can add users to such entities.

You can also set up your organization and user database using bulk imports and the ADSync Utility. For more details, read:    

Manage Organizations

As an administrator, you can set up a hierarchy that represents how your organization is constructed. You can create child organizations to represent divisions or branches of your organization. Each child organization can have one or more child organizations. You can also bulk import the organizations. For more information about bulk importing organizations, see Manage User and Organization Data through Bulk Imports.

Perform the following tasks:

Create Organizations and Child Organizations

Adding child organizations is the first step in creating an organization hierarchy. When you add child organizations, you assign them access to your subscribed application services. Organizations can be added one at a time or in groups. This procedure explains how to add a single child organization to a parent organization and set access to capabilities.

You can also add child organizations in bulk, using the Bulk Import feature.

Follow these steps:

  1. Navigate to MANAGEADMINISTRATIONTools on the main navigation panel.
  2. Click Organizations.
  3. To create a new organization: Enter the name and other necessary information and click Save.
    Note: To view the sibling and child organizations of the parent organization, click  icon.
  4. To create a sibling organization: Click  icon at the organization level where you want to create the sibling organization. Enter the necessary information and click Save.
  5. To create a child organization: Click  icon at the organization level where you want to create the child organization. Enter the necessary information and click Save.

     The maximum limit for hierarchy levels in an organization is 10 levels. 

Administer Users in a Child Organization

After you create a child organization, you further configure the entity by adding users and assigning access to capabilities.

Follow these steps:

  1. Add the users to the child organization. Users can be added manually, one at a time, or using the bulk import feature.
  2. Assign the users to application services.

Administrators can customize the logo that displays in the banner area of all workspaces.

To change the logo, navigate to the Manage, Administration, Tools, Organization, and upload the new logo. The guidelines for accepted file formats and dimensions are as follows:

  • .jpg, .jpeg, .png, and .gif are the accepted image file formats.
  • The logo image must confirm to the following dimensions: 
    • maximum width - 250 pixels
    • maximum height - 50 pixels

Larger images are scaled proportionally to fit the 250x50 pixels logo space.

Deactivate Organization and Child Organization

You can deactivate a root level organization or a child organization if the organization is no longer required. If a root level organization that you deactivate has child organizations below it, the child organizations are also deactivated. For example, consider the hierarchy, Documentation Management Company>>NA>>New York>>Islandia. Deactivating NA deactivates New York and Islandia. Deactivating only New York also deactivates Islandia. 

You cannot deactivate the out of the box root level organization that has been created during tenant provisioning. However, you can deactivate the child organization or sibling organization belonging to the out of the box root level organization.

Follow these steps:

  1. Navigate to MANAGE, ADMINISTRATION, Tools, Organizations.
  2. Select or search for the desired root level organization or child organization.
  3. Click the  icon.
  4. Click Yes to confirm the deactivation.
    The organization is deactivated.

    The deactivated organization is retained on all tickets, CIs, knowledge articles, and other transaction records for reporting and other purposes. However, the deactivated organization is not available for use in any new operations.

To activate a previously deactivated organization, navigate back to the desired organization and click the  icon.

Manage Users

The Manage tab of the main navigation panel provides access to all of the user management controls. A tenant administrator can add and maintain users in one place. 

The Manage tab lets tenant administrators do the following tasks:

  • Add the users to the system, either one at a time or through the bulk import. You can maintain, update, and deactivate the user information.
  • Control user access by assigning them to groups with specific roles and permissions.
  • Access key application fields for all services for the efficient management of user application data.

The following diagram outlines the scenario:

Add Users

The first step in user management is to add organization members as users. You can add users one at a time, or in groups with the bulk import feature. The new users can receive an automated email notification that provides their login credentials. They receive this notification if the Email Notification setting for your organization is enabled. If your organization contains one or more suborganizations, you can add users to one or more of these entities. These procedures explain how to add a single user and how to add an existing user to another organization. You can also manage users in bulk, using the Bulk Import feature.

Follow these steps: (add users)

  1. Navigate to MANAGEAdministration, Tools, and click Users.
  2. Click Create Users and complete the required fields.
    Note: The Email Address field supports alphanumeric and special characters [_ | - | . | $ | # | ' | *]

  3. Select the License Type and the organization to which you want to add a user. The license type defines the role of the user.
    Note: Following license types are available: Self Service (Self Service User), Fixed (Administrator), Floater (Analyst), and Web Service (Web Service User). For more information about the various license types, see Manage Access through Licenses.
  4. Click Create and Edit.
  5. Complete the additional fields such as organization, role, and group.
  6. To grant access to applications, assign the user to relevant groups.
  7. Click Save.
    The user is added.

Follow these steps (add an existing user to another organization):

  1. Navigate to MANAGE, ADMINISTRATION, Tools, and click Organizations .
  2. Search the organization to which you want to add a user. By default, the top-level organization is selected.  
  3. Click Users.
  4. Click Relate Existing, and select the user.
  5. To grant access to applications, assign the user to relevant groups.
  6. Click Save.
    The user is added.

 Search for Existing Users

In a large organization, locating a single user record can be daunting. From the Users administration page, you can find a user record as follows:

  • Filter: Filter provides options for limiting user results by the following categories:
    • Organization - filters for users for the selected organizations.
    • Support Group - filters by the selected groups.
    • Roles - filters by the selected roles.
    • License Type - filters by the selected license types.
    • Status - filters by the active or inactive status of the users.
    • Type - filters by the type of user. Select System Users to get a list of web service users.
  • Search Users: Search page lets you type in any portion of the first name, last name, or email address of the user. The results are automatically filtered for all matching user records in your organization, limited to active users only. If you are an administrator for multiple organizations, the search results are restricted to the organization selected.

    These search options are mutually exclusive. Applying either filter automatically clears any current entry in the other filter. 

Update User Information

You can update the following types of user information:

  • Basic and advanced user properties.
  • Associate groups.
  • Associate organizations.

The groups your organization subscribes to can require some additional user information. Changes to this information can be made through the Users administration screen.

Follow these steps:

  1. Open the Users administration screen from the MANAGE menu.
  2. Locate the user that you want to update.
    Note: You can use the Filter or the Search Users field to locate the desired user quickly.
  3. Hover over the User in the list, click the  icon in the far left column, and click Edit Properties.
  4. Update the required information.
  5. Click Save.

Reset User Password

As a tenant administrator, you can reset the password of any user in your control.

Note: The tenant administrators cannot reset their own password using this functionality.

Follow these steps:

  1. Open the Users administration screen from MANAGE, Administration, Tools, and  click Users.
  2. Hover over the User in the list, click the  icon in the far left column, and click Edit Properties.
  3. On the Basic tab, perform one of the following actions:
    • Enter a new password and retype the password in the Change Password field. Click the Change Password button.
      Password change successful or policy violation message is displayed. 
    • Click Send Email. An email with a reset password link is then sent to the user. The user can click the link and can reset the password.

    The user password is reset.

You can also reset the password of a web service user.

Follow these steps:

  1. Open the web services user password administration screen from MANAGE, ADMINISTRATION, Tools , and  click Reset Web Services User Password.
  2. Search and select the web services user.
  3. Perform one of the following actions:
    • Enter the new password details and click Apply Changes.
    • Click Reset Password. An email with a reset password link is then sent to the user. The user can click the link and can reset the password.
    The web service user password is reset.

Assign Users to Groups

As a tenant administrator, you can assign users to groups to give them access to the services that your organization subscribes. After you assign a user to a group, the user can access the application through the UI. You can assign a group when you create a user or can add an existing user to a group. You can remove access to a group at any time.

Follow these steps:

  1. Navigate to MANAGE, ADMINISTRATION, Tools, and click Users.
  2. Locate the user to whom you want to assign the group.

    You can use the Filter or the Search Users field to locate the desired user quickly.

  3. Hover over the User in the list, click the  icon in the far left column, and click Edit Properties.

  4. Click Groups, and click Relate Existing.

  5. Add the group and click Save.
    The user assignment to the selected services is updated.

Create More Tenant Administrators

An organization can have multiple tenant administrators. The tenant administrators can designate other users as extra tenant administrators for their organization. A user can be designated as a tenant administrator for any organization to which the user belongs. A tenant administrator has administrator privileges for the selected organization, and for any child organizations that exist or are added.

Follow these steps:

  1. Navigate to MANAGE, ADMINISTRATION, Tools, and click Users.
  2. Locate the user that you want to designate as a tenant administrator.
  3. Hover over the User in the list, click the  icon in the far left column, and click Edit Properties. 
  4. Select the License Type as Fixed. 

    Assign the user to the Administration Group to provide the administrator privileges.

  5. Click Save to create the tenant administrator. 

    To revoke tenant administrator privileges, follow this procedure and change the License Type to Self Service. The tenant administrators cannot revoke their own administrator privileges.

Deactivate Users

If you do not want users to access the associated organizations and groups, you can deactivate them. When you deactivate a user, the user cannot log in to the application. The deactivated users are not removed from the user management grid. They are displayed in the grid, but the License Type column appears blank. Some scenarios for deactivating users are as follows:

  • The user is on sabbatical.
  • The user violated the terms of use.
  • Customers using contract resources that come and go frequently. Instead of recreating the account every time, the customer can simply deactivate the account.
  • Customers following a per-active user licensing model, charged based on the number of active users in a tenant. 

    For more information about the user activation and deactivation, see the next topic, Considerations—User Activation and Deactivation.

For deactivated users, their community contributions, consisting of board posts, remain on record.

Follow these steps:

  1. Navigate to MANAGE, ADMINISTRATION, Tools, and click Users. 
  2. Hover over the User in the list, click the  icon in the far left column, and click Deactivate User.
    The user is deactivated.

Considerations—User Activation and Deactivation

Review the following information: 

When a user is created, the user is active by default.

  • Privileges:A tenant administrator or security group administrator can activate or deactivate a user.
    • If a tenant administrator or security group administrator deactivates a user, the user is not deactivated globally. To deactivate the user globally, deactivate from all the organizations where the user exists.
    • Users cannot deactivate themselves.
    • A security group administrator cannot deactivate a user which is at a higher access level.
  • Login: A deactivated user belonging only to a single tenant cannot log in.
    • If a user belonging to multiple tenants is deactivated from one tenant, the user can still log in. The reason is that the user is still active in other tenants.
    • If a user gets deactivated from all the associated tenants, the user cannot log in.
  • Scope: The user activation and deactivation occur within the context of the organization. For example, if a user who belongs to multiple organizations within the same tenant is deactivated in one organization, the user can still log in to the tenant.
  • Notifications:
    • A user does not receive any email when the user is made inactive.
    • A user gets an email when the user is made active again.
    • For a deactivated user, no Forgot Password email is sent to the user.

Create and Manage Roles

This article describes how you can create and manage roles to implement Role Based Access Control (RBAC) in the application.

The access to the application features is based on the job roles of the users. A role is a logical grouping of support groups, contacts, or both.  All the members of a role inherit the permissions that are assigned to the role. A role facilitates easier assignment of permissions across the application. You can give similar permissions to contacts and support groups that can perform similar activities. For example, there could be different approval groups, which could all be grouped into the role of an approver. You can give this role the permission to access the Outstanding Items link in the navigation menu. This task reduces the effort in giving permissions to each group or contact undertaking this activity.

You can assign a particular workflow action to a role that contains support groups and members from a particular organization. Similarly, you can configure a management role to have access to certain reports. Association to the role can be direct or by virtue of the support group membership.

You can complete the following tasks with roles: 

  • Group the contacts and support groups logically.
  • Assign the permissions for the various application features to selective roles.
  • Determine the information that a role can view in a ticket using role-based views.

The role-based permission is applicable to all functions where permissions are applied. The role-based permissions include the navigation panel, toolbar options, knowledge articles, workflow actions, ticket templates, and communication templates. 

A role is not directly associated to an organization, site, or location. Contacts from any organization, site, or location can be assigned to one role. Making an organization inactive does not affect the role. The role remains the same. However, some of the contacts or support groups that are associated with the role can become inactive when their primary organization, site, or location is made inactive.

Considerations and Prerequisites

Review the following points that are associated with roles:

  • You cannot deactivate a role. The deleted roles are directly removed from the application.
  • A contact and a support group can participate in multiple roles.
  • The permission assignment to a role is not a part of role creation. The Assigned Permissions section is read-only and displays the permissions that are assigned to the current role. 
  • The system defined roles have a negative ID value. You cannot delete the system defined roles. For example, KB Analyst and KB Admin. 
  • You can delete a role. When you delete a role, the role record gets removed from the application. When a role is deleted, the relationships to contacts and groups that are related to the role are also lost. Therefore, permissions available to the contacts and support groups through that role are no longer available.

  • Do not create more than one role with the same name. The reason is that there could be a conflict in the recognition of the name by the system. However, CA Cloud Service Management does allow you to create multiple roles with the same name.
  • Roles cannot be used for assignments. Roles are available only of managing permissions and for identifying recipients for a communication template. This behavior makes it possible to send the notification to all members of the role.

Verify the following prerequisites:

  • Support groups and contacts are configured.  

Create Roles

Follow these steps:

  1. Create Role: Navigate to MANAGE, ADMINISTRATIONToolsRoles, and click Create New.
  2. Fill in the required information and click Apply Changes.

    A role name cannot match with any organization and support group name. 

  3. Add Role Members: Search and select groups, contacts, or both to add to the current role.

    The Assigned Permissions tab is read only and displays the permissions that are assigned to the current role.

When a contact associated with a role is made inactive, it does not affect the role or other contacts that are associated with the role. The contact is listed in the contact list of the role record. The relationship of contact with the role is not deleted.

Create and Manage Groups

CA Cloud Service Management allows administrators to create and manage groups. A group is a logical grouping of contacts. The group is based on the organization, role, specialization, or the support type. For example, create a group to work for a specific category of tickets that are raised from an organization. Members of a group can be from multiple organizations.

Some key actions you can take related to creating and managing Support Groups are:

  • Efficiently manage tickets by creating different groups and automatically assigning tickets to each of them through process flows/auto routes.
  • Define User For PermissionsNotificationsAssignmentApproval, or SLA Escalation to manage what support groups can be used for.

  • Define contact information for support group to manage notification that is sent to the support group.

  • Define Next Escalation Group for another Support Group to be used in SLA escalation for configuring escalation action.

  • Manage end-users ability to view All Requests for My Organizations.

  • Configure a schedule for support groups and relate holidays for the support group.

  • Effectively manage permissions as permissions granted to a group are automatically granted to all its members.

  • Enable organizational security by relating groups to an organization.

Default Groups

The application has the following default groups: 

  • Administrator
  • Public
  • Self-Service
  • Service Desk (L1)
  • Change Approvers
  • CAB
  • ECAB
  • Change Manager
  • Facilities Management
  • Desktop Support
  • Server Support(L2)
  • Configuration Management
  • Service Desk (L2)
  • Release Management

Prerequisites

Verify the following prerequisites:

  • The organization must be configured.
  • The contacts are configured so that you can add members to the group.
  • The escalation group exists if you want to configure the next escalation group for a group.
  • The holiday list exists if you want to associate a holiday schedule to the group.

View, Search, and Filter Groups

To view a list of all the groups navigate to MANAGEADMINISTRATIONToolsGroups. A list of all the group appears on the left column. You can sort this list that is based on the Group Name(A-Z), Last Modified Date, and Created Date. You can also search a particular group from the list that is based on the group name and description. Click Filter to apply filter on this list that is based on:

  • Related Organization: Search for an organization and select it to apply filter.
  • Related Member: Search for a member and select it to apply filter.
  • Type: Search for a type and select it to apply filter.
  • Used For: Apply filter that is based on the actions that the members of this group take. 
    • ALL
    • Permission
    • Notification
    • Assignment
    • Approval Group
    • SLA Escalation
  • Status: Apply filter that is based on the status
    • Active
    • Inactive
  • System Defined
    • All
    • Included System Defined

Create Groups

Follow these steps:

  1. Create Group: Navigate to MANAGEADMINISTRATIONToolsGroups, and click New Group.
  2. Fill in the information, on the General tab.

    1. Enter the Group Name , Description, and other necessary information. Group Name cannot contain a comma. When creating a group verify that the group name has no commas (,). 

    2. Select which actions are available for the group through the Used For options. 

      • Permissions: If a Group is configured as used for Permissions, the group name is displayed in any Permissions lookup.

      • Approval Group: If a Group is configured as used For Approval, the group name is displayed under the Approval section of a ticket or in the ticket approval lookup of a Ticket.

      • Notification: When a Group is configured as used For Notification, the group is available for use in the To, CC, and BCC fields of Communication Templates.

      • Assignment: If a Group is configured as used For Assignment, the group name is displayed in the Assign To Group lookup of a ticket. For example, It can be used for assignment through workflow actions.

      • SLA Escalation: If a Group is configured as used For SLA Escalation , the group receives information about any SLA escalations that occur.

    3. Specify the Group Email.
    4. Specify the Group  Phone.
      Note: The administrator can classify a group depending on the type of activities. This facility is extended through the fields that are named Type and Sub Type. For example, ERP Group can have a type as Software Support and a Sub type as External Vendor. Classifying the groups in this way could help in specifying the actions that the group takes. 
    5. To enable group members to view organization tickets, select the View  Organization Tickets option.

    6. If Disable Service Feedback is selected, all contacts in that group cannot participate in service feedback process. Contacts related to the organization are excluded from the service feedback process if you select the disable service feedback flag. If you select the Disable service feedback flag for an organization, but not for the primary group, contacts cannot participate in the feedback process.
    7. Click Save. The new group is now created. The MembersOrganization, and Business Hours tab become active for you to add further configuration to the group.

Add Members to the Group

Follow these steps to add members to the newly created group:

    1. Click the Members tab and then click Relate Existing User to search and add members to the group. Select a user and click Relate Selected Users.
      Note: The application does not impose any restrictions on the number of members in a group. You can add as many contacts to a group as you need. Also, you can relate a contact to multiple groups. No restriction is applicable on the number of groups a contact can be part of.

    2. To promote a member as group lead, click the drop-down button against a selected contact name and select Make User Group Lead. You can configure the application to send SLA escalation notifications to the group leads. You can also configure the group leads to be contextual approvers or reviewer for tickets.
    3. To make the current group as primary for a member, click the drop-down button against a selected contact name and Set As Primary.
      Note: While the contacts can be related to multiple groups, any one group is identified as Primary. This information indicates that the contact belongs mainly to this group. For all contacts with Self-Service License, the primary group by default is the Self-Service group. They can perform only those actions which are available from the Self-Service Interface. The primary group also controls aspects like the participation in service feedback.  If Disable Service Feedback is selected, all contacts in that group cannot participate in service feedback process. If you select the Disable service feedback flag for an organization, but not for the primary group, contacts cannot participate in the feedback process.

    4. To remove a user from the group, click the drop-down button against a selected contact name and click Remove User From Group.

Add Organization to the Group

Follow these steps to add organizations to the newly created group.

  1. Click the Organization tab and then click Relate Existing Organization to add an organization to the group. 
  2. Select an organization and click Relate Selected Organization.

    A user can be directly related to an organization as a contact or can indirectly be related through the user's group.

Add Business Hours to the Group

Follow these steps to add hours to the newly created group.

  1. Click the Business Hours tab and then click Add Schedule to add a business hour schedule. 

    If you do not specify the business hours for the group, by default the group availability is considered as 24 X 7. Defining group business hours provides information about the group availability for SLA monitoring. Therefore, if a group is available only for specific time; defining business hours would help. You can configure groups with a schedule where all contacts have the same work schedule. You can associate multiple schedules with a group. For example, you could have one schedule to be applied only for holidays or a schedule to exclude holidays. You can have one schedule for a specific part of the week; and one for another (like weekdays and weekends). Applying the schedules is used only to indicate the availability of a group. 

  2. Select the Holiday List for attaching a holiday list to the group.

Make a Group Active or Inactive

You can change the status of a group to Active or Inactive. Only the groups that are created by the users can be deactivated. The out of the box groups cannot be deactivated.

Create and Manage Role Based Views

The access to the application features must be based on the job roles of the users. For example, the administrative forms are only available to the administrators and not to the analysts. Similarly, users can see the asset center and automation center workspaces only if they belong to a specific role.

As an administrator, you can configure role-based views to customize the ticket forms for different roles. You can configure the visibility of the ticket sections for a role. You can use this feature for the following purposes:

  • Set the fields as read only or as edit for a particular role
  • Create, and assign role-based views to different roles
  • Modify a field label, and provide translations in the supported languages

The application also offers the system defined views for the self-service users. A default view is defined for all other users for each of the five ticket types. The system defined views have a negative ID.

Considerations

  • The self-service user views are applicable to all the users who have the self-service user group as their primary group.
  • The default views are applicable to non self-service users who are not associated with any role.
  • If a user is associated with more than one role, the application creates a super set of the role views. Access to sections, fields, and the ability to edit the visible fields  are based on the following rules:
    • If a section is visible in a view and not visible in the other view, it remains visible.
    • If a field is visible in a view and not visible in the other, it remains visible.
    • If a field can be edited in a view and cannot be edited in the other, You can edit it. 
  • If a self-service user is associated more roles, the application creates a role-based super set view. The self-service user-based view is not applied.
  • Deleting a view permanently deletes it from the database.
  • The communication templates remain unaffected by role-based view configuration. For example, if you have some fields that are excluded in a role-based view. But the fields are included in a communication template through the Add Fields from Forms option. The value of the fields is included in the notification sent using the communication template.

Modify System Defined Views

You can modify a system defined view with the following restrictions. You can modify the view to show or hide sections on the form. You can add alternate labels for the existing fields.

Follow these steps:

  1. Navigate to MANAGEADMINISTRATION, ToolsRole Based Views and view the list of existing role-based views.
  2. Select the system-defined view that you want to modify.
  3. Change the View Name and View Description, if necessary. 
  4. Click the Show check box for the section headers that you want to display on the view.
  5. Select a section header to view the list of fields available in that section. Use the Show and Edit checkboxes against each field to control the level of access to that field.
    If you want to provide a different name for a field, click New or Edit in the Alternate Label column. The Alternative Labels dialog appears. Click the plus icon, select a language, enter the new label, and click the save icon. The Alternative Labels dialog also allows you to add field names in other languages. To remove or delete an alternate label, click the corresponding red button.
  6. Click Apply Changes to update the details.

Create Role Based Views from an Existing View

You can use the Copy to New button to create a role-based view by copying the selected role-based view.

Considerations:

  • You can create a role-based view only by copying an existing role-based view.
  • The application carries forward all the mandatory sections, show fields, edit fields. The configured Alternate Field Labels to the new role-based view is also carried forward, without any change.
  • The application copies the Base Form value to the new role-based view and makes it read only.
  • The application copies the value of the Self-Service Role Based Form View check box and makes it read only.

Follow these steps:

  1. Navigate to MANAGEADMINISTRATION, ToolsRole Based Views to view the list of existing role-based views.
  2. Select the existing role-based view as a base for the view you want to create.
  3. Specify the name and description of the role-based view and modify the optional fields of the role-based view, if necessary.
  4. Click Assigned Roles and select the roles to be assigned with the new role-based view.
  5. To view the sections of the form, click Apply Changes.
  6. Select the sections and fields that you want to show on the form.
  7. Click Apply Changes.
  • No labels