We saw this and other related misbehaviors and reported them in an issue in January, and as far as I know it has not been addressed even though they closed the issue. I just loaded Patch 004 and will be testing again after I follow in your footsteps and get the customer data imported. We got a very garbled response on that issue, which included problems like the Read license holders would create Support Requests in the Requester Console, but get notifications that took them to the Incident Console (where they should never be) and to their own incident - but they could not edit the Work Info in it, so why the heck were they directed there instead of the Service Request? From their Incident they could use the console interface and search and see every incident in the entire customer company, etc, which we did not think was wise at all.
I was basically told that it was "as designed," and my response was that the design stunk. I will be looking at the whole scope of the requester interface and access again with patch 004 installed to see if anything changed for the better (or worse), but I'm betting that it is just a fundamental flaw in the ITSM 7 application design - actually, a whole collection of them. I expect our implementation to be further delayed by the customization I will need to do in order to hide the things that never should have been visible, and expose those that should have, or redirect customers to where they should have been in the first place. I'll probably take the hints from Rick where possible. Christopher Strauss, Ph.D. Remedy Database Administrator University of North Texas Computing Center http://remedy.unt.edu/helpdesk/ > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of Joe D'Souza > Sent: Tuesday, June 05, 2007 5:10 PM > To: [email protected] > Subject: Design???? Feature??? Oversight?? Bug? > Importance: High > > First of all I am using ARS V7.0.1 Patch 002 and ITSM apps (the whole > shebang) V7 patch 003.. We are on SQL server 2K5 SP2 and on > Windows 2K3 SP 2 as well. > > If I log into the system using a read user who has restricted > access in the system I see the Application Administration > Console link. I can click on this link and that does take me > to the next administration page.. here off course it > restricts me from going further complaining that I don't have > admin rights if I try to click on any of the Create or View > buttons/URL's. > Why are read users even allow to go so far though? Is it by > design that they have allowed users to go that far? Is there > some sort of benefit that I am overseeing? > > Another area where users are able to intrude where they > should have not been able to go to are certain parts of the > Foundation Elements.. These users can click the Overview > Console link of the Foundation Elements, and see Other > Applications, pull down that menu and click on links like > Incident Management and then get errors like "ARERR [353] You > have no access to form > : HPD:Incident Management Console" > > They can even click on the CMDB link here and navigate to > most parts of the CMDB consoles and get those no access > errors there again but some of the consoles are open to these users.. > > Can any of you guys running these same applications, > reproduce this or is it just me? > > Joe > > PS: Most of my users have been mass loaded using a utility > provided by Remedy that I once discussed about about 3 weeks > ago. But even the users that have been manually created as > read users with restricted access exhibit the above... > > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.472 / Virus Database: 269.8.7/830 - Release > Date: 6/3/2007 > 12:47 PM > > ______________________________________________________________ > _________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > ARSlist:"Where the Answers Are" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
