Initial presentation: one particular user's CTM:People showed a 'Last Modified By'-value of other than expected parties. Further, the record and its corresponding user record lacked Application Permissions and Support Group associations I know I added the evening before (and then verified, by logging in as the user in question!).
Current symptom of the suspected behavior: Out of 300-odd support staff currently configured on our system, 43 CTM:People-records carry a 'last modified by' value OTHER than: either sys admins, or user him/herself. I have not positively verified that another user is changing data---but too many of us rely on 'last change'-type fields to verify a record's current status. If values captured in 'CTM:People->More Details->Last Modified By' are accurate, we do indeed have another 'gremlin' in the works. Further--one particular account shows 'last modified by' a support staffer who has no access to see that CTM:People record at all! Note, though: I have created a 'roaming staff' account, associated it with several companies/support groups, and not been able to actually deliberately modify any other personal profiles myself. We suspect there is a 'back door' through Incident Management workflow which is allowing unintended field-value modifications. Don W. McClure, P.E. Data Administrator & System Engineer Computing & IT Center, Call Tracking Administration University of North Texas, Denton dwmac_at_unt.edu "That which counts cannot necessarily be counted: that which can be counted will not always count." -- Albert Einstein -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of strauss Sent: Tuesday, May 20, 2008 11:46 AM To: [email protected] Subject: Re: ITSM 7 Support Staff permissions I'm not sure yet how it was done, just that it was, and that the last modified user on the profile that was altered was another support user in the same company. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of Lammey, Peter A. > Sent: Tuesday, May 20, 2008 11:30 AM > To: [email protected] > Subject: Re: ITSM 7 Support Staff permissions > > How are you able to do this? I tried this with a simple support staff > user and tried to go into People and see if I was logged in as that > support staff user with just Incident User and Asset viewer rights but > I could not alter anything (permissions, group membership included) for > other people except for the person's own profile. > > ITSM 7.02 patch 005 > > > Thanks > Peter Lammey > ESPN MIT Technical Services & Applications Management > 860-766-4761 > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of strauss > Sent: Tuesday, May 20, 2008 12:09 PM > To: [email protected] > Subject: ITSM 7 Support Staff permissions > > Has anyone run into an issue with ITSM 7 where it is entirely possible > for a support staff user (Incident User, Asset Viewer, no Roles at all, > just company and group membership) in a company to remove all of the > application permissions for another Incident user in the same group? > One of the departments has already experienced this. Remember how in > ITSM 5.x and 6.x there were many different filters trapping who could > update what fields in the SHR:People and User forms? I guess they left > all of those out in ITSM 7. We had thought that the Contact People > permission controlled this, but apparently not since our admin accounts > are the only ones that have those. > > Has anyone dug into this enough to explain it? As usual, the BMC docs > on permissions and roles are not much help. > > Christopher Strauss, Ph.D. > Call Tracking Administration Manager > University of North Texas Computing & IT Center > > _______________________________________________________________________ > ________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum > Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > Please consider the environment before printing this e-mail. > > _______________________________________________________________________ > ________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
