Gavin, Thank you for the excellent write-up. It makes sense, and explains why I assigned a ticket to someone, and they couldn't see it. A validation of assignee upon save may help, as if they cannot see the ticket, there really is no sense in allowing it to be assigned to them. Perhaps I'll try a AL to perform this check, in all may spare time. Thanks again! Mark
________________________________ From: Action Request System discussion list(ARSList) on behalf of Coleman, Gavin Sent: Thu 3/12/2009 10:49 AM To: [email protected] Subject: Re: ITSM 7.1 Unrestricted Access Info ** Mark - considering that ITSM is based on ITSP, I can give you a brief run-down of how it works in ITSP. All restrictions are based on the Assignee Groups field. This field exists on various forms on ITSP. The values in here specify which Companies the entry "belongs" to. The values are based on the Assignee Groups field on the CTM:Company form (COM:Company in ITSM). Looking at the workflow for Incident, the following Company fields on the Help Desk determine which Companies the entry belongs to: Contact Company Direct Contact Company Company Thus if I log an Incident with Company A in the Contact Company, Company B in the Direct Contact Company and Company C in the Company fields, then the Assignee Groups field on this Incident would have the Assignee Groups Values for Company A, B & C in there. I.e. 1000001083, 1000001084, 1000001085. Anyone who has these entries in their Group List on the User form would be able to view this Incident (The User form is the ultimate destination of the Access Groups defined in the People form) Unrestricted Access works because Field ID 1 on the HPD:Help Desk form has Assignee Groups permission and also Unrestricted Access permission. Therefore if you have Unrestricted Access in your Group List field on the User form, you are able to view ALL Incidents. Interestingly BMC have not included the Assigned Support Company in the list of fields that determine which Companies the Incident belongs to. This is because it is perceived as a security risk. However, this does mean that if I have access to Company A and Company B and you only have access to Company B. If I create the ticket with Contact Company, Direct Contact Company and Company as Company A and assign it to a support group in Company B, you may get notified of this assignment, but you would be unable to view the ticket! I hope this helps. Let me know if you need any further information. Thanks, Gavin Coleman Senior Analyst/Programmer Computacenter (UK) Ltd Services & Solutions Hatfield Avenue Hatfield, Hertfordshire, AL10 9TW, United Kingdom T: +44 (0) 1707 631662 E: [email protected] W: www.computacenter.com From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Mark Lev Sent: 12 March 2009 14:04 To: [email protected] Subject: ITSM 7.1 Unrestricted Access Info ** Hello, I have reviewed the documentation, and cannot find a good write up of how Unrestricted Access vs. Access Restriction by company works internally. ARS 7.1 ITSM 7.0.3 Windows OS SQL Server All to latest patch level For example, - person x has access to company a - person y has access to company b - person z has access to Unrestricted Access What are the rules that determine what requests person x and y can see? Such as: - Customer selected must be in company A for person x to see requests AND?/OR? - person x must belong or assigned the ticket to see requests And?/OR? - etc??? I need to prepare an overview of how this works and without locating good documentation, I will need to do many tests to determine all the potential options that exist. Has anyone done this, know this, or can point me to the right document that explains in detail? Thanks Mark __Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are" html___ ********************************************************************** COMPUTACENTER PLC is registered in England and Wales with the registered number 03110569. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW COMPUTACENTER (UK) Limited is registered in England and Wales with the registered number 01584718. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW COMPUTACENTER (Mid-Market) Limited is registered in England and Wales with the registered number 3434654. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW COMPUTACENTER (FMS) Limited is registered in England and Wales with the registered number 3798091. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW The contents of this email are intended for the named addressee only. It contains information which may be confidential and which may also be privileged. Unless you are the named addressee (or authorised to receive mail for the addressee) you may not copy or use it, or disclose it to anyone else. If you receive it in error please notify us immediately and then destroy it. Computacenter information is available from: http://www.computacenter.com ********************************************************************** __Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are" html___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"
