NOBODY here has unrestricted access except admins - that would defeat the entire purpose of using multi-tenancy for the operational companies (central and distributed support groups have their own companies). We do use a single, global customer company for all defined customers, to which all of the support staff are given access.
Customers all have their membership defined in the global customer company, added by a filter when their account is created from LDAP, and that is what I use to give them access to RKM. They also get access to either the student customer company and/or the employee customer company based on roles in LDAP. So a single customer record could have permission to UNT Customers (they are homed there - field 112 on the CTM:People record), UNT Employees, and UNT Students; student employees get all three. We don't use Employee or Student to define access in RKM, but we do use them to define access to various service items in Kinetic Request. In fact, it was the process of defining permissions for Kinetic Request based on company access and application permissions that led us to use the same solution for RKM; instead of adding KMSAC-something permissions manually to all of our support staff's User records, we simply gave those permissions in RKM to all Incident Users. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Lyle Taylor Sent: Thursday, September 24, 2009 11:14 AM To: arslist@ARSLIST.ORG Subject: Re: Updating Permission Groups for Users in 7.1 ** I wish I had thought of this a little while back. This might have fixed something for us. However, for this to work, I would think that you would need to have the company added to the Access Restrictions list for each customer in order for the company's group to be added to their User record. Is that correct? Otherwise, from what I've seen, no company related groups get added to their profile. (Current everyone here has unrestricted access, so we haven't been adding companies to people's Access Restrictions.) Lyle From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of strauss Sent: Thursday, September 24, 2009 9:37 AM To: arslist@ARSLIST.ORG Subject: Re: Updating Permission Groups for Users in 7.1 ** I have used escalations to do this in the past, so I'm not sure what tripped you up on yours. You might want to consider another approach if all 4,000 users are in a particular company or access group in ITSM. We added our 200,000 customers to RKM self service simply by adding self service to the group id in RKM for that customer company. In other words, assign your RKM permissions in RKM, to the group ids or companies, rather than making any changes to the actual User records. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Abdullah Baytops Sent: Thursday, September 24, 2009 9:37 AM To: arslist@ARSLIST.ORG Subject: Updating Permission Groups for Users in 7.1 ** Hello ARS listers Is there a way to perform a mass update of user record permissions on the people records in 7.1. Currently I have 4000 users that we now want to have KM rights in which initially they did not have that permission. Has anyone performed a mass update successfully on of people records. I have tried to simply run an escalation but it failed to update all the applicable records. Thanks in Advance V/R Abdul Baytops _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"
