Hi all- ARS 8.1.02, ITSM 8.1, etc - totally Remedy workflow question - architecture doesn't matter.
We are doing a test configuration on our dev server trying to configure multi-tenancy as follows: 1.) All People records belong to a company "MyCompany" 2.) Support users are in a company for their business unit, e.g. "Group 1, Group 2, etc". To be very clear, these are defined as separate companies - they are NOT under "MyCompany". 3.) We do not have unrestricted access turned on for anyone. - so if an incident is assigned to Group 1 we do not want Group 2 to be able to see it at all. The entire point of doing the above setup is to have one copy of each people record shared among everyone - otherwise the only real option is to load a separate copy of the people record for every defined company - and we're talking about millions of records in that instance. All of those would have to get updated weekly in order to keep things up to date, so that's kind of a non-starter. Or we could customize multi-tenancy, which seems like path fraught with peril... The tenancy documentation I read says that tenancy and row level security is based off of three things in 8.1: Customer Company for field 112, Support Company on field 60900, and Vendor Assignee groups. I was under the impression that permissions were additive - so, if there was a value in any of those three fields your People profile had to match all of them for you to be able to see the incident. I checked the permissions on Entry ID (Field 1) in HPD:Help Desk and they match this as advertised (Unrestricted access membership is also one of the permission groups for field one but no one is defined as unrestricted in my test setup). The problem is I don't think it's working right. The value that gets set for field 112 is the value of the customer's company, NOT the assigned group's company. Having the incident assigned to a group under a separate company has no real effect on anything. I checked the data and the field 60900 is filled in with the correct value of the Group entry that matches the assigned support company. Consequently, anyone can see all of the incidents, regardless of what company they are in. How do we go about getting this to work? Is it supposed to work how we want it, or is that a customization? All of the docs I read make me think it should work this way. I'm not even 100% sure anything is broken. I opened an issue with support too and I'm waiting to hear what they think. William Rentfrow [email protected] Office: 715-204-3061 or 701-232-5697x25 Cell: 715-498-5056 _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
