USER GUIDE: CIRESON PORTAL USER TYPES
merlenette_jones
Member Advanced IT Monkey ✭✭✭
Cireson Portal User Types: The Cireson Portal contains several user types whose permissions are a combination of rights granted from System Center Service Manager (SCSM) and rights granted inside the Cireson Portal. For a detailed discussion on the security model please see the following article:
ADMINISTRATOR
- Definition: The Administrator user type has rights to:
- All portal views*
- Create/Modify/delete announcmens
- Change localization strings
- Admin Settings
- Navigation settings
- API documentation
Additionally, the Administrator has full access to all work items and configuration items.
*An administrator will still only see those views which are either public or which are granted to a group which he/she is a member of. Of course, administrators have access to Navigation Settings and so can therefore grant themselves permission to whatever view they want*
- SCSM Configuration: The Administrator user accounts must be included in the SCSM Administrator User Role
- Portal Configuration: The Administrator user accouts should be included in the Analyst, Knowledge Base Managers, and Asset Managers group for access to those specific role rights in the Cireson Portal
- Definition: The Analyst user type has rights to:
- Team Work
- Active Work
- Search
- Knowledge
- My Work
Additionally, Analysts have rights to the following Work Item Tasks:
- Change Status (Complete/Resolve)
- Link to/Convert to Parent
- Copy to New
- Assign to Analyst by Group
- Assign to Me
- Acknowledge
- Send Email
- SCSM Configuration: Analyst accounts must be imported into SCSM through an Active Directory (AD) Connector. They must also be a member of at least one of the following user roles within SCSM: Incident Resolvers, Service Request Analysts, Change Managers, Problem Analysts, Advanced Operators, or Authors User Roles. Analysts require access to the work item queues, configuration item groups, catalog item groups, and forms templates, that they require. Finally, the incident and service request support groups enumerations the analysts are associated with should all be mapped within SCSM to the appropriate AD groups within the Portal Group Mappings Setting (Administration Settings Portal Group Mappings).
- Portal Configuration: The Analyst group is chosen during the portal Installation process. The AD group can later be updated through the SettingsItems UI. Analyst access to create specific types of work items or take specific actions such as reviewing review activities or completing manual activities can be further scoped down to specific groups within the Admin Settings page of the portal. If the group is changed the cache builder service should be restarted.
KB MANAGER
- Definition: the KB Managers are able to create, edit, and delete KB articles as well as change the KB enumeration settings.
- SCSM Configuration: The KB Managers group and members must be imported into SCSM through an AD connector. They must also be a member of at least one user role within SCSM.
ASSET MANAGER
- Definition: The Asset Managers have permission to create/edit/view asset related data in the Cireson Portal.
- SCSM Configuration: The Asset Managers group and members must be imported into SCSM through anAD connector. They must also be a member of the Advanced Operators user role within SCSM. Further, they need access to Cireson Asset Management within the console and should have had the Cireson permissions tool run against them to grant access to asset management.
- Portal Configuration: The Asset Managers group is named during the portal Installation process. The AD group can later be updated through the SettingsItems UI. If the group is changed the cache builder service should be restarted.
END USER
Definition: Portal end user have scoped access to the service catalog and are able to use it to create incidents and service requests. They have access to the following portal views:- Home
- My Request
- Team Request (if configured)
- Knowlege Base (end user content only)
- My Work
- Reactivate
- Cancel
End Users can also be granted rights to approve or reject review activities, or to complete or cancel manual activities.
- SCSM Configuration: End users must be imported into SCSM through an AD Connector. They must also be included (usually as a member of the Domain Users AD group) within a custom end user SCSM role. Cireson recommends removing all users from the default SCSM End Users role and creating a new End User role specifically for the Cireson Portal. The End User role must have appropriate access to the required queues and service catalog groups for the portal end users.
- Portal Configuration: Within Admin Settings, end user rights can be scoped down to specific groups within the Admin Settings page of the portal. After making this change the web site should be restarted.
6
Comments
I have it Visible but not Public and the right group added but users in the group don''t see the queue.
You must also give your users access to the Parent work item as well not just the activity itself.
Merle
How "Assign forms to active directory groups" can be used? Can someone provide a real life example? Thanks
For example: HR department & Service Desk both action SRs assigned to their support groups. However HR need a different look and feel when they open the service request form showing different tab names and properties where the Service Desk need the out of box look with some extended properties for runbook automation input checking.
I would create a custom form section called HR on my ServiceRequest.js with these different tab names etc and assign this form to an AD group that represents my HR analysts in the admin settings.
I would also create a custom form called ServiceDesk on my my ServiceRequest.js form exposing the addtional properties and assign this to my ServiceDesk AD group.
Hope that helps.
Cheers
Joe
1. All IT employees are devided in groups IT-dev, IT-ops, IT-adm that are into group "DW" - mean whole IT.
"DW" group is added into Advanced Operators and as a Portal Analyst group - AnalystsADGroup setting.
I would like that IT could see Assets as ReadOnly.
2. AD goup "All-domain-users" is related into both SCSM "End Users" and "Service Request Analyst" group. And this is little problem. Because without being in Service Request Analyst group they can't choose configuration items like printers, sotware assets in SR'S. The printer list is empty. Itry mixed with Read-Only oeraor but it wont work.
I would like that users could make SR, IR and choose Assets as ReadOnly.
3. There is "Asset_Coordinator" Group that should edit asset attributes, but even can't see it. The have aslo admin priviliges.
.
I base on KB#1123 and this article but there ale left some others groups. Mayby i think not in proper way.
4. I would like that some Services and Request in Service Catalog could be visible only for analytics eg. "Serwer update".
How it look in you, Which roles you use, do you have to make own roles?
hello,
is it possible to tell me where exactly i have to grand the permissions ?
· Portal Configuration: Within Admin Settings, end user rights can be scoped down to specific groups within the Admin Settings page of the portal. After making this change the web site should be restarted.
it is not clear where on the admin settings page.
@gtsaglis - I think the original post was talking about Admin Settings/Activity Settings. If you provide a group for any of the settings on that page, only members of that group will able to perform the action.