Home Self-Service Portal - Community
image IT Monkey:   


Formal Cireson Support (phone, email, and web) is not included with the free Self-Service Portal – Community app. For trouble shooting assistance, take advantage of the Cireson Community to find answers to your questions. However, if you’d like to purchase a Support Package to access more formal Cireson Support (phone, email, and web), please contact us today to learn more on the pricing options.

Problem with Service Catalog user rights

We have two groups of users: all users and staff users. Staff users have some Service Offerings the other users cant see in the self-service portal. We have two end user roles, one for all users and one for staff users , which scope what service offerings and request offerings the groups can see in the self-service portal.

If we add AD users directly to the end user roles the self-service portal shows the right service offerings (and request offerings) to these users. BUT if we add an AD group to the end user role the self-service portal does not show the service offerings to the users who are members of the AD group.

Has anyone else found this problem? What might be the solution?

Comments

  • Jari_KivelaJari_Kivela Member IT Monkey ✭
    All AD users (including the Cahce Builder user) and groups belong to the same AD domain. But users and groups are located in different OU's.
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭

    We have two groups of users: all users and staff users. Staff users have some Service Offerings the other users cant see in the self-service portal. We have two end user roles, one for all users and one for staff users , which scope what service offerings and request offerings the groups can see in the self-service portal.

    If we add AD users directly to the end user roles the self-service portal shows the right service offerings (and request offerings) to these users. BUT if we add an AD group to the end user role the self-service portal does not show the service offerings to the users who are members of the AD group.

    Has anyone else found this problem? What might be the solution?

    Hello Jari,

    I would actually need to have a look at your cachebuilder log files to see what is happening when the cache tries to enumerate these groups and users. 

    Can you open a ticket and provide this information so I can further investigate?

    Merle
  • Jari_KivelaJari_Kivela Member IT Monkey ✭

    I investigated the cachebuilder log file. The groups we use in restricting service catalog end user rights are AD groups, not Service Manager groups (AD connectors do not bring them to SM). The cachebuilder.log shows that Cache Builder uses only Service Manager groups that AD connectors syncronize from AD. The AD groups are quite big - there are about 10 000 merbers in the biggest group.

    We can bring the big AD groups to Service Manager using AD connectors that is no problem. BUT how big groups Cache Builder is designed to handle? Can we use groups that have 10 000 or even more members in end user roles? The final question is how well dows the Cache Builder scale when the groups get bigger?

    Does anyone have experiences in using big groups with end user roles?

  • Jari_KivelaJari_Kivela Member IT Monkey ✭

    We brougth the big AD groups to Service Manager by AD conntector. This portal user rights worked fine.

    So this is not a problem.


Sign In or Register to comment.