Configure Team Request
Wolfgang_Schmidt
Customer Adept IT Monkey ✭✭
Hello Community,
we would like to use the feature team request. It also works without problems in our analyst group.
I see the requests of my colleagues and my colleagues see the requests I have opened.
The same function should also work for end users, or do I have to adjust something else here?
Regards
Wolfgang
0
Best Answer
-
Nicholas_Velich
Cireson Consultant Ninja IT Monkey ✭✭✭✭
To clarify, there isn't a view to grant access to within the User Role. Rather, we need to make sure the end-user-level users have access to the work items that would be within the view.
By default, end users only have access to items in which they are the Affected User. This is taken care of behind-the-scenes in the Cireson Portal/SCSM. For the other items in the Team Requests view, they would need to have SCSM-user-role permissions to those items-- just being in a Team Requests group isn't enough. This work-item-level-access could be granted to all work items (probably too open), or by setting up a queue for those items (some performance drawbacks if using lots of queues, so limit usage here if possible).
Thanks,
Nick5
Answers
The "Team Requests" feature should work for any type of user provided the following:
1) The users have access to the Team Request Navigation Node
2) The users have permission to access Work Items in the Team Request view (SCSM User Roles)
Thanks,
Nick
Hi Nicholas,
thank you for your quick reply.
1) the user has access
2) there is no Team Request view in SCSM User Roles ( or i can not finde them :-( )
Regards
Wolfgang
By default, end users only have access to items in which they are the Affected User. This is taken care of behind-the-scenes in the Cireson Portal/SCSM. For the other items in the Team Requests view, they would need to have SCSM-user-role permissions to those items-- just being in a Team Requests group isn't enough. This work-item-level-access could be granted to all work items (probably too open), or by setting up a queue for those items (some performance drawbacks if using lots of queues, so limit usage here if possible).
Thanks,
Nick
There is also the teamgroupfilter in the settingitems of the portal, when this is set to true endusers will not be able to open workitems at the portal level outside there team groups - making SCSM permissions a little simpler as you can grant unscoped queue access.
See https://support.cireson.com/KnowledgeBase/View/81 for more information.
What we have done now:
We built the whole thing over a queue. That worked just fine and we can limit the Team View to individual groups of users.
Thanks
Wolfgang
You mentioned limiting the queues because of performance drawbacks. Can you clarify on what is too many queues and does it matter how those queues are defined? Currently, I use queues=support group to grant users access to work items. We will have about 50 support groups that will mean 40 queues, will this have a massive performance impact?
I have a WF and secondary server with 8 cores and 16 GB RAM each. The amount of work items that will be generated per day will be a lot but I don't have a figure yey
I believe 40 queues will have an impact on performance, and should be avoided if possible. Just how much of an impact would depend on the volume of Work Items, and specs of the Workflow/DB server (primarily CPU and Disk speed, respectively). The negative performance impact queues have is twofold:
My ideal approach for Work Item scoping is typically to do so via Views. I find that often times Work Items are scoped simply to make the content in the environment more appropriate for the user, rather than as a security precaution. By limiting what Views are available based on a user's group, you can more easily guide analysts towards content appropriate for their role. In this case, analysts can still technically view Work Items outside their role's scope, but it becomes a more difficult task (they would need the specific Work Item number, a link, search criteria, etc.). Remember that these analysts are still employees of your organization and can typically be trained and held accountable in what to/not to do; even if an employee goes out of their way to modify a Work Item that they shouldn't, there is a History Log for audit purposes on every Work Item.
Adding to the above, the individual Work Items can also be restricted at the form-level in Cireson's Service Manager Portal via custom JavaScript. Content could be hidden altogether, or even just specific/key fields.
The approach above works for many environments as long as "an analyst viewing a Work Item outside their scope" is not considered a security issue. If so, queues are really the only option, in which case you should try to limit the total number (perhaps queue by different tiers, rather than each group-- try to stay around 5-10 if possible).
Thanks,
Nick
So this leaves me with the possibility to maybe create a queue for each department like HR, Finance, IT, Facilities to limit the access to the work items. And maybe a couple of queues within HR and Finance to truly lock down what must. Then I should get to the sub 10 queues.
You mentioned the scoping via Views, is this only for the console views? I am planning on only using the Cireson Analyst Portal as the console is too unreliable and sluggish. Does this mean I will have to promote views to the portal and scope those vies to the support groups?
If you have any more info relating to the use of Views for scoping can you please pass it along via a link or maybe a Private Message. I don't want to hijack this thread further....
As far as View scoping is concerned, I probably made that more confusing by calling them "Views"-- old habit
My mindset when writing the View-scoping reply was a Portal-only implementation. Each Portal Navigation Node can be restricted by AD group in Navigation Settings as an Administrator. I agree that the Console is less-than-ideal, especially because Views are granted through User Roles in that case.
Here is an example of another person who it running into performance issues due to queues. (what to watch for)
https://community.cireson.com/discussion/3801/relationship-change-in-a-ticket-to-a-new-support-group-takes-up-to-20-minutes
How did you configure the queues? Support group=department?
The reason for asking is that I have changed my Incident tier list to look something like this:
How will I setup the queue? just support group = Information Technology. Will this include the sub-departments
I'm sorry for "hijacking" this thread but I have asked this question without many responses.
https://community.cireson.com/discussion/3709/limit-on-queues#latest
But you do not have to create queues for your non restrictive groups as they will still fall in the root.
But thank you for the input, I will definitely be setting it up this way
If you create as above it performances one group calculation
Where if you split the four to each having their own queue the four group calculation take place.
Remember this is against each work item (including closed requests)
Here we keep our live database as trim as possible to help in this effort.
Meaning you can increase your queue count by decreasing your retention settings.
It is all about the balance of what your environment needs/requires.