Create Request on Behalf Of

Paul_Dalkin

All

We have several forms that are to be completed by non-analysts. I have made them members of the CreateOnBehalf group as they don't need to be part of the AnalystsAD Group. Should the correct User Role for this user be an End User or Advanced Operator?

Nicholas_Velich

Hi Paul-- Are you referring to having non-analysts complete/submit a Request Offering, which eventually becomes an Incident/Service Request, or are you referring to having these non-analysts edit the Incident/Service Request forms directly?

Nicholas_Velich

Either Service Request Analyst or Advanced Operator role profile would work, but the End User role profile should work just as well; however, the default End User role will not work, and you will need a custom role.

The important setting regardless of role profile is the "Configuration Items Groups" part of the User Role setup. The "User" objects in that "Create on behalf of picker" are Configuration Items (CIs), and the users interacting with that picker need access to those items. The default roles are all un-editable, but if you have a custom End User role, you should be able to grant access to all configuration items.

Nicholas_Velich

Hi Paul-- Are you referring to having non-analysts complete/submit a Request Offering, which eventually becomes an Incident/Service Request, or are you referring to having these non-analysts edit the Incident/Service Request forms directly?

Paul_Dalkin

HI Nicholas, yes, that is exactly what I'm referring to - they will be completing ROs with the ability to use CreateOnBehalf of (which points to a different AD group from the Analysts AD group). I'm guessing it should be a Service Request Analyst or Advanced Operator?

Nicholas_Velich

Either Service Request Analyst or Advanced Operator role profile would work, but the End User role profile should work just as well; however, the default End User role will not work, and you will need a custom role.

The important setting regardless of role profile is the "Configuration Items Groups" part of the User Role setup. The "User" objects in that "Create on behalf of picker" are Configuration Items (CIs), and the users interacting with that picker need access to those items. The default roles are all un-editable, but if you have a custom End User role, you should be able to grant access to all configuration items.

Paul_Dalkin

HI Nicholas, completely correct. As per usual (as most of the time I create ROs for analysts who have always had scoped user CI permissions for years) I forgot this aspect of the security user role. The excellent Cireson KB article of https://support.cireson.com/KnowledgeBase/View/1275#/ explained it also.