Service Offering Permissions and Visibility (Verifying my understanding)

NazOsmanNazOsman Member IT Monkey ✭
Greetings and thank you for taking time to respond to me. In my Environment that I am currently designing to roll out soon, I am having a debate about how Cireson handle Service Request Offering visibility and I need assistance in verifying that my thoughts about how Cireson handles them are correct.

1- I have three audiences. Staff/Faculty/Students.
2- I have for example: 1 Service Category named "End-Point Computing"
3- Under End-Point Computing. I have a Service Offering named "Printing"
4- Under Printing. I have two different offerings. One is an Incident Request called "Printer Issues". Another is a Service Request called "Install New Printer".

I was hoping to create one Catalog Group called students and Include "Printing" in it, and exclude "Install New Printer" from it since students shouldn't see that.

However, As far as I understand, Cireson does not manage the offering visibility at the "Request Offering" level. Instead, it manages it from the Service Offering Level (Printing in this example).

SO, what I am doing right now is creating 3 different Service Offering with the words (Students, Staff, or Faculty) in the end of the description. Then, I am creating dynamics groups that will include the correct Service Offering based on the last word in the description string.

This creates a problem because if I have a staff member that happens to be taking classes. He/She will fall under both Staff and Student and they will see duplicate groups.

I hope this makes sense.

Thank you for your answer in advance.

Best Answers

  • NazOsmanNazOsman Member IT Monkey ✭
    Accepted Answer
    I have solved this problem by creating what I would probably label as an over kill. But, It did the job just fine, so we are sticking with it. Unless you have a really good process to manage the different groups, I would probably stay away from this solution.

    Creating 7 Groups in Active Directory.
    I wrote a power-shell script that separated all my audiences to groups. Each user can only exist in one of these groups. The groups were labeled as the following:
    1- AllStudentOnly - Group Code: 001
    2- AllStaffOnly - Group Code: 100
    3- AllFacultyOnly - Group Code: 010
    4- AllStudentStaff - Group Code: 101
    5- AllStudentFaculty - Group Code: 011
    6- AllFacultyStaff - Group Code: 110
    7- AllStudentFacultyStaff - Group Code: 111

    I represented each group with a binary code based on the Extension Attribute Values. For example: Users that are ONLY students have SA (Student Active) in Attribute 3, but blank Attribute 1 and 2. So, their code is 001. Likewise, Users are that are Only staff will have Attribute 1 filled with something (FT or PT), but Attribute 2 and 3 blank. So, their code is 100. Users that happen to be BOTH Student and Staff for example, would have value in 1 and 3. So, the group code would be 101.

    Creating 7 Service Offerings - One for each group.
    In SCSM console, created 7 service offerings. All groups are identical except for the end of their description AND the associated offerings of course!. At The very end of the description, I added the group code for that offering.



    Creating Dynamics Groups:
    In SCSM, created 7 Dynamics Catalog Groups that look for the code in the end of the brief description of the Service Offering. In this example, I asked the Dynamic group to include any Offering that has 111 (users that fall under the staff/faculty/student) to its membership.



    Creating Security Groups
    In SCSM, Created 7 End-Users based Roles. I assigned each role its own Service Catalog Dynamic Group and assigned the appropriate group to its users.



    End Result - Quick Example:
    As you can see below: A Faculty/Staff member logged in (To the left) can see both offerings unique to staff members only but can also see faculty offerings but without seeing duplicate categories.

Answers

  • NazOsmanNazOsman Member IT Monkey ✭
    Thank you very much for taking the time to read and answer my question. Your answer is very well thought out. I will compare both methods and see which suite my environment best.
  • NazOsmanNazOsman Member IT Monkey ✭
    Accepted Answer
    I have solved this problem by creating what I would probably label as an over kill. But, It did the job just fine, so we are sticking with it. Unless you have a really good process to manage the different groups, I would probably stay away from this solution.

    Creating 7 Groups in Active Directory.
    I wrote a power-shell script that separated all my audiences to groups. Each user can only exist in one of these groups. The groups were labeled as the following:
    1- AllStudentOnly - Group Code: 001
    2- AllStaffOnly - Group Code: 100
    3- AllFacultyOnly - Group Code: 010
    4- AllStudentStaff - Group Code: 101
    5- AllStudentFaculty - Group Code: 011
    6- AllFacultyStaff - Group Code: 110
    7- AllStudentFacultyStaff - Group Code: 111

    I represented each group with a binary code based on the Extension Attribute Values. For example: Users that are ONLY students have SA (Student Active) in Attribute 3, but blank Attribute 1 and 2. So, their code is 001. Likewise, Users are that are Only staff will have Attribute 1 filled with something (FT or PT), but Attribute 2 and 3 blank. So, their code is 100. Users that happen to be BOTH Student and Staff for example, would have value in 1 and 3. So, the group code would be 101.

    Creating 7 Service Offerings - One for each group.
    In SCSM console, created 7 service offerings. All groups are identical except for the end of their description AND the associated offerings of course!. At The very end of the description, I added the group code for that offering.



    Creating Dynamics Groups:
    In SCSM, created 7 Dynamics Catalog Groups that look for the code in the end of the brief description of the Service Offering. In this example, I asked the Dynamic group to include any Offering that has 111 (users that fall under the staff/faculty/student) to its membership.



    Creating Security Groups
    In SCSM, Created 7 End-Users based Roles. I assigned each role its own Service Catalog Dynamic Group and assigned the appropriate group to its users.



    End Result - Quick Example:
    As you can see below: A Faculty/Staff member logged in (To the left) can see both offerings unique to staff members only but can also see faculty offerings but without seeing duplicate categories.

Sign In or Register to comment.