Service Offering Permissions and Visibility (Verifying my understanding)
NazOsman
Member IT Monkey ✭
Greetings and thank you for taking time to respond to me. In my Environment that I am currently designing to roll out soon, I am having a debate about how Cireson handle Service Request Offering visibility and I need assistance in verifying that my thoughts about how Cireson handles them are correct.
1- I have three audiences. Staff/Faculty/Students.
2- I have for example: 1 Service Category named "End-Point Computing"
3- Under End-Point Computing. I have a Service Offering named "Printing"
4- Under Printing. I have two different offerings. One is an Incident Request called "Printer Issues". Another is a Service Request called "Install New Printer".
I was hoping to create one Catalog Group called students and Include "Printing" in it, and exclude "Install New Printer" from it since students shouldn't see that.
However, As far as I understand, Cireson does not manage the offering visibility at the "Request Offering" level. Instead, it manages it from the Service Offering Level (Printing in this example).
SO, what I am doing right now is creating 3 different Service Offering with the words (Students, Staff, or Faculty) in the end of the description. Then, I am creating dynamics groups that will include the correct Service Offering based on the last word in the description string.
This creates a problem because if I have a staff member that happens to be taking classes. He/She will fall under both Staff and Student and they will see duplicate groups.
I hope this makes sense.
Thank you for your answer in advance.
1- I have three audiences. Staff/Faculty/Students.
2- I have for example: 1 Service Category named "End-Point Computing"
3- Under End-Point Computing. I have a Service Offering named "Printing"
4- Under Printing. I have two different offerings. One is an Incident Request called "Printer Issues". Another is a Service Request called "Install New Printer".
I was hoping to create one Catalog Group called students and Include "Printing" in it, and exclude "Install New Printer" from it since students shouldn't see that.
However, As far as I understand, Cireson does not manage the offering visibility at the "Request Offering" level. Instead, it manages it from the Service Offering Level (Printing in this example).
SO, what I am doing right now is creating 3 different Service Offering with the words (Students, Staff, or Faculty) in the end of the description. Then, I am creating dynamics groups that will include the correct Service Offering based on the last word in the description string.
This creates a problem because if I have a staff member that happens to be taking classes. He/She will fall under both Staff and Student and they will see duplicate groups.
I hope this makes sense.
Thank you for your answer in advance.
0
Best Answers
-
Donson_Pham
Partner Advanced IT Monkey ✭✭✭
Hi @NazOsman i'm following what you are saying up to how you were creating the dynamic groups and how you're targeting a description string.
If i'm understanding though, you want to just exclude Students from viewing "Install New Printer" and Staff/Faculty will be able to see the rest of the request?
=========================================
This might be similar or we might be doing the same thing here, but how I usually get around this is by doing this below:
1 - Creating two Service Offering of the same name or for simplicity lets name it "General Printing for students" and "Printing for Staff/Faculty".
2 - In "Printing for Staff/Faculty" I would have ROs of "Printer issues" and "Install new Printer".
3 - In the other i will have just "Printer issues" (this is for student view)
4 - In Library Groups, I create two groups.
4a - Name the first group "Staff/Faculty printing view" and include the "Printing for Staff/Faculty" Service Offering.
4b - Name the other "Students printing view" and include the "General Printing for students" Service Offering.
5 - Go into Administration > Security and create two User Roles:
5a - Name first role "Staff/Faculty end user", ADD under Catalog Item Groups "Staff/Faculty printing view" and for Users ADD your staff/faculty AD Group.
5b - Name the second role "Student printing end user", and ADD "Students printing view" in Catalog Items Groups and Students AD Group for Users
===========================================
By doing this you have provided specific views for the groups to see the Service Offerings you want them to see with out crossing each other.
5 -
I have solved this problem by creating what I would probably label as an over kill. But, It did the job just fine, so we are sticking with it. Unless you have a really good process to manage the different groups, I would probably stay away from this solution.
Creating 7 Groups in Active Directory.
I wrote a power-shell script that separated all my audiences to groups. Each user can only exist in one of these groups. The groups were labeled as the following:
1- AllStudentOnly - Group Code: 001
2- AllStaffOnly - Group Code: 100
3- AllFacultyOnly - Group Code: 010
4- AllStudentStaff - Group Code: 101
5- AllStudentFaculty - Group Code: 011
6- AllFacultyStaff - Group Code: 110
7- AllStudentFacultyStaff - Group Code: 111
I represented each group with a binary code based on the Extension Attribute Values. For example: Users that are ONLY students have SA (Student Active) in Attribute 3, but blank Attribute 1 and 2. So, their code is 001. Likewise, Users are that are Only staff will have Attribute 1 filled with something (FT or PT), but Attribute 2 and 3 blank. So, their code is 100. Users that happen to be BOTH Student and Staff for example, would have value in 1 and 3. So, the group code would be 101.
Creating 7 Service Offerings - One for each group.
In SCSM console, created 7 service offerings. All groups are identical except for the end of their description AND the associated offerings of course!. At The very end of the description, I added the group code for that offering.
Creating Dynamics Groups:
In SCSM, created 7 Dynamics Catalog Groups that look for the code in the end of the brief description of the Service Offering. In this example, I asked the Dynamic group to include any Offering that has 111 (users that fall under the staff/faculty/student) to its membership.
Creating Security Groups
In SCSM, Created 7 End-Users based Roles. I assigned each role its own Service Catalog Dynamic Group and assigned the appropriate group to its users.
End Result - Quick Example:
As you can see below: A Faculty/Staff member logged in (To the left) can see both offerings unique to staff members only but can also see faculty offerings but without seeing duplicate categories.
0
Answers
If i'm understanding though, you want to just exclude Students from viewing "Install New Printer" and Staff/Faculty will be able to see the rest of the request?
=========================================
This might be similar or we might be doing the same thing here, but how I usually get around this is by doing this below:
1 - Creating two Service Offering of the same name or for simplicity lets name it "General Printing for students" and "Printing for Staff/Faculty".
2 - In "Printing for Staff/Faculty" I would have ROs of "Printer issues" and "Install new Printer".
3 - In the other i will have just "Printer issues" (this is for student view)
4 - In Library Groups, I create two groups.
4a - Name the first group "Staff/Faculty printing view" and include the "Printing for Staff/Faculty" Service Offering.
4b - Name the other "Students printing view" and include the "General Printing for students" Service Offering.
5 - Go into Administration > Security and create two User Roles:
5a - Name first role "Staff/Faculty end user", ADD under Catalog Item Groups "Staff/Faculty printing view" and for Users ADD your staff/faculty AD Group.
5b - Name the second role "Student printing end user", and ADD "Students printing view" in Catalog Items Groups and Students AD Group for Users
===========================================
By doing this you have provided specific views for the groups to see the Service Offerings you want them to see with out crossing each other.
Creating 7 Groups in Active Directory.
I wrote a power-shell script that separated all my audiences to groups. Each user can only exist in one of these groups. The groups were labeled as the following:
1- AllStudentOnly - Group Code: 001
2- AllStaffOnly - Group Code: 100
3- AllFacultyOnly - Group Code: 010
4- AllStudentStaff - Group Code: 101
5- AllStudentFaculty - Group Code: 011
6- AllFacultyStaff - Group Code: 110
7- AllStudentFacultyStaff - Group Code: 111
I represented each group with a binary code based on the Extension Attribute Values. For example: Users that are ONLY students have SA (Student Active) in Attribute 3, but blank Attribute 1 and 2. So, their code is 001. Likewise, Users are that are Only staff will have Attribute 1 filled with something (FT or PT), but Attribute 2 and 3 blank. So, their code is 100. Users that happen to be BOTH Student and Staff for example, would have value in 1 and 3. So, the group code would be 101.
Creating 7 Service Offerings - One for each group.
In SCSM console, created 7 service offerings. All groups are identical except for the end of their description AND the associated offerings of course!. At The very end of the description, I added the group code for that offering.
Creating Dynamics Groups:
In SCSM, created 7 Dynamics Catalog Groups that look for the code in the end of the brief description of the Service Offering. In this example, I asked the Dynamic group to include any Offering that has 111 (users that fall under the staff/faculty/student) to its membership.
Creating Security Groups
In SCSM, Created 7 End-Users based Roles. I assigned each role its own Service Catalog Dynamic Group and assigned the appropriate group to its users.
End Result - Quick Example:
As you can see below: A Faculty/Staff member logged in (To the left) can see both offerings unique to staff members only but can also see faculty offerings but without seeing duplicate categories.