using the portal for HR requests - restricting access and permissions on portal

Mina_Saidi

Hi All,

Our Human Resource section has asked to be on boarded onto the Cireson Analyst portal and the Self Service Portal as well. I will be having a discussion with the director of HR of how to achieve this but my concerns are mainly around privacy and confidentiality which comes with the nature of work of HR.

Is it possible to restrict "active work" somehow or get all tickets that come in for HR set to a different tab/dashboard that is only visible to HR staff/analysts and HR tickets do not go to the "active work" queue?

has anyone else on boarded HR onto the portal? if so, how did you go about getting it done in terms of access and ensuring privacy?

Thank you

Gerhard_Goossens

You will need to create a queue that groups the work items from HR and another queue for the rest. Then you create a user role for HR that only has access to that queue for HR and scope the other user groups you have to only have access to the queue for the rest of the departments. Keep in mind that queues add extra load to the WF server as the queue access job runs every minute or when a Wi is updated. And as per Microsoft recommendation, you need to use queues sparingly.

John_Long

@Mina_Saidi , our HR team also uses our portal. As Gerhard says, scopes and queues are your friend. Where line manager approvals are needed for HR work items, we use a line manager role with scoped access to specific work items.

Our permissions refresh cycle got quite long so we simplified into Advanced Operator roles for HR, Internal IT, etc, with scoped access to specific queues.

As for reporting, we use Power BI for group wide stuff.

Mina_Saidi

Thank you all.

I'm having some issues separating the queues and was wondering if I could get some help or guidance on it.

We have the below;

in Active Directory, "SCSM-Analysts" support group which controls analysts permissions. We have also have individual security groups for all support groups, i.e. Servicedesk support group is SCSM-ServiceDesk and a new one is created called SCSM-HumanResource

Both SCSM-HumanResources and SCSM-ServiceDesk are part of the SCSM-Analysts to gain analysts permissions.

I have in the console, created a new queue for Human resources. I have also specified the criteria for all the current queues we have (incident P1, incident P2 etc) to not apply to Human Resources support group tickets.

I have then gone into "user roles" in the console and restricted the queues.

Human Resources User role has access to HumanResources Queue only and when I log in as a HR user I get the correct permissions applied.

ServiceDesk user role has access to all queues (incident P1 etc) but does not have access to HR queue. How ever when I log in as ServiceDesk user I still see HR tickets. Although the queues have been restricted.

I have done the usual of synchronizes AD, restarting cache builder an restarting IIS but it doesn't apply the permission I need.

have I missed something?

Servicedek user role

Human Resources User role

Inci

Incident P1

Manas_Gautam

Hi Mina,

Were you able to find the root cause of the issue and able to get the required implementation.

Thanks,

Gautam

Mina_Saidi

Hi Manas,

the below steps fixed the issue;

• stopped the Microsoft Monitoring Agent service
• stopped Data Access Service

deleted the health services folder in the SCSM base folder

restarted the above services and the queues were all fixed.

Seemed like it was all just stuck.

if your having the same issues, try the above steps and see how you go. Worked for me.

Regards