Homeβ€Ί Analyst Portal

Allow users who are not analysts to open and at least read tickets in the portal

Ingrid_GlatzIngrid_Glatz Customer Adept IT Monkey ✭✭

Hi folks,

I got a demand to allow certain users to read and maybe modify tickets in the portal. I'm actually stuck how to accomplish this without giving too many rights.

We have certain teams that do not own a queue in SCSM and therefore are not analysts and won't see tickets in the portal. They should have access to 3 different queues, but not being allowed to see all tickets, but only specific tickets with either a defined affected user and/or specific source and maybe some known string in the title.

I've created a view in SCSM to filter these tickets and created a role based on read-only operators. All tickets are listed in the view, but I cannot open a single tickets, I only get Refresh in the task bar. My idea to publish the view to the portal doesn't work if the people cannot open the tickets in the console.

The other idea was to create an own group with all requested persons being member, add the affected user and let them see the team request view. In this case, they won't be able to see resolved tickets, at least not in the portal version we use. In this case, all members would also see their own created tickets which might not be desirable.

Any idea which role or additional permissions are required to at least open and read tickets if it's not the read-only operator? How can I accomplish this demand without open up all tickets of the 3 queues? Any more tipps?



Best Answer


  • Justin_WorkmanJustin_Workman Cireson Support Super IT Monkey ✭✭✭✭✭

    @Ingrid_Glatz - They will need queue access to the work items to be able to even seen them no matter what profile the role is based on. Read Only Operator or End User will provide Read Only access, but the work items will have to be in that role's queue scope.

  • Ingrid_GlatzIngrid_Glatz Customer Adept IT Monkey ✭✭

    Hi Justin,

    I've created a group to filter the work items based on the affected user. The read only Operator role has access to this group and they can see all items listed in both views for incidents and service requests. But double-clicking an item doesn't open it. I do not have a single task on the right hand side in the console except for Refresh. I was expecting to be able to open the items and read them. This was my understanding of the Read only Operator role. I'm still changing individual permissions in the role but didn't succeed yet. I now try to publish the views to the portal in hope that members of the role group will be able to open up work items there.

  • Mikkel_MadsenMikkel_Madsen Customer Advanced IT Monkey ✭✭✭

    @Ingrid_Glatz if they don't have access to open the workitem in the console it will not work in the portal.

    Is it a group or an Queue you have made? Groups are for config items and queues is for workitems so you have to make an queue where the workitems you want them to access is in and add it to your user role.

  • Ingrid_GlatzIngrid_Glatz Customer Adept IT Monkey ✭✭

    Hi Mikkel,

    I used the wrong word. I've created 2 different queues, one for incidents, one for service requests. The role I've created for the users has both queues selected. This role is based on Read Only Operator.

    Right, if it doesn't work in the console, it won't work in the portal. According to the role I've created, users have access to the 2 queues, "all Groups" in Configuration items, no catalog item group, some individual tasks, the 2 views for their work items and no templates. Which permissions am I missing that the users see the work items in the console in the 2 views I've created but they're not able to open them? I'm sure it's one or more of the tasks, they only have "Properties" and "View Alert Details" with incident Mgmt library, "Edit" with Service Manager Library and "Properties" with Service Request Library.

  • Ingrid_GlatzIngrid_Glatz Customer Adept IT Monkey ✭✭

    Hi Mikkel,

    I might ending up doing this but it takes ages to test. I always have to wait for a while before re-starting the console to be sure that the new permissions have been set. But it seems the only solutions to figure out what's missing.

  • Ingrid_GlatzIngrid_Glatz Customer Adept IT Monkey ✭✭

    @Mikkel_Madsen I started with the obvious access level and allowed all tasks in the role. Then I was able to open the tickets with my test user. I started removing most of the tasks again, but left some more than before. Now I have the Edit task available and can open the forms for incidents and service request.

    I've now populated my AD group with some real users and wait for the cache builder to pick up the group changes. The views from the console are already promoted and visible. Testing with the users will be done tomorrow. I hope it'll turn out good. Thanks for your advice with testing.

  • Mikkel_MadsenMikkel_Madsen Customer Advanced IT Monkey ✭✭✭


Sign In or Register to comment.